Pinned Repositories
BranchDifferent
Implementation for the DIMVA'22 paper "Branch Different - Spectre Attacks on Apple Silicon"
browser-cpu-fingerprinting
This repository contains the code for our paper "Browser-based CPU Fingerprinting".
CacheWarp
Proof-of-concept implementation for the paper "CacheWarp: Software-based Fault Injection using Selective State Reset" (USENIX Security 2024)
GhostWrite
Proof-of-concept for the GhostWrite CPU bug.
indirect-meltdown
Proof-of-concept implementation for the paper "Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks" (ESORICS 2023)
loop-DoS
Repository for application-layer loop DoS
Microarchitectural-Hash-Function-Recovery
Proof-of-concept implementation for the paper "Efficient and Generic Microarchitectural Hash-Function Recovery" (IEEE S&P 2024)
osiris
Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)
persistent-clientside-xss
Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS
Security-RISC
Proof-of-concept implementation for the paper "A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs" (IEEE S&P 2023)
CISPA's Repositories
cispa/the-security-lottery
This repository contains our code for the data collection and analysis. It is a product of our work published at the 31st USENIX Security Symposium 2022.
cispa/ampfuzz
Fuzzer for Amplification Vulnerabilities (USENIX '22, Krupp et al)
cispa/BranchDifferent
Implementation for the DIMVA'22 paper "Branch Different - Spectre Attacks on Apple Silicon"
cispa/TrustedGateway
TrustedGateway: TEE-Assisted Routing and Firewall Enforcement Using ARM TrustZone (RAID '22, Schwarz)
cispa/full-domain-functional-bootstrap
cispa/osiris
Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)
cispa/bitahoy
cispa/site-policy
Site Policy Repository
cispa/efgs-federation-gateway
The goal of this project is to develop the official European solution for the interoperability between national backend servers of decentralised contact tracing applications to combat COVID-19.
cispa/persistent-clientside-xss
Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS
cispa/framing-control-analytics
Analysis Library used for the paper "A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web"
cispa/framing-control-proxy
A server-side proxy to convert X-Frame-Options into CSP frame-ancestors and vice versa.
cispa/artist
cispa/art