Even though we have been neglecting the News pages a bit these past few months, it does not mean nothing has happened.

So here is a short summary of awards we have won since 2021:

• Paranoid Android: Versatile Protection For Smartphones, published t ACSAC 2010 won the Test of Time Award in 2025
• InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2. USENIX Security, August 2024. Distinguished paper award
• SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching,USENIX Security’24, distinguished Artifact Award
• Uncontained: Uncovering Container Confusion in the Linux Kernel, USENIX Security’23 won distinguished artifact award.
• Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts, CCS’23 won distinguished paper award.
• Randomized Testing of Byzantine Fault Tolerant Algorithms, OOPSLA’23 won distinguished paper award
• Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks, USENIX Security’22, won the Dutch Cyber Security Research Paper Award
• Our ASPLOS paper “Who’s debugging the debuggers?” was awarded a Distinguished Paper Award!
• Victor van der Veen from won the 2021 EuroSys Roger Needham Ph.D. Award for his thesis titled “When Memory Server Not so Well: Memory Errors 30 Years Later“.
• VUsec was nominated for 6 Pwnie Awards
• Enes Goktas’ BlindSide (“hacking blind” in the Spectre era) Attack won Pwnie for Most Innovative Research (VUSec’s 5th Pwnie Awards)
• Victor van der Veen from won the 2021 DSN William C Carter Doctoral Dissertation Award for his thesis titled “When Memory Server Not so Well: Memory Errors 30 Years Later“.
• Our paper, “Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks“, won Distinguished Paper Award at USENIX Security’21.

TRRespass shows for the first time that state-of-the-art DDR4 DRAM from all major vendors is still vulnerable to practical Rowhammer attacks even though vendors previously claimed their products were Rowhammer-free.

After our PWNIEs for Dedup Est Machina, AnC, and DRAMMER, we now have a stable of four, all equally gorgeous. TRRespass previously also won the Best Paper Award at IEEE Security & Privacy.

We are happy to announce that the VUSec team won the Hack@Sec Hardware CTF @USENIXSecurity

Congratulations to Alyssa, Enrico, Hany, Koen and Marius!

Pietro won the Qualcomm Innovation Fellowship. The QIF program is focused on recognizing, rewarding, and mentoring innovative PhD students across a broad range of technical research areas .

Our TRRespass work on finding vulnerabilities in state-of-the-art in-DRAM defenses against Rowhammer attacks was awarded “Best Paper” at the IEEE Symposium on Security and Privacy (the leading Computer Security conference)

We are proud to announce that Cristiano Giuffrida has won the VMware Early Career Faculty Grant – a program intended to recognize the next generation of exceptional faculty members. A gift to the researcher’s university is made in support of his/her research and to promote excellence in teaching.

Rowhammer, the DRAM vulnerability that was supposedly fixed in DDR4 is not fixed in DDR4. The TRRespass attack shows that DIMMs from all 3 major vendors (good for 95% of the market) are still vulnerable. The news appeared in different international media (see the writeup on NakedSecurity) and in the Netherlands in de Volkskrant. There was a short interview on Radio 1 (22:51 h).

Recently graduated Harry King just won the (university-wide) best bachelor thesis award for his thesis on “Development Tools &
Techniques for a More Robust Operating System”. For his thesis project he built an operating system kernel from scratch in Ada. The implementation in Ada allowed him to formally verify the OS components.

Two of VUSec’s papers were nominated for the Best Applied Research Award at CSAW’19 in Valence France: ECCploit and RIDL.

When the dust settled, “RIDL: Rogue In-Flight Data Load”, the
paper that was published at Security & Privacy in May and that shows a new class of speculative execution attacks that can leak any “in-flight” data from Intel CPUs won the second place
prize for Best Applied Research at CSAW ’19.

See also: “Much Ado about RIDL“.

The RIDL saga that started in September 2018 lingers on. A new embargo and a new set of insufficient patches, and it isn’t over yet. Excellent coverage by Kim Zetter in the New York Times.

In addition there were many other outlets covering this:

International:

https://www.wired.com/story/intel-mds-attack-taa/

https://www.theverge.com/2019/11/13/20962667/intel-processor-security-vulnerabilities-researchers-disclosure

https://www.ft.com/content/d60cda42-7699-11e9-be7d-6d846537acab

https://in.pcmag.com/news/133831/intel-struggles-to-fix-hardware-based-flaws-researchers-say

https://www.tomshardware.com/news/intel-reveals-taa-vulnerabilities-in-cascade-lake-chips-and-a-new-jcc-bug

https://www.dailymail.co.uk/sciencetech/article-7681917/Intel-failed-fix-dangerous-chip-flaw-affecting-MILLIONS-Apple-Microsoft-Google-devices.html

https://www.engadget.com/2019/11/13/intel-fixes-cpu-security-flaw-for-real/

https://gizmodo.com/intel-reportedly-warned-of-critical-chip-security-flaws-1839807262

Dutch:

https://www.nu.nl/tech/6010595/onderzoekers-vrije-universiteit-intel-is-niet-eerlijk-over-processorlek.html

https://www.nporadio1.nl/nieuws-en-co/onderwerpen/519738-processorchips-intel-nog-steeds-kwetsbaar

https://nos.nl/artikel/2310247-onderzoekers-intel-neemt-beveiligingslek-niet-serieus.html

https://www.ad.nl/tech/onderzoekers-vu-intel-loog-over-oplossen-lek-in-chips~acb207e0/

https://tweakers.net/nieuws/159826/vu-onderzoekers-intel-heeft-ridl-kwetsbaarheid-nog-niet-volledig-opgelost.html

https://www.computable.nl/artikel/nieuws/cloud-computing/6834006/250449/oproep-vu-zet-hyperthreading-in-intel-processor-uit.html

https://radar.avrotros.nl/nieuws/item/processorchips-van-intel-nog-steeds-kwetsbaar/

https://www.noordhollandsdagblad.nl/cnt/dmf20191113_36194155/vu-studie-intel-chips-nog-steeds-kwetsbaar

https://www.security.nl/posting/631293/VU-onderzoekers+onthullen+%22nieuwe%22+aanval+op+Intel-processors

Tabloids:

https://www.telegraaf.nl/nieuws/348361583/vu-studie-intel-chips-nog-steeds-kwetsbaar