Dr Yuval Yarom
|Org Unit||School of Computer Science|
|Telephone||+61 8 8313 4727|
2016-19 - Secure Programming
2019 - Distributed System
2015 - Computer System Security
2014 - Computer System Security
My main research interest is in the area of computer and network security, with a current focus on microarchitectural attacks and on cryptography. I am the leader of the security research area within the Centre for Distributed and Intelligent Technologies (CDIT) in the school of computer science.
Current Research Students
- Supun Dissanayake - Innovation of Predictive and Actionable Analytics for Big Data Using Machine Learning Methodologies (PhD)
- Andrew Feutrill - Techniques for Cyber Exploit Prediction (PhD)
- Michelle McClintock - Enterprise security architecture - an organizational framework (PhD)
- Sioli O'Connell - Stealing Browser Secrets with Speculative Execution (Honours)
- Christo Pyromallis - Protecting Internet Browsers from Last-Level Cache Side-Channel Attacks Using Page-Colouring (Honours)
- Madura Shelton - Side Channel Attack Mitigation with Search Based Software Engineering (PhD)
Past Research Students
- Nick Manser - A physical side channel attack of ECDH public-key encryption using Curve25519, MCS, 2018
- Fergus Dell - Evaluate the security of the Intel SGX extension, Honours, 2017
- Mark Eldridge - Electronic Voting System for Australian Federal Elections, Honours, 2017
- Vidi Shaweddy - Motion sensor fusion for phone localization, MCS, 2017
- Yuan Wang - Speeding up TOR, MCS, 2017
- Tom Allan - Side channel attacks in Web browsers, Honours, 2016
- Jungtaek Oh - Cryptographic attacks on modern CPUs, MCS, 2016
- Gefei Li - Cryptanalysis of lightweight cryptographic primitives, MCS, 2015
- Sam Jaeschke - Mitigation of the Flush+Reload Attack, Honours, 2015
2018-2021 - Assessment and OS-Level Mitigation of Timing Channels. Y.Yarom, Data61 CRP Research Agreement ($451,934).
2018 - Toolkit for Microarchitectural Side-Channel Leakage Analysis. Y. Yarom. Intel SPI ($69,473)
2017 - Evaluating Cryptographic Implementations. Y. Yarom, Endeavour Research Fellowship ($17,000).
2016 - Alien vs. Wombat: Predicting the Impact of Invasive Plant Species on the Dynamics of Herbivore Populations. C. Szabo, S. Hiendleder, L. Woolford, A. Croxford, Y. Yarom, A. Camp. The University of Adelaide Interdisciplinary Grant ($10,000).
2016 - Disruptive innovation: block chain technology. D. Brown, N. Falkner, Y. Yarom, I. Troshani and S. Rao Hill. The University of Adelaide Interdisciplinary Grant ($22,530).
2016-2019 - Assessment and OS-Level Mitigation of Timing Channels. Y.Yarom and K. Falkner, Data61 CRP Research Agreement ($682,684).
2015-2016 - Assessment and OS-Level Mitigation of Timing Channels. Y.Yarom and K. Falkner, NICTA CRP Research Agreement ($132,378).
2015 - Computing Infrastructure Performance and Interoperability Research - Security. K. Falkner and Y. Yarom, DSTO Research Contract ($170,000).
2014-2015 - Assessment and OS-Level Mitigation of Timing Channels. K. Falkner and Y. Yarom, NICTA CRP ($232,167).
2014 - Model Driven Systems Engineering: Advanced Modelling of Communication Protocols. K. Falkner and Y. Yarom, DSTO Research Contract ($110,000).
P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, Spectre Attacks: Exploiting Speculative Execution, accepted to Communications of the ACM.
M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, M. Hamburg,
and R. Strackx, Meltdown: Reading Kernel Memory from User Space, accepted to Communications of the ACM.
D. Genkin, R. Poussier, R. Q. Sim, Y. Yarom, and Y. Zhao, Cache vs. Key-Dependency: Side Channeling an Implementation of Pilsung, accepted to IACR Tranactions on Cryptographic Hardwawre and Embedded Systems, Vol. 2020 No.1.
J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx, Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow, IEEE Micro 39(3), pages 66–74, May/June 2019.
F. Dall, G. De Micheli, T. Eisenbarth, D. Genkin, N. Heninger, A. Moghimi, and Y. Yarom, CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks, IACR Tranactions on Cryptographic Hardwawre and Embedded Systems, Vol. 2018 No. 2, pages 171–191, May 2018.
Q. Ge, Y. Yarom, D. Cock, and G. Heiser, A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware, Journal of Cryptographic Engineering. Vol 8, No. 1, pages 1–27, April 2018.
M. J. Wilkinson, C. Szabo, C. S. Ford, Y. Yarom, A. E. Croxford, A. Camp, and P. Gooding, Replacing Sanger with Next Generation Sequencing to improve coverage and quality of reference DNA barcodes for plants, Scientific Reports, vol. 7 art. 46040, 2017
Y. Yarom, D. Genkin, and N. Heninger, CacheBleed: A Timing Attack on OpenSSL Constant Time RSA, Journal of Cryptographic Engineering, Vol. 7, No. 2, pages 99–112, June 2017.
A.Barak, O. Laden, and Y. Yarom, The NOW MOSIX and its Preemptive Process Migration Scheme, Bulletin of the IEEE Technical Committee on Operating Systems and Application Environments (TCOS), Vol. 7, No. 2
Refereed Conference and Workshop Publications
S. Cohney, A. Kwong, S. Paz, D. Genkin, N. Heninger, E. Ronen, and Y. Yarom, Pseudorandom Black Swans: Cache Attacks on CTR_DRBG, accepted to IEEE S&P 2020.
A. Kwong, D. Genkin, D. Gruss, and Y. Yarom, RAMBleed: Reading Bits in Memory Without Accessing Them, accepted to IEEE S&P 2020.
C. Canella, D. Genkin, L. Giner, D. Gruss, M. Lipp, M. Minkin, D. Moghimi, F. Piessens, M. Schwarz, B. Sunar, J. Van Bulck, and Y. Yarom, Fallout: Leaking Data on Meltdown-resistant CPUs, accepted to CCS 2019.
A. Shusterman, L. Kang, Y. Haskal, Y. Meltser, P. Mittal, Y. Oren, and Y. Yarom, Robust Website Fingerprinting Through the Cache Occupancy Channel, USENIX Security 2019, pages 639–656.
E. Ronen, R. Gillham, D. Genkin, A. Shamir, D. Wong, and Y. Yarom, The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations, IEEE S&P 2019, pages 966–983.
P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, Spectre Attacks: Exploiting Speculative Execution, IEEE S&P 2019, pages 19–37. (Distinguished Paper.)
Q. Ge, Y. Yarom, T. Chothia, and G. Heiser, Time Protection: the Missing OS Abstraction, EuroSys 2019. (Best Paper.)
A. Feutrill, D. Ranathunga, Y. Yarom, and M. Roughan, The Effect of Common Vulnerability Scoring System Metrics on Vulnerability Exploit Delay, CANDAR, 2018.
Q. Ge, Y. Yarom, and G. Heiser, No Security Without Time protection: We Need a New hardware Software Contract, APSys 2018. (Best Paper.)
J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx, Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution, USENIX Security, pages 991–1008, 2018.
M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg, Meltdown: Reading Kernel Memory from User Space, USENIX Security, pages 973–990, 2018.
D. Genkin, L. Pachmanov, E. Tromer, and Y. Yarom, Drive-by Key-Extraction Cache Attacks from Portable Code, ACNS 2018, pages 83–102, Leuven, BE, Jul 2018.
D. Gruss, M.Lipp, M. Schwartz, D. Genkin, J. Juffinger, S. O'Connell, W. Schoechl, and Y. Yarom, Another Flip in the Wall of Rowhammer Defenses, IEEE S&P, pages 245–261, 2018.
P. Pessl, L. Groot Bruinderink, and Y. Yarom, To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures, CCS 2017, pages 1843–1855, Dallas, TX, US, Nov 2017.
D. Genkin, L. Valenta, and Y. Yarom, May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519, CCS 2017, pages 845–858, Dallas, TX, US, Nov 2017.
D. J. Bernstein, J. Breitner, D. Genkin, L. Groot Bruinderink, N. Heninger, T. Lange, C. van Vredendaal, and Y. Yarom, Sliding Right Into Disaster: Left-to-right sliding windows leak, CHES 2017, pages 555–576, Taipei, Taiwan, 2017.
Y. Su, D. Genkin, D. Ranasinghe, and Y. Yarom, USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs, USENIX Security, Pages 1145–1161, Vancouver, BC, Canada, 2017.
P. Grubbs, T. Ristenpart, and Y. Yarom, Modifying an Enciphering Scheme after Deployment, EuroCrypt 2017, Paris, FR, Apr 2017.
T. Allan, B. B. Brumley, K. Falkner, J. van de Pol, and Y. Yarom, Amplifying Side Channels Through Performance Degradation, ACSAC 2016, Los Angeles, CA, US, Dec 2016.
D. Genkin, L. Pachmanov, I. Pipman, E. Tromer, and Y. Yarom, ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels, CCS 2016, Vienna, Austria, Oct 2016.
C. Pereida García, B. B. Brumley, and Y. Yarom, "Make Sure DSA Signing Exponentiations Really are Constant-Time", CCS 2016, Vienna, Austria, Oct 2016.
L. Groot Bruinderink, A. Hülsing, T. Lange, and Y. Yarom, Flush, Gauss, and Reload – A Cache Attack on the BLISS Lattice-Based Signature Scheme, CHES 2016, Santa Barbabra, CA, US, Aug. 2016.
Y. Yarom, D. Genkin, and N. Heninger, CacheBleed: A Timing Attack on OpenSSL Constant Time RSA, CHES 2016, Santa Barbabra, CA, US, Aug. 2016.
F. Liu, Q. Ge, Y. Yarom, F. Mckeen, C. Rozas, G. Heiser, and R. B. Lee, CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing, HPCA 2016, Barcelona, Spain, March 2016.
Y. Yarom, G. Li, and D. C. Ranasinghe, Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher, ACNS 2015, New York, NY, USA, June 2015.
F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, Last-Level Cache Side-Channel Attacks are Practical, IEEE S&P 2015, pages 605-622, San Jose, CA, USA, May 2015.
J. van de Pol, N. P. Smart, and Y. Yarom, Just a Little Bit More, CT-RSA 2015 pages 3-21, San Francisco, CA, USA, April 2015
N.Benger, J. van de Pol, N. P. Smart, and Y. Yarom, “Ooh Aah... Just a Little Bit” : A small amount of side channel can go a long way, CHES 2014, pages 73-92, Busan, Korea, September 2014
Y. Yarom and K. Falkner, FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack, USENIX Security, pages 719-732, San Diego, CA, USA, August 2014.
Y. Yarom, K. Falkner and D.S. Munro, S-RVM: a Secure Design for a High-Performance Java Virtual Machine, VMIL 2012, October 2012.
H. Detmold, A. van den Hengel, A. Dick, A. Cichowski, R. Hill, E. Kocadag, Y. Yarom, K. Falkner, and D. S. Munro, Estimating camera overlap in large and growing networks, ICDCS 2008, Stanford University, California, USA, 7-11 September 2008.
D. Dolev, D. Malkhi, and Y. Yarom, Warm Backup Using Snooping, SDNE 1994, Prague, Czech Republic, June 1994.
Q. Ge, Y. Yarom, F. Li and G. Heiser, Your Processor Leaks Information — and There's Nothing You Can Do About It, arXiv:1612.04474.
G. Li, Y. Yarom, and D. C. Ranasinghe, Exploiting Transformations of the Galois Configuration to Improve Guess-and-Determine Attacks on NFSRs, Cryptology ePrint archive 2015/1045.
Y. Yarom, Q. Ge, F. Liu, R. B. Lee, and G. Heiser, Mapping the Intel Last-Level Cache, Cryptology ePrint archive 2015/905.
Y. Yarom and N. Benger, Recovering OpenSSL ECDSA Nonces Using the Flush+Reload Cache Side-channel Attack, Cryptology ePrint archive 2014/140.
Selected talks and presentations
Trusted Execution on Leaky Hardware? SysTEX 2018, Toronto, Canada, 15 Oct, 2018
Spectre, Meltdown, and Microarchitectural Attacks, Workshop on Advanced Side Channel Evaluation of Hardware Security, Kharagpur, India, 2–6 Jul, 2018
Side channel attacks on implementations of Curve25519, Real World Crypto Symposium, Zurich, Switzerland, 10–12 Jan. 2018
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519, SPACE 2017, Goa, India, 13–17 Dec. 2017
Introduction to cache attack, Summer School on Real-World Crypto and Privacy, Šibenik, Croatia, 5-9 June 2017
USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs, Fifth Data61 Software Systems Summer School, SSSS 2017, Sydney, Australia, 13-14 Feb. 2017.
Thwarting cache-based side-channel attacks, PROOFS 2016, Santa Barbara, CA, US, 20 August 2016
Im in ur Cache Keepin ur Bitez, Fourth NICTA Software Systems Summer School, SSSS 2016, Sydney, Australia, 8-9 Feb. 2016.
Last-level cache side-channel attacks are practical, I-CORE Day, Tel Aviv, Israel, 1 Apr. 2015.
Side channel attack on OpenSSL ECDSA, 18th Workshop on Elliptic Curve Cryptography, ECC 2014, Chennai, India, 8-10 Oct. 2014.
Micro-Architectural Side-Channel Attacks, CHES 2016, Santa Barbara, CA, US, 16 August 2016.
- USENIX Security 2019
- USENIX ATC 2019
- ASPLOS 2019 (External Review Committee)
- CHES 2019
- Kangacrypt (Co-chair)
- SPACE 2018 (Co-chair)
- CARDIS 2018
- CHES 2018
- SPACE 2017
- Latincrypt 2017
- USENIX Security 2017
- SYSTOR 2015
- Designs, Codes and Cryptography
- Journal of Cryptology
- Microprocessors and Microsystems
- Transactions on Computers
- Transactions on Dependable and Secure Computing
- Transactions on Privacy and Security
- SPT-Iot 2017
- ASPLOS 2017
- SPT-Iot 2016
- AsiaCCS 2015
CVE-2017-7526 - for Sliding Right Into Disaster: Left-to-right sliding windows leak
CVE-2017-0379 - for May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519
CVE-2016-2178 - for "Make Sure DSA Signing Exponentiations Really are Constant-Time"
CVE-2016-0702 - for CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
CVE-2015-0837 - for Last-Level Cache Side-Channel Attacks are Practical
CVE-2013-4242 - for FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack
Selected Media Coverage
"RAM, bam, awww ... man! Boffins defeat Rowhammer protections", The Register, 5 October 2017
"USB Ports Could Be Silently Leaking Your Personal Data To A Malicious Devices", Forbes, 15 August 2017
"Infosec eggheads rig USB desk lamp to leak passwords via Bluetooth", The Register, 11 August 2017
"GnuPG crypto library cracked, look for patches", The Register, 4 July 2017
"Western Australia's Web votes have security worries, say 'white hat' mathematicians", The Register, 6 March 2017
"New attack steals secret crypto keys from Android and iOS phones", Ars Technica, 4 March 2016
"Scientist-devised crypto attack could one day steal secret Bitcoin keys", Ars Technica, 7 March 2014
- USENIX Security 2019
The information in this directory is provided to support the academic, administrative and business activities of the University of Adelaide. To facilitate these activities, entries in the University Phone Directory are not limited to University employees. The use of information provided here for any other purpose, including the sending of unsolicited commercial material via email or any other electronic format, is strictly prohibited. The University reserves the right to recover all costs incurred in the event of breach of this policy.
Entry last updated: Friday, 11 Oct 2019
To link to this page, please use the following URL: https://www.adelaide.edu.au/directory/yuval.yarom