Slice+Slice Baby: Generating Last-Level Cache Eviction Sets in the Blink of an Eye

Bradley Morgan, Gal Horowitz, Sioli O'Connell, Stephan van Schaik, Chitchanok Chuengsatiansup, Daniel Genkin, Olaf Maennel, Paul Montague, Eyal Ronen, and Yuval Yarom.

Appeared in IEEE S&P '25 (May 14, 2025).

Read the paper

SledgeHammer: Amplifying Rowhammer via Bank-level Parallelism

Ingab Kang, Walter Wang, Jason Kim, Stephan van Schaik, Youssef Tobah, Daniel Genkin, Andrew Kwong and Yuval Yarom.

Appeared in USENIX Security '24 (August 14, 2024).

Read the paper

iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices

Jason Kim, Stephan van Schaik, Daniel Genkin and Yuval Yarom.

More information can be found at https://ileakage.com (October 25, 2023).

Appeared in ACM CCS '23 (November 28, 2023).

Read the paper

Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs

Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel Genkin and Yuval Yarom

Appeared in USENIX Security '23 (August 11, 2023).

Read the paper - View the slides

SoK: SGX.Fail: How Stuff Gets eXposed

Stephan van Schaik, Alex Seto, Thomas Yurek, Adam Batori, Bader AlBassam, Christina Garman, Daniel Genkin, Andrew Miller, Eyal Ronen and Yuval Yarom

More information can be found at https://sgx.fail/ (November 29, 2022).

Presented the paper at IEEE S&P 2024 in San Francisco, CA, USA (May 22, 2024).

Read the paper

SGAxe: How SGX Fails in Practice

Stephan van Schaik, Andrew Kwong, Daniel Genkin and Yuval Yarom

More information can be found at https://sgaxe.com/ (June 9, 2020).

Read the paper

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Stephan van Schaik, Marina Minkin, Andrew Kwong, Daniel Genkin and Yuval Yarom

More information can be found at https://cacheoutattack.com (January 27, 2020).

Presented the paper at IEEE S&P 2021 (May 24, 2021).

Read the paper

RIDL: Rogue In-Flight Data Load

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida

More information can be found at https://mdsattacks.com (May 14, 2019).

Awarded with the Intel Bounty Reward.

Presented the paper at IEEE S&P 2019 in San Francisco, CA, USA (May 20, 2019).

Presented the poster at the Cybersecurity and Privacy (CySeP) Summer School in Stockholm, Sweden (June 13, 2019).

Presented the talk at OFFZONE 2019 in Moscow, Russia (June 17-18, 2019).

Presented the talk at HITB+ CyberWeek 2019 in Abu Dhabi, UAE (October 17, 2019).

Presented the poster at CSAW '19 in Valence, France and won the 2nd place award for Applied Research (November 7-8 2019).

Read the paper - View the slides - Watch the presentation - View the code

Addendum 1 to RIDL: Rogue In-Flight Data Load

Read the addendum

Addendum 2 to RIDL: Rogue In-Flight Data Load

Read the addendum

Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think

Stephan van Schaik, Cristiano Giuffrida, Herbert Bos and Kaveh Razavi

Presented the paper at USENIX Security 2018 in Balitmore, MD, USA (August 15, 2018).

Read the paper - View the slides - Watch the presentation - View the code

RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches

Stephan van Schaik, Kaveh Razavi, Ben Gras, Herbert Bos and Cristiano Giuffrida

Presented the paper at EuroSec 2017 (Workshop) in Belgrade, Serbia (April 23, 2017).

Read the paper - View the slides - View the code

Ph.D. Computer Science & Engineering at University of Michigan (January 2020 - May 2025)

Advisor: Daniel Genkin

SoK: SGX.Fail: How Stuff Gets eXposed

SGAxe: How SGX Fails in Practice

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Ph.D. Computer System Security at VU Amsterdam (May 2018 - January 2020)

Advisors: Kaveh Razavi, Cristiano Giuffrida and Herbert Bos

RIDL: Rogue In-Flight Data Load

TA: Kernel Programming (2018 - 2019) and Hardware Security (2018).

Teaching Assistant at VU Amsterdam (January 2018)

Compiler Construction.

System Engineer at Whitebox Systems (January 2017 - October 2017)

Developed the Trusted Boot Module (TBM), a hardware component implemented using the STM32F1 microcontroller to manage and store keys and to verify signed software images in order to prevent attackers from tampering with the software.

Teaching Assistant at University of Amsterdam (September 2012 - March 2016)

Computer Architecture & Organisation (2013 - 2015), Image Processing (2014), Parallel Programming (2013), Data Structures (2013 - 2014), Introduction to Programming (2012 - 2013), Modern Databases (2015 - 2016), Multimedia (2013 - 2014), Net-Centric Computing (2013), Numerical Recipes (2015 - 2016), Functional Programming (2012 - 2015) and Statistical Reasoning (2014 - 2015).

Tutor at University of Amsterdam (September 2015 - January 2016)

Discussing and monitoring the progress of students as well as assisting students with auxiliary resources they require during their study.

Bring your own Device at University of Amsterdam (February 2014 - September 2015)

Documented and assisted the installation process of Linux Ubuntu and additional software for first year undergraduates.

Security Analysis at University of Amsterdam (July 2012 - August 2012)

Documented and reported various vulnerabilities in both Datanose and Blackboard.

MSc. Computer Science (Computer Systems Security) (September 2015 - May 2018)

VU Amsterdam & Universiteit van Amsterdam (joint degree)

Graduated cum laude under supervision of Kaveh Razavi, Cristiano Giuffrida and Herbert Bos.

Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think

BSc. Computing Science (September 2011 - August 2015)

Universiteit van Amsterdam

Graduated under supervision of Toto van Inge.