I am a security researcher. I am working as a full-time researcher (Chargée de Recherche) for CNRS, at CRIStAL (Lille, France), in the Spirals group.
Previously, I worked as a CNRS researcher at IRISA (Rennes, France) in the EMSEC group.
Before that, I worked as a postdoctoral researcher in the Secure Systems group at the Graz University of Technology, Institute of Applied Information Processing and Communications, in Austria.
I obtained my PhD from Telecom ParisTech in October 2015 while working at Technicolor in Rennes, jointly with the S3 group of Eurecom in Sophia Antipolis.
Among other topics, I am interested in microarchitectural covert and side channels in commodity computers and servers, reverse-engineering processor parts, software-based fault attacks, and fingerprinting everything.
BloodyTangerine
Google Scholar
dblp
CV [fr] (last update: March 2024)
Mail: clementine.maurice AT inria.fr
Screaming Channels on Bluetooth Low Energy
Annual Computer Security Applications Conference (ACSAC'24), Waikiki, Hawaii, USA (acceptance rate: 19.7%)
Semi-Automated and Easily Interpretable Side-Channel Analysis for Modern JavaScript
23rd International Conference on Cryptology And Network Security (CANS'24), Cambridge, UK
A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries
ACM Conference on Computer and Communications Security (CCS'23), Copenhagen, Denmark (acceptance rate: 19.1%)
The Finger in the Power: How to Fingerprint PCs by Monitoring Their Power Consumption
20th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'23), Hamburg, Germany (acceptance rate: 28.3%)
Best Paper Award, Runner-Up
Characterizing Prefetchers using CacheObserver
34th International Symposium on Computer Architecture and High Performance Computing (IEEE SBAC-PAD'22), Bordeaux, France (acceptance rate: 35.4%)
CPU Port Contention Without SMT
27th European Symposium on Research in Computer Security (ESORICS'22), Copenhagen, Denmark (acceptance rate: 18.5%)
Port Contention Goes Portable: Port Contention Side Channels in Web Browsers
17th ACM ASIA Conference on Computer and Communications Security (ASIACCS'22), Nagasaki, Japan (acceptance rate: 18.4%)
DrawnApart: A Device Identification Technique
based on Remote GPU Fingerprinting
Network and Distributed System Security Symposium 2022 (NDSS'22), San Diego, California, USA (acceptance rate: 16.2%)
Media:
Gizmodo,
PCMag,
Tom's Hardware,
Le Monde Informatique [fr]
1st place at CSAW'22 Applied Research Competition MENA
Mozilla Security Hall of Fame (Q2 2021)
DITTANY: Strength-Based Dynamic Information Flow Analysis Tool for x86 Binaries
Binary Analysis Research Workshop 2022 (BAR'22, co-located with NDSS '22), San Diego, California, USA
SoK: In Search of Lost Time: A Review of JavaScript’s Timers in Browsers
6th IEEE European Symposium on Security and Privacy (EuroS&P'21), Vienna, Austria, Online (acceptance rate: 19.4%)
Work also presented at Pass The SALT 2021
Virtual Platform to Analyze the Security of a System on Chip at Microarchitectural Level
Workshop on the Security of Software/Hardware Interfaces (SILM'21, co-located with EuroS&P21), Vienna, Austria, Online
Calibration Done Right: Noiseless Flush+Flush Attacks
18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'21), Lisbon, Portugal, Online (acceptance rate: 28.8%)
Reproducing Spectre Attack with gem5: How To Do It Right?
14th European Workshop on Systems Security (EuroSec'21, co-located with EuroSys'21), Edinburgh, Scotland, UK, Online (acceptance rate: 56.3%)
Nethammer: Inducing Rowhammer Faults through Network Requests
Workshop on the Security of Software/Hardware Interfaces (SILM'20, co-located with EuroS&P20), Genova, Italy, Online
Media:
The Hacker News,
The Register
Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
15th ACM ASIA Conference on Computer and Communications Security (ASIACCS'20), Taipei, Taiwan, Online (acceptance rate: 21.8%)
Media:
ZDNet,
Engadget,
Tom's Hardware
Malware Guard Extension: abusing Intel SGX to conceal cache attacks
Cybersecurity Vol. 3, January, 2020
Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
13th ACM ASIA Conference on Computer and Communications Security (ASIACCS'18), Songdo, Incheon, Korea (acceptance rate: 20.0%)
Pre-print online since November 2017 on arXiv:1711.01254
KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Network and Distributed System Security Symposium 2018 (NDSS'18), San Diego, California, USA
Practical Keystroke Timing Attacks in Sandboxed JavaScript
22nd European Symposium on Research in Computer Security (ESORICS'17), Oslo, Norway (acceptance rate: 15.9%)
KASLR is Dead: Long Live KASLR
9th International Symposium on
Engineering Secure Software and Systems (ESSoS'17), Bonn, Germany (acceptance rate: 46.9%)
Wikipedia
Malware Guard Extension: Using SGX to Conceal Cache Attacks
14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'17), Bonn, Germany (acceptance rate: 26.8%)
Pre-print online since February 2017 on arXiv:1702.08719
Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
Financial Cryptography and Data Security 2017 (FC'17), Malta
Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Network and Distributed System Security Symposium 2017 (NDSS'17), San Diego, California, USA (acceptance rate: 16.1%)
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
23rd ACM Conference on Computer and Communications Security (CCS'16), Vienna, Austria (acceptance rate: 16.4%)
Work also presented at BlackHat USA 2016
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
23rd ACM Conference on Computer and Communications Security (CCS'16), Vienna, Austria (acceptance rate: 16.4%)
Media:
Ars Technica,
Wired
1st place at CSAW'17 Applied Research Best Paper Award
Pwnie Award for Best Privilege Escalation Bug at Black Hat 2017
Best Dutch Cyber Security Research Paper (DCSRP) 2017
DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
25th USENIX Security Symposium, Austin, TX, USA (acceptance rate: 15.6%)
Work also presented at BlackHat Europe 2016.
Pre-print online since November 2015 on arXiv:1511.08756
ARMageddon: Cache Attacks on Mobile Devices
25th USENIX Security Symposium, Austin, TX, USA (acceptance rate: 15.6%)
Work also presented at BlackHat Europe 2016
Flush+Flush: A Fast and Stealthy Cache Attack
13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'16), Donostia-San Sebastián, Spain (acceptance rate: 31.8%)
Pre-print online since November 2015 on arXiv:1511.04594
Most Influential DIMVA Paper 2014-2018 (awarded at DIMVA'23)
Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'16), Donostia-San Sebastián, Spain (acceptance rate: 31.8%)
Media:
Slate,
Vice Motherboard,
Ars Technica,
Wired,
Le Monde Informatique [fr],
golem.de [de]
Work also presented at the CCC 2015.
Pre-print online since July 2015 on arXiv:1507.06955
Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters
18th International Symposium on Research in Attacks,
Intrusions and Defenses (RAID'15), Kyoto, Japan (acceptance rate: 23.5%)
C5: Cross-Cores Cache Covert Channel
12th International Conference on Detection of
Intrusions and Malware, and Vulnerability Assessment (DIMVA'15), Milan,
Italy (acceptance rate: 22.7%)
Best Paper Award
Confidentiality Issues on a GPU in a Virtualized Environment
18th International Conference on Financial Cryptography and Data Security (FC'14), Barbados (acceptance rate: 22.5%)
Improving 802.11 Fingerprinting of Similar Devices by Cooperative Fingerprinting
10th International Conference on Security and Cryptography (SECRYPT'13), Reykjavik, Iceland