Michael Schwarz @ CISPA Helmholtz Center for Information Security

I'm a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany, and lead the RootSec research group. In my research, I focus on microarchitectural side-channel attacks and system security. I obtained my PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology (advised by Daniel Gruss)

misc0110 · @misc0110 · Google Scholar · ORCID
michael.schwarz91@gmail.com | michael.schwarz@cispa.de

PhD Students

Current students: Daniel Weber, Ruiyi Zhang, Lukas Gerlach, Lorenz Hetterich, Leon Trampert, Fabian Thomas, Tristan Hornetz

Publications

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Presentations

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

Trainings

2022

Turning Timing Differences into Data Leakage
Michael Schwarz, Daniel Weber
International Winter School on Microarchitectural Security, Paris, France, October 5-9, 2022
Info GitHub

2021

A Practical Introduction to Transient Execution Attacks
Michael Schwarz
ESORICS 2021, Virtual, July 28, 2021
Info GitHub Recording

2019

Runtime Security Lab
Michael Schwarz
Security Week Graz, Graz, Austria, September 16-20, 2019
Info

Microarchitectural Side-Channel Lab
Michael Schwarz
Security Week Graz, Graz, Austria, September 16-20, 2019
Info

Microarchitectural Attacks
Daniel Gruss, Moritz Lipp, Michael Schwarz
RuhrSec, Bochum, Germany, May 27, 2019
Info

2018

Runtime Security Lab
Michael Schwarz
School on Security & Correctness in the Internet of Things, Graz, Austria, September 3-7, 2018
Info

2017

Programming Lab Binary Exploitation (ARM)
Michael Schwarz
IACR Cryptology School 2017 Security & Correctness in the IoT, Graz, Austria, May 8-12, 2017
Info

2016

CTF Training Session: Easy Crypto & ECDSA
Michael Schwarz
LosFuzzys CTF Training, Graz, Austria, September 13, 2016

Awards

2025

Top 40 unter 40 - Outstanding under-40 figures in Germany who shape the future through impactful work
Michael Schwarz
Capital, Berlin, November 14, 2025
Media: Presseportal

Distinguished Paper Award - Confusing Value with Enumeration: Studying the Use of CVEs in Academia
Moritz Schloegel, Daniel Klischies, Simon Koch, David Klein, Lukas Gerlach, Malte Wessels, Leon Trampert, Martin Johns, Mathy Vanhoef, Michael Schwarz, Thorsten Holz, Jo Van Bulck
USENIX Security, Seattle, Washington, USA, August 13-15, 2025
Media: CISPA

USENIX Security Notable Reviewer Award
Michael Schwarz
USENIX Security, Seattle, Washington, USA, August 13-15, 2025
Media: CISPA

Cybersecurity Award 2025 - Best Hardware and Physics Paper for CacheWarp
Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz
Cybersecurity Award, Singapore, July 19, 2025
Info

AI 2000 Most Influential Scholar Honorable Mention in Security and Privacy
Michael Schwarz
AMiner, Virtual, 2025

Distinguished Artifact Award - Cascading Spy Sheets
Leon Trampert, Daniel Weber, Lukas Gerlach, Christian Rossow, Michael Schwarz
NDSS, San Diego, California, USA, February 23-28, 2025

2024

Google Research Scholar Award
Michael Schwarz
Google, Virtual, March, 2024

AI 2000 Most Influential Scholar Honorable Mention in Security and Privacy
Michael Schwarz
AMiner, Virtual, March 14, 2024

2023

Finalist: Busy Beaver Award for Best Computer Science Lecture "Foundations of Cyber Security II"
Michael Schwarz
Students' Representative Council Saarland University, Saarbruecken, Germany, October 23, 2023

USENIX Security Noteworthy Reviewer Award
Michael Schwarz
USENIX Security, Anaheim, California, USA, August 9-11, 2023
Media: CISPA

WOOT Best Paper - CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode
Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, Michael Schwarz
WOOT, San Francisco, California, USA, May 25, 2023

2022

Busy Beaver Award for Best Computer Science Lecture "Foundations of Cyber Security II"
Michael Schwarz
Students' Representative Council Saarland University, Saarbruecken, Germany, October 24, 2022
Media: Saarland University, CISPA

Pwnie Award for Best Desktop Bug - ÆPIC
Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz
BlackHat USA, Las Vegas, USA, August 10, 2022

AI 2000 Most Influential Scholar Honorable Mention in Security and Privacy
Michael Schwarz
AMiner, Virtual, March 18, 2022

2021

CCSW Best Paper - Automating Seccomp Filter Generation for Linux Applications
Claudio Canella, Mario Werner, Daniel Gruss, Michael Schwarz
ACM Cloud Computing Security Workshop, Virtual, November 14, 2021

CSAW Best Paper 3rd Place - Osiris
Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, Christian Rossow
CSAW Applied Research Competition, Virtual, November 12, 2021
Media: CSAW

Busy Beaver Award for Best Computer Science Lecture "Side-Channel Attacks and Defenses"
Michael Schwarz
Students' Representative Council Saarland University, Saarbruecken, Germany, April 12, 2021
Media: Saarbrücker Zeitung

2020

Award of Excellence - Austrian National Award for Best Dissertations
Michael Schwarz
Federal Ministry of Education, Science and Research of Austria, Vienna, Austria, December 10, 2020
Media: APA

NSA Best Scientific Cybersecurity Paper Competition Winner: Spectre
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
NSA, Fort Meade, Maryland, USA, November 30, 2020
Media: NSA, CISPA

Finalist: Prize for Excellence in Teaching with the course "Security Aspects in Software Development"
Michael Schwarz
Graz University of Technology, Graz, Austria, November 19, 2020

EuroSys Roger Needham PhD Award
Michael Schwarz
EuroSys, Heraklion, Crete, Greece, April 27-30, 2020
Media: EuroSys

2019

NSA Best Scientific Cybersecurity Paper Competition Honorable Mention: Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
NSA, Fort Meade, Maryland, USA, October 10, 2019

Open Exploit Award: Meltdown and Spectre
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
Hackatoshi's Flying Circuit, Prague, Czech Republic, July 19-21, 2019

S&P Distinguished Paper Award - Spectre
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
40th IEEE Symposium on Security and Privacy, San Francisco, California, USA, May 20-22, 2019

2018

CSAW Best Paper Award - Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
CSAW Applied Research Competition, Valence, France, November 10, 2018

Pwnie Award for Best Privilege Escalation Bug - Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
BlackHat USA, Las Vegas, USA, August 8, 2018

Pwnie Award for Most Innovative Research - Spectre
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
BlackHat USA, Las Vegas, USA, August 8, 2018

Sponsorship Award for master thesis of particular relevance to society, 2nd place: DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Forum Technik und Gesellschaft, Graz, Austria, June 7, 2018

2017

Pwnie Award for Best Song
Manuel Weber, Daniel Gruss, Michael Schwarz, Moritz Lipp, Rebekka Aigner
BlackHat USA, Las Vegas, USA, July 26, 2017

2016

IAIK Student Research Excellence Awards
Michael Schwarz
IAIK Graz University of Technology, Graz, Austria, December 2, 2016

Community Service

2026

USENIX Security (PC)
USENIX Security

NDSS (PC)
NDSS

DIMVA (PC)
DIMVA

WOOT (PC)
WOOT

uASC (Steering Committee)
uASC

2025

NDSS (PC)
NDSS

USENIX Security (PC)
USENIX Security

CCS (PC)
CCS

uASC (Steering Committee)
uASC

2024

CCS (PC)
CCS

USENIX Security (PC)
USENIX Security

NDSS (PC)
NDSS

SysTEX (PC)
SysTEX

DIMVA (PC)
DIMVA

2023

CCS (PC)
CCS

RAID (Publicity Chair)
RAID

DIMVA (Publicity Chair)
DIMVA

WOOT (PC)
WOOT

ESORICS (Core PC)
ESORICS

DIMVA (PC)
DIMVA

USENIX Security (PC)
USENIX Security

NDSS (PC)
NDSS

2022

USENIX Security (PC)
USENIX Security

DIMVA (PC)
DIMVA

ESORICS (Core PC)
ESORICS

ROOTS (PC)
ROOTS

2021

USENIX Security Fall / Winter (PC)
USENIX Security

WOOT (PC)
WOOT

ESORICS (Core PC)
ESORICS

DDSW (PC)
DDSW

ACM Computing Surveys (Reviewer)
CSUR

2020

TIFS (Reviewer)
TIFS

ACM Computing Surveys (Reviewer)
CSUR

WOOT (PC)
WOOT

DIMVA (PC)
DIMVA

DDSW (PC)
DDSW

USENIX Security (Winter) (External Reviewer)
USENIX Security

USENIX Security (Fall) (Subreviewer)
USENIX Security

2019

USENIX Security (Winter) (External Reviewer)
USENIX Security

USENIX Security (Spring) (Subreviewer)
USENIX Security

IEEE Transactions on Computers (Reviewer)
IEEE Transactions on Computers Journal

IEEE Access (Reviewer)
IEEE Access Journal

2018

CCS (Subreviewer)
CCS

2017

ACSAC (Artifact Evaluation Reviewer)
ACSAC

SPACE (Subreviewer)
SPACE

CVEs

2024

CVE-2024-44067
Fabian Thomas, Eric García Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz
GhostWrite, August 18, 2024

CVE-2024-24510
Leon Trampert, Daniel Weber, Lukas Gerlach, Christian Rossow, Michael Schwarz
Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting, November 14, 2023

2023

CVE-2023-20592
Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz
CacheWarp: Software-based Fault Injection using Selective State Reset, November 14, 2023

CVE-2023-20583
Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Daniel Weber, Michael Schwarz, Daniel Gruss, Stefan Mangard
Collide+Power - Leaking Inaccessible Data with Software-based Power Side Channels, August 1, 2023

2022

CVE-2022-21233
Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz
ÆPIC Leak - Architectural stale data read, August 11, 2022

CVE-2022-0925
Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz, Daniel Gruss
Practical Timing Side Channel Attacks on Memory Compression, March 11, 2022

2021

CVE-2021-26318
Moritz Lipp, Michael Schwarz, Daniel Gruss
AMD Prefetch - Leaked kernel address space information, October 12, 2021

2020

CVE-2020-8695
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Daniel Gruss, Chen Liu, Terry Wang, Neer Roggel, Ben Gras, Monodeep Kar, Bilgiday Yuce
PLATYPUS - Information disclosure via RAPL power measurements, November 10, 2020

CVE-2020-8694
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Daniel Gruss
PLATYPUS - Unprivileged access to RAPL on Linux, November 10, 2020

CVE-2020-0551
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens, Dan Lutas, Andrei Lutas
Load Value Injection - Turning Meltdown around, March 10, 2020

CVE-2020-0549
Moritz Lipp, Michael Schwarz, Daniel Gruss, Jo Van Bulck, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
L1D Eviction Sampling, January 27, 2020

2019

CVE-2019-11135
Moritz Lipp, Michael Schwarz, Daniel Gruss, Jo Van Bulck, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze
TAA - Data leakage using TSX asynchronous aborts, November 12, 2019

CVE-2019-11091
Moritz Lipp, Michael Schwarz, Daniel Gruss, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
MDSUM - Meltdown on uncachable memory, April 11, 2019

CVE-2019-5489
Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, Anders Fogh
Page Cache Attacks - A software-cache attack on the operating system's page cache, January 7, 2019

2018

CVE-2018-12130
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, Daniel Gruss
ZombieLoad / RIDL / MFBDS - Leaking data from the line-fill buffer, June 11, 2018

CVE-2018-12126
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Lei Shi, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, Yuval Yarom
Fallout / MSBDS - Leaking data from the store buffer, June 11, 2018

CVE-2017-5754
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
Meltdown - CPU vulnerability allowing to leak kernel memory from user space, January 4, 2018

CVE-2017-5753
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
Spectre - Speculative execution CPU vulnerability, January 4, 2018

CVE-2017-5715
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
Spectre - Speculative execution CPU vulnerability, January 4, 2018

Projects

2025

Dolphin (KDE) Copy to Clipboard
Dolphin (KDE) extension to copy the content of a file to the clipboard
GitHub

2024

x86 Cache Hierarchy Plot
Visualize the cache hierarchy of x86 CPUs
GitHub

2023

ClipCount
Global shortcut to show the number of words in the currently-selected text
GitHub

Remote Presenter
Forwarding a wireless presenter over the internet.
GitHub

2022

Magic Wormhole Context-Menu Integration
Right-click integration of Magic Wormhole for Windows and KDE.
GitHub

EasyChair Bidding Helper
A small Tampermonkey script to help with paper bidding in EasyChair.
GitHub

HotCRP Bidding Helper
A small Tampermonkey script to help with paper bidding in HotCRP.
GitHub

2021

Paper Linter
A script to check for common mistakes in LaTeX source files of scientific papers.
GitHub

r0e
C header to execute user-space functions in ring 0.
GitHub

TravelMap
Displays visited countries and cities, similar to a scratch map.
GitHub

SSHLock
Temporarily lock a remote machine to prevent other users from logging in via SSH.
GitHub

boot-into
Boot into a specific GRUB entry on the next boot.
GitHub

2020

BibTool
A tool to manage bibliography when collaboratively working on a LaTeX paper.
GitHub

Fault-Injection Simulator
A research and teaching tool for simulating fault-injection attacks on x86 binaries.
GitHub

LabRunner
Transferring files and running commands on multiple remote machines via SSH.
GitHub

PDF Web Slides
Convert PDF presentations to HTML, including presenter mode.
GitHub

2019

Polyglot: JPG+PDF
A tool to combine a PDF and a JPG into one polyglot file which is both a PDF and JPG.
GitHub

Interactive Transient-Execution-Attack Tree
An interactive (filterable, searchable, exportable) online tree which connects all known transient-execution attacks such as Spectre, and Meltdown.
GitHub Run

Live Histogram
A command-line tool to show a real-time histogram of a data stream.
GitHub

2018

LaTeX Beamer Preview
Recompile only modified slides (in parallel) for LaTeX Beamer presentations.
GitHub

PTEditor
A small library to modify all page-table levels of all processes from user space for x86_64 and ARMv8.
GitHub

Colorful printf
A printf wrapper supporting color tags, spinners, and progress bars.
GitHub

2017

asciicast2vector
Convert asciicast (asciinema recordings) to vector graphics (SVG and TikZ).
GitHub

LiveTikZ
A live preview for TikZ drawings.
GitHub

ProcDetails
The ProcDetails kernel module shows details about procfs files.
GitHub

libattopng
libattopng is a minimal C library to create uncompressed PNG images.
GitHub

2016

Amazon Dash Button Fun
Make the Amazon Dash button useful using this IoT framework.
GitHub

FAINT - FAult INjection Tester
FAINT is a fully automated tool to dynamically check the out of memory handling in C and C++ programs.
GitHub

Configurable DES
Configurable DES provides a fully customizable DES implementation especially designed to test attacks against DES.
GitHub

Jackbox Party Pack - Drawful Question Editor
A question editor for the Drawful game of Jackbox Party Pack based on my reverse-engineering of the file format.
GitHub

2015

Universal Header Decoder
This tool decoded file headers based on a description file.
GitHub

BF.js
A simple Javascript Brainfuck implementation for educational purposes.
GitHub

ESP Trainer (German)
An interactive web application for learning C programming.
Run

2014

TU Graz Newsreader
TU Graz Newsreader is an Android newsgroup reader for Graz University of Technology.
Info Play Store

2013

Raspberry Webradio
Raspberry Webradio, a do-it-yourself internet streaming client using the Raspberry Pi.
Info GitHub

C Declaration Explainer
This little tool can translate C variable declarations to human readable definitions.
Run

AVR Fuse Calculator
An offline AVR fuse calculator, supporting 144 devices.
Play Store

TU Graz Raumsuche (German)
App that provides a search functionality to find and locate rooms on the TU Graz Campus.
GitHub Play Store

Michael Schwarz Faculty · CISPA Helmholtz Center for Information Security

PhD Students