Clémentine Maurice

Full-time researcher at CNRS, CRIStAL.

I am a security researcher. I am working as a full-time researcher (Chargée de Recherche) for CNRS, at CRIStAL (Lille, France), in the Spirals group.

Previously, I worked as a CNRS researcher at IRISA (Rennes, France) in the EMSEC group. Before that, I worked as a postdoctoral researcher in the Secure Systems group at the Graz University of Technology, Institute of Applied Information Processing and Communications, in Austria. I obtained my PhD from Telecom ParisTech in October 2015 while working at Technicolor in Rennes, jointly with the S3 group of Eurecom in Sophia Antipolis.

Among other topics, I am interested in microarchitectural covert and side channels in commodity computers and servers, reverse-engineering processor parts, software-based fault attacks, and fingerprinting everything.

BloodyTangerine Google Scholar dblp
CV [fr] (last update: March 2024)

Contact me

Mail: clementine.maurice AT inria.fr

Publications

2025

PhaseSCA: Exploiting Phase-Modulated Emanations in Side Channels
Pierre Ayoub, Aurélien Hernandez, Romain Cayre, Aurélien Francillon, Clémentine Maurice.
Conference on Cryptographic Hardware and Embedded Systems (CHES'25), Kuala Lumpur, Malaysia
2024

BlueScream: Screaming Channels on Bluetooth Low Energy
Pierre Ayoub, Romain Cayre, Aurélien Francillon, Clémentine Maurice.
Annual Computer Security Applications Conference (ACSAC'24), Waikiki, Hawaii, USA (acceptance rate: 19.7%)
Artifact Available, Reviewed & Reproducible
Semi-Automated and Easily Interpretable Side-Channel Analysis for Modern JavaScript
Iliana Fayolle, Jan Wichelmann, Anja Köhl, Walter Rudametkin, Thomas Eisenbarth, Clémentine Maurice.
23rd International Conference on Cryptology And Network Security (CANS'24), Cambridge, UK (acceptance rate: 32.9%)
2023

A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries
Antoine Geimer, Mathéo Vergnolle, Frédéric Recoules, Lesly-Ann Daniel, Sébastien Bardin, Clémentine Maurice.
ACM Conference on Computer and Communications Security (CCS'23), Copenhagen, Denmark (acceptance rate: 19.1%)
The Finger in the Power: How to Fingerprint PCs by Monitoring Their Power Consumption
Marina Botvinnik, Tomer Laor, Thomas Rokicki, Clémentine Maurice, Yossi Oren.
20th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'23), Hamburg, Germany (acceptance rate: 28.3%)
Best Paper Award, Runner-Up
2022

Characterizing Prefetchers using CacheObserver
Guillaume Didier, Clémentine Maurice, Antoine Geimer, Walid J. Ghandour.
34th International Symposium on Computer Architecture and High Performance Computing (IEEE SBAC-PAD'22), Bordeaux, France (acceptance rate: 35.4%)
CPU Port Contention Without SMT
Thomas Rokicki, Clémentine Maurice, Michael Schwarz.
27th European Symposium on Research in Computer Security (ESORICS'22), Copenhagen, Denmark (acceptance rate: 18.5%)
Port Contention Goes Portable: Port Contention Side Channels in Web Browsers
Thomas Rokicki, Clémentine Maurice, Marina Botvinnik, Yossi Oren.
17th ACM ASIA Conference on Computer and Communications Security (ASIACCS'22), Nagasaki, Japan (acceptance rate: 18.4%)
DrawnApart: A Device Identification Technique based on Remote GPU Fingerprinting
Tomer Laor, Naif Mehanna, Antonin Durey, Vitaly Dyadyuk, Pierre Laperdrix, Clémentine Maurice, Yossi Oren, Romain Rouvoy, Walter Rudametkin, Yuval Yarom.
Network and Distributed System Security Symposium 2022 (NDSS'22), San Diego, California, USA (acceptance rate: 16.2%)
Media: Gizmodo, PCMag, Tom's Hardware, Le Monde Informatique [fr]
1st place at CSAW'22 Applied Research Competition MENA
Mozilla Security Hall of Fame (Q2 2021)
DITTANY: Strength-Based Dynamic Information Flow Analysis Tool for x86 Binaries
Walid J. Ghandour, Clémentine Maurice.
Binary Analysis Research Workshop 2022 (BAR'22, co-located with NDSS '22), San Diego, California, USA
2021

SoK: In Search of Lost Time: A Review of JavaScript’s Timers in Browsers
Thomas Rokicki, Clémentine Maurice, Pierre Laperdrix.
6th IEEE European Symposium on Security and Privacy (EuroS&P'21), ~~Vienna, Austria~~, Online (acceptance rate: 19.4%)
Work also presented at Pass The SALT 2021
Virtual Platform to Analyze the Security of a System on Chip at Microarchitectural Level
Quentin Forcioli, Jean-Luc Danger, Clémentine Maurice, Lilian Bossuet, Florent Bruguier, Maria Mushtaq, David Novo, Loïc France, Pascal Benoit, Sylvain Guilley, and Thomas Perianin.
Workshop on the Security of Software/Hardware Interfaces (SILM'21, co-located with EuroS&P21), ~~Vienna, Austria~~, Online
Calibration Done Right: Noiseless Flush+Flush Attacks
Guillaume Didier, Clémentine Maurice.
18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'21), ~~Lisbon, Portugal~~, Online (acceptance rate: 28.8%)
Reproducing Spectre Attack with gem5: How To Do It Right?
Pierre Ayoub, Clémentine Maurice.
14th European Workshop on Systems Security (EuroSec'21, co-located with EuroSys'21), ~~Edinburgh, Scotland, UK~~, Online (acceptance rate: 56.3%)
2020

Nethammer: Inducing Rowhammer Faults through Network Requests
Moritz Lipp, Misiker Tadesse Aga, Michael Schwarz, Daniel Gruss, Clémentine Maurice, Lukas Raab, Lukas Lamster.
Workshop on the Security of Software/Hardware Interfaces (SILM'20, co-located with EuroS&P20), ~~Genova, Italy~~, Online
Media: The Hacker News, The Register
Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
Moritz Lipp, Vedad Hadžić, Michael Schwarz, Arthur Perais, Clémentine Maurice, Daniel Gruss.
15th ACM ASIA Conference on Computer and Communications Security (ASIACCS'20), ~~Taipei, Taiwan~~, Online (acceptance rate: 21.8%)
Media: ZDNet, Engadget, Tom's Hardware
Malware Guard Extension: abusing Intel SGX to conceal cache attacks
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard.
Cybersecurity Vol. 3, January, 2020
Branch Prediction Attack on Blinded Scalar Multiplication
Sarani Bhattacharya, Clémentine Maurice, Shivam Bhasin, Debdeep Mukhopadhyay
IEEE Transactions on Computers, vol. 69, no. 5, pp. 633-648, 1 May 2020
2018

Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
Michael Schwarz, Daniel Gruss, Moritz Lipp, Clémentine Maurice, Thomas Schuster, Anders Fogh, Stefan Mangard.
13th ACM ASIA Conference on Computer and Communications Security (ASIACCS'18), Songdo, Incheon, Korea (acceptance rate: 20.0%)
Pre-print online since November 2017 on arXiv:1711.01254
KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard.
Network and Distributed System Security Symposium 2018 (NDSS'18), San Diego, California, USA
2017

Practical Keystroke Timing Attacks in Sandboxed JavaScript
Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Clémentine Maurice, Stefan Mangard.
22nd European Symposium on Research in Computer Security (ESORICS'17), Oslo, Norway (acceptance rate: 15.9%)
KASLR is Dead: Long Live KASLR
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard.
9th International Symposium on Engineering Secure Software and Systems (ESSoS'17), Bonn, Germany (acceptance rate: 46.9%)
Wikipedia
Malware Guard Extension: Using SGX to Conceal Cache Attacks
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard.
14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'17), Bonn, Germany (acceptance rate: 26.8%)
Pre-print online since February 2017 on arXiv:1702.08719
Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
Michael Schwarz, Clémentine Maurice, Daniel Gruss and Stefan Mangard.
Financial Cryptography and Data Security 2017 (FC'17), Malta
Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer.
Network and Distributed System Security Symposium 2017 (NDSS'17), San Diego, California, USA (acceptance rate: 16.1%)
2016

Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard.
23rd ACM Conference on Computer and Communications Security (CCS'16), Vienna, Austria (acceptance rate: 16.4%)
Work also presented at BlackHat USA 2016
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida.
23rd ACM Conference on Computer and Communications Security (CCS'16), Vienna, Austria (acceptance rate: 16.4%)
Media: Ars Technica, Wired
1st place at CSAW'17 Applied Research Best Paper Award
Pwnie Award for Best Privilege Escalation Bug at Black Hat 2017
Best Dutch Cyber Security Research Paper (DCSRP) 2017
DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard.
25th USENIX Security Symposium, Austin, TX, USA (acceptance rate: 15.6%)
Work also presented at BlackHat Europe 2016. Pre-print online since November 2015 on arXiv:1511.08756
ARMageddon: Cache Attacks on Mobile Devices
Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard.
25th USENIX Security Symposium, Austin, TX, USA (acceptance rate: 15.6%)
Work also presented at BlackHat Europe 2016
Flush+Flush: A Fast and Stealthy Cache Attack
Daniel Gruss, Clémentine Maurice, Klaus Wagner, Stefan Mangard.
13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'16), Donostia-San Sebastián, Spain (acceptance rate: 31.8%)
Pre-print online since November 2015 on arXiv:1511.04594
Most Influential DIMVA Paper 2014-2018 (awarded at DIMVA'23)
Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
Daniel Gruss, Clémentine Maurice, Stefan Mangard.
13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'16), Donostia-San Sebastián, Spain (acceptance rate: 31.8%)
Media: Slate, Vice Motherboard, Ars Technica, Wired, Le Monde Informatique [fr], golem.de [de]
Work also presented at the CCC 2015. Pre-print online since July 2015 on arXiv:1507.06955
2015

Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters
Clémentine Maurice, Nicolas Le Scouarnec, Christoph Neumann, Olivier Heen, Aurélien Francillon.
18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'15), Kyoto, Japan (acceptance rate: 23.5%)
C5: Cross-Cores Cache Covert Channel
Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon.
12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'15), Milan, Italy (acceptance rate: 22.7%)
Best Paper Award
2014

Confidentiality Issues on a GPU in a Virtualized Environment
Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon.
18th International Conference on Financial Cryptography and Data Security (FC'14), Barbados (acceptance rate: 22.5%)
2013

Improving 802.11 Fingerprinting of Similar Devices by Cooperative Fingerprinting
Clémentine Maurice, Stephane Onno, Christoph Neumann, Olivier Heen, Aurélien Francillon.
10th International Conference on Security and Cryptography (SECRYPT'13), Reykjavik, Iceland

Awards

DIMVA 2023 "Most influential DIMVA paper 2014-2018" (for Flush+Flush)
DIMVA 2023 "Best paper award, runner up" (for The Finger in the Power)
Woman in Cyber award: Femme Cyber Chercheuse at the CEFCYS European Cyber Women Day 2022
1st place at CSAW'22 Applied Research Competition MENA (for DrawnApart)
Mozilla Security Hall of Fame x2: 2018 Q3, 2021 Q2
Young Researcher prize: Prix Bretagne Jeune Chercheuse et Chercheur 2018, catégorie "Technologies de pointe"
1st place at CSAW'17 Applied Research Best Paper Award (for Drammer)
DIMVA 2015 best paper award (for C5)

Service

Member of the "Software and source codes college" of the Committee for Open Science (Comité pour la science ouverte du MESR)
Steering Committee:
- WOOT (since 2020)
- DIMVA (since 2021)
Program Committee:
- USENIX Security 2025
- RAID 2024
- SILM 2023
- WOOT 2023
- ACM CCS 2022
- USENIX Security 2022 (Artifact Evaluation Co-chair)
- SSTIC 2022
- IEEE S&P 2022
- HASP 2021
- DRAMSec 2021
- USENIX Security 2021 (PC member + Artifact Evaluation Co-chair)
- IEEE S&P 2021
- USENIX Security 2020
- DIMVA 2020 (Program Chair)
- SSTIC 2020
- IEEE S&P 2020
- GreHack 2019
- WOOT 2019 (Program Co-chair, 1st Artifact Evaluation Chair)
- DIMVA 2019 (Program Co-chair)
- SSTIC 2019
- EuroSec 2019
- ROOTS 2018
- WOOT 2018
- DIMVA 2018
- SSTIC 2018
- ICDCS 2018
- WWW 2018
- CHES 2018
- ESSoS 2017
- ACSAC 2017
Reviewer:
- ACM Transactions on Embedded Computing Systems (TECS)
- IEEE Transactions on Information Forensics & Security (T-IFS)
- ACM Transactions on Internet Technology (TOIT)
- Elsevier Microprocessors and Microsystems (MICPRO)
- IEEE Transactions on Emerging Topics in Computing (TETC)
ACSAC 2024 Cybersecurity Artifacts Competition and Impact Award Review Committee member
External reviewer for SAC 2019, CCS 2017, VLSI-SoC 2017, DIMVA 2017, RAID 2017, AsiaCCS 2017, DATE 2017, NDSS 2017, ACSAC 2016, ICDCS 2016, WOOT 2015, Eurosec 2013, ESORICS 2013
Co-chair of the PhD award Gilles Kahn by the SIF (French computer science society) 2019-2021
Jury member for the PhD award Gilles Kahn by the SIF (French computer science society) 2018
Organizer of the SILM Summer School on the Security of Software/Hardware Interfaces 2019
On-site organization of Cosade 2016

Grants

PEPR Cybersecurité, REV project (WP leader), 2023-2027
PEPR Cybersecurité, IPoP project (member), 2022-2027
ANR-DFG PRCI FACADES (member), 2022-2025
ANR ARCHI-SEC (local PI), 2019-2023
ANR JCJC MIAOUS (PI), 2019-2023
ANR MobiS5 (member), 2019-2023
PEPS JCJC INS2I (PI), 2018
RAID student travel grant, November 2015
COST Cryptacus funding to visit TU Graz for a Short Term Scientific Mission, June 2015
Hardware donation of a GPU by NVIDIA, April 2013

Public Outreach

Presentation and speed-meetings at Rendez-vous des Jeunes Mathématiciennes et Informaticiennes [fr], October 2024
Article "Les arcanes des processeurs mis à l'épreuve" in La Recherche n°578 [fr], July 2024
Portrait in LeMagIT [fr], January 2023
Article "Meltdown et attaques sur KASLR : les attaques par canal auxiliaire passent à la vitesse supérieure" in MISC n°97 [fr], May 2018
Article "Après Meltdown et Spectre, comment sécuriser les processeurs ?" in Journal du CNRS [fr], March 2018
Interview for LeMagIT [fr], January 2018

Presentations

Side-channel-free software, are we there yet?
Invited talk at the Journées Scientifiques Inria, Grenoble, France, August 2024
Side-channel-free software, are we there yet?
Invited talk at the Max Planck Institute for Security and Privacy Symposium on System Security, remote, June 2024
A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries
Invited talk at the SWHSec conference, Paris, France, June 2024
Attaques micro-architecturales : du CPU au navigateur
Masterclass at the InCyber Forum (FIC), Lille, France, March 2024
Reproducible Research in Micro-architecture Security (and Beyond): from Paper to Artifact Evaluation
Keynote at the Pass the SALT conference, Lille, France, July 2023
Micro-architectural attacks: from CPU to browser
Invited talk at the "Journées Nationales 2023 du GDR Sécurité Informatique" (plénière), Paris, France, June 2023
Attaques sur la micro-architecture
Invited talk at the "Journée sécurité" Min2Rien, Lille, France, November 2022
Micro-architectural attacks: from CPU to browser
Keynote at the RAID Symposium, Limassol, Cyprus, October 2022
Micro-architectural attacks: from CPU to browser
Lecture at the Cyber in Nancy Summer School, Nancy, France, July 2022
Micro-architectural attacks: from CPU to browser
Lecture at the Summer School on real-world crypto and privacy, Šibenik, Croatia, June 2022
Reproducible Research: from Paper to Artifact Evaluation
Keynote at the 15th European Workshop on Systems Security (EuroSec), Rennes, France, April 2022
Evolution of micro-architectural attacks
Invited talk at the 32nd HP/HPE (Virtual) Colloquium On Information Security, virtual, December 2021
Évolution des attaques sur la micro-architecture
Invited talk at the Journée Sécurité SIF, GDR Sécurité Informatique, RSD et SOC2, virtual, October 2021
Projet JCJC : retour d'expérience
Journée des Nouveaux Nommés du Club EEA, virtual, March 2021
Experiment Artifact Sharing: Challenges and Solutions
Panelist at the LASER workshop at NDSS 2021, virtual, February 2021
Quelle confiance peut-on placer dans les plateformes matérielles qui exécutent nos applications?
Joint masterclass with Guillaume Hiet at the International Cybersecurity Forum (FIC), Lille, France, January 2020
Micro-Architectural Fault Attacks
Invited talk at the First Israeli Conference on Hardware and Side-channel Attacks, Tel Aviv, Israel, May 2019
Introduction to micro-architectural attacks
Invited lecture at the Ben-Gurion University of the Negev, Beer Sheva, Israel, April 2019
Evolution des attaques sur la micro-architecture
Invited talk at the Journée "Nouvelles Avancées en Sécurité des Systèmes d'Information", Toulouse, France, January 2019
Evolution of microarchitectural attacks
Invited talk at the 8th INRIA/Technicolor Workshop On Systems (WOS8); Rennes, France, December 2018
Introduction to cache side-channel attacks
Invited talk at the Séminaire du DIT, ENS Rennes, France, October 2018
Reverse-engineering CPUs for fun and profit
Invited remote lecture for the Indian Institute of Technology Kanpur, September 2018
Evolution of microarchitectural attacks
Invited talk at the Security Seminar at LORIA, Nancy, France, September 2018
Cache side-channel attacks
Lab session at the Cyber in Occitanie summer school, Montpellier, France, July 2018
Evolution des attaques sur la micro-architecture
Invited talk at the Colloque Architecture, Toulouse, France, July 2018
Evolution des attaques sur la micro-architecture
Invited talk at the Journées Nationales 2018 Pré-GDR Sécurité Informatique, Paris, France, May 2018
Attaques par canaux auxiliaires sur la micro-architecture
Representing INS2I (CNRS) at the 10th International Cybersecurity Forum (FIC), Lille, France, January 2018
Cache attacks: From side channels to fault attacks
Invited talk at the Cryptacus Workshop, Nijmegen, Netherlands, November 2017
From bottom to top: Exploiting hardware side channels in web browsers
Presentation at RMLL 2017, Saint-Étienne, France, July 2017
Interview [en] [fr]
De bas en haut : attaques sur la microarchitecture depuis un navigateur web [fr]
Invited talk at SSTIC 2017, Rennes, France, June 2017
Cache attacks: Software side-channel and fault attacks
Lecture at the Spring School on Security & Correctness in the Internet of Things, Graz, Austria, May 2017
Rowhammer Attacks: A Walkthrough Guide
Joint presentation with Daniel Gruss at RuhrSec 2017, Bochum, Germany, May 2017
Microarchitectural Attacks in the Cloud
Keynote at XDOM0 2017 (workshop co-located with EuroSys 2017), Belgrade, Serbia, April 2017
Reverse-Engineering Caches on Intel CPUs
Guest talk at Intel, Hillsboro, Oregon, USA, March 2017
Prefetch Side-Channel Attacks
Guest talk at Intel, Hillsboro, Oregon, USA, March 2017
Cache attacks and Rowhammer on ARM devices: What's next?
Guest talk at Qualcomm, San Diego, California, USA, March 2017
What could possibly go wrong with <insert x86 instruction here>?
Guest talk at the seminar "Sécurité des systèmes électroniques embarqués", IRISA, Rennes, France, February 2017
What could possibly go wrong with <insert x86 instruction here>?
Joint presentation with Moritz Lipp at the 33rd Chaos Communication Congress (33c3), Hamburg, Germany, December 2016
Reverse-engineering CPUs for fun and profit
Guest talk at Inria, Rennes, France, December 2016
Reverse-engineering CPUs for fun and profit
Guest talk at SBA Research, Vienna, Austria, November 2016
What could possibly go wrong with <insert x86 instruction here>?
Guest talk at Ruhr-University Bochum, Germany, November 2016
Reverse-engineering CPUs for fun and profit
Invited lecture at HackPra @ Ruhr-University Bochum, Germany, November 2016
ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy
Joint presentation with Moritz Lipp at BlackHat Europe 2016, London, UK, November 2016
Microarchitectural Side-Channel Attacks
Lecture at the IPICS 2016 Summer School, KU Leuven, Belgium, July 2016
Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
Joint presentation with Daniel Gruss at the 32nd Chaos Communication Congress (32c3), Hamburg, Germany, December 2015
Information Leakage in Virtualized Environments: A Journey into GPU Memory and CPU Caches
Guest talk at the Secure Systems group seminar, IAIK, TU Graz, Austria, June 2015
Information Leakage in Virtualized GPUs
Poster presented at Security and Privacy thematic day of Labex UCN, Sophia Antipolis, France, December 2013
Information Leakage in a GPU in a Virtualized Environment
Presentation at the 3rd Workshop on Storage and Cloud Computing, Rennes, France, November 2013