Stephan van Schaik

PhD student, VUSec (VU University)

About speaker

Stephan van Schaik is a PhD student in the VUSec group at the VU University in Amsterdam. He is interested in the low-level side of computer science with a focus on computer micro-architectures, embedded hardware and operating systems, and more specifically how these can be exploited within software-based attacks. Before pursuing his PhD, he published two papers while doing his MSc at VUSec: «A Framework for Reverse Engineering Hardware Page Table Caches» at EuroSec ’17 about reverse engineering the proprieties of page table and translation caches in contemporary CPUs, and «Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think» at USENIX Security ’18 that shows that you can use the MMU in a confused-deputy attack to bypass all existing software-based cache defenses to perform a cache attack.

June 17
15:00 — 16:00
First Track
Speculative execution bugs in modern CPUs popped up out of nowhere, but the worst of the nightmare seems to be mitigated. We destroy these mitigations by taking a skeptical look at their assumptions, and reveal that unprivileged userspace applications can steal data by simply ignoring security boundaries — after all, what do address spaces and privilege levels mean to Intel’s CPU pipeline?