Clémentine Maurice

Clémentine Maurice

Publications

• 2017

  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
  Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer
  Network and Distributed System Security Symposium 2017 (NDSS'17), San Diego, California, USA, February 2017 (acceptance rate: 16.1%)

• 2016

  Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
  Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard
  23rd ACM Conference on Computer and Communications Security (CCS'16), Vienna, Austria, October 2016 (acceptance rate: 16.4%)
  Work presented at BlackHat USA 2016

• Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
  Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida
  23rd ACM Conference on Computer and Communications Security (CCS'16), Vienna, Austria, October 2016 (acceptance rate: 16.4%)
  Media:  Ars Technica, Wired

• DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
  Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard
  25th USENIX Security Symposium, Austin, TX, USA, August 2016 (acceptance rate: 15.6%)
  Work presented at BlackHat Europe 2016. Pre-print online since November 2015 on arXiv:1511.08756

• ARMageddon: Cache Attacks on Mobile Devices
  Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard
  25th USENIX Security Symposium, Austin, TX, USA, August 2016 (acceptance rate: 15.6%)
  Work presented at BlackHat Europe 2016

• Flush+Flush: A Fast and Stealthy Cache Attack
  Daniel Gruss, Clémentine Maurice, Klaus Wagner, Stefan Mangard
  13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'16), Donostia-San Sebastián, Spain, July 2016 (acceptance rate: 31.8%)
  Pre-print online since November 2015 on arXiv:1511.04594

• Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
  Daniel Gruss, Clémentine Maurice, Stefan Mangard
  13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'16), Donostia-San Sebastián, Spain, July 2016 (acceptance rate: 31.8%)
  Media:  Slate, Vice Motherboard, Ars Technica, Wired, Le Monde Informatique [fr], golem.de [de]
  Work presented at the CCC 2015. Pre-print online since July 2015 on arXiv:1507.06955
  

• 2015

  Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters
  Clémentine Maurice, Nicolas Le Scouarnec, Christoph Neumann, Olivier Heen, Aurélien Francillon
  18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'15), Kyoto, Japan, November 2015 (acceptance rate: 23.5%)

• C5: Cross-Cores Cache Covert Channel
  Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon
  12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'15), Milan, Italy, July 2015 (acceptance rate: 22.7%)
  Best Paper Award

• 2014

  Confidentiality Issues on a GPU in a Virtualized Environment
  Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon
  18th International Conference on Financial Cryptography and Data Security (FC'14), Barbados, March 2014 (acceptance rate: 22.5%)

• 2013

  Improving 802.11 Fingerprinting of Similar Devices by Cooperative Fingerprinting
  Clémentine Maurice, Stephane Onno, Christoph Neumann, Olivier Heen, Aurélien Francillon
  10th International Conference on Security and Cryptography (SECRYPT'13), Reykjavik, Iceland, July 2013

Presentations

• What could possibly go wrong with <insert x86 instruction here>?
  Joint presentation with Moritz Lipp at the 33rd Chaos Communication Congress (33c3), Hamburg, Germany, December 2016 (coming soon)
• Reverse-engineering CPUs for fun and profit
  Guest talk @ Inria, Rennes, France, December 2016
• Reverse-engineering CPUs for fun and profit
  Guest talk @ SBA Research, Vienna, Austria, November 2016
• What could possibly go wrong with <insert x86 instruction here>?
  Guest talk @ Ruhr-University Bochum, Germany, November 2016
• Reverse-engineering CPUs for fun and profit
  Invited lecture at HackPra @ Ruhr-University Bochum, Germany, November 2016
• ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy
  Joint presentation with Moritz Lipp at BlackHat Europe 2016, London, UK, November 2016
• Microarchitectural Side-Channel Attacks
  Lecture at the IPICS 2016 Summer School @ KU Leuven, Belgium, July 2016
• Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
  Joint presentation with Daniel Gruss at the 32nd Chaos Communication Congress (32c3), Hamburg, Germany, December 2015
• Information Leakage in Virtualized Environments: A Journey into GPU Memory and CPU Caches
  Guest talk at the Secure Systems group seminar @ IAIK, TU Graz, Austria, June 2015
• Information Leakage in Virtualized GPUs
  Poster presented at Security and Privacy thematic day of Labex UCN, Sophia Antipolis, France, December 2013
• Information Leakage in a GPU in a Virtualized Environment
  Presentation at the 3rd Workshop on Storage and Cloud Computing, Rennes, France, November 2013

Grants & Awards

• RAID student travel grant, November 2015
• DIMVA best paper award, July 2015
• COST Cryptacus funding to visit TU Graz for a Short Term Scientific Mission, June 2015
• Hardware donation of a GPU by NVIDIA, April 2013

Service

• Reviewer for IEEE Transactions on Information Forensics & Security (T-IFS)
• Program Committee member for ESSoS 2017
• External reviewer for DATE 2017, NDSS 2017, ACSAC 2016, ICDCS 2016, WOOT 2015, Eurosec 2013, ESORICS 2013
• On-site organization of Cosade 2016

Contact me

Mail: clementine AT cmaurice.fr
Public key: 0x8E3AD1E68A58791B
Fingerprint: B57A F30A ABD1 0F35 99D4 F53A 8E3A D1E6 8A58 791B