2022: Busy Beaver Award for "Foundations of Cybersecurity II"
2021: Busy Beaver Award for "Side-Channel Attacks and Defenses"
2020: EuroSys Roger Needham PhD Award
2019: NSA Best Scientific Cybersecurity Paper Competition Honorable Mention: Meltdown
2019: Open Exploit Award: Meltdown and Spectre
2019: S&P Distinguished Paper Award - Spectre
2018: CSAW Best Paper Award - Meltdown
2018: Pwnie Award for Best Privilege Escalation Bug - Meltdown
2018: Pwnie Awardfor Most Innovative Research - Spectre
Dr. Michael Schwarz ist Tenured Faculty am CISPA mit Fokus auf Microarchitectural Side-Channel Attacks und Systemsicherheit. Er erhielt seinen PhD mit dem Titel „Software-based Side-Channel Attacks and Defenses in Restricted Environments“ 2019 von der Graz Universität of Technology (beraten von Daniel Gruss). Michael hat zwei Masterabschlüsse, einen in Computer Science und einen in Software Engineering mit einem starken Fokus auf Security. Er ist regelmäßig Sprecher bei akademischen und Hacker-Konferenzen (7 Mal Black Hat, CCC, Blue Hat, etc.). Michael war Teil eines der Forschungsteams, das die Meltdown-, Spectre-, Fallout- und LVI-Schwachstellen, sowie die ZombieLoad-Schwachstelle gefunden hat. Er war auch Teil des Kaiser-Patches, die Basis für die Meltdown-Gegenmaßnahmen, die jetzt in jedem modernen Betriebssystem wie KPTI oder KVA Shadow eingesetzt werden.
Network and Distributed System Security Symposium (NDSS)
SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs
ACM Conference on Computer and Communications Security (CCS)
Styled to Steal: The Overlooked Attack Surface in Email Clients
ACM Conference on Computer and Communications Security (CCS)
RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs
ACM Conference on Computer and Communications Security (CCS)
ExfilState: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs
Microarchitecture Security Conference (uASC)
Zero-Store Elimination and its Implications on the SIKE Cryptosystem
Usenix Security Symposium (USENIX-Security)
Confusing Value with Enumeration: Studying the Use of CVEs in Academia
Usenix Security Symposium (USENIX-Security)
GI International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
Taming the Linux Memory Allocator for Rapid Prototyping
IEEE Symposium on Security and Privacy (S&P)
Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage
The Web Conference (WWW)
Peripheral Instinct: How External Devices Breach Browser Sandboxes