I am a postdoctoral scholar — UCSD CSE fellow working with Nadia Heninger and Deian Stefan. I received my PhD in ECE and MSc in CS from WPI under the supervision of Berk Sunar and Thomas Eisenbarth. I work on computer security and privacy, microarchitectural security, side channels and cryptanalysis, and architectural security primitives. I have also interned at Cisco Talos working on fuzz testing for automated vulnerability discovery, and Qualcomm product security initiative (QPSI) working on system-level security of PCIe controllers.

Contact Information:

            

•   Email: danielm@ucsd.edu
•   Twitter: @danielmgmi
•   Linkedin: danielmgmi

---

Publications

Refereed Papers

1. S Cauligi, C Disselkoen, D Moghimi, G Barthe, D Stefan. SoK: Practical Foundations for Spectre Defenses The 43rd IEEE Symposium on Security and Privacy (S&P 2022).
    [arXiv]
2. S Narayan, C Disselkoen, D Moghimi, S Cauligi, E Johnson, Z Gang, A Vahldiek-Oberwagner, R Sahita, H Shacham, D Tullsen, D Stefan. Swivel: Hardening WebAssembly against Spectre  The 30th USENIX Security Symposium (SEC 2021).
    [arXiv]  [PDF]  [Cite]
3. D Moghimi, J Van Bulck, N Heninger, F Piessens, B Sunar. CopyCat: Controlled Instruction-Level Attacks on Enclaves  The 29th USENIX Security Symposium (SEC 2020).
    [PDF]  [Cite]  [Slides]  [Video]
4. D Moghimi, M Lipp, B Sunar, M Schwarz. Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis The 29th USENIX Security Symposium (SEC 2020).
    [PDF]  [Cite]  [Slides]  [Video]
5. Z Weissman, T Tiemann, D Moghimi, E Custodio, T Eisenbarth, B Sunar. JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms  IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES 2020).
    [PDF]  [Cite]  [ZDNet]  [tom's Hardware]
6. J Van Bulck, D Moghimi, M Schwarz, M Lipp, M Minkin, D Genkin, Y Yarom, B Sunar, D Gruss, F Piessens.LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection The 41st IEEE Symposium on Security and Privacy (S&P 2020).
    [PDF]  [Cite]  [Dark Reading]  [The Register]  [ZDNet]  [tom's Hardware]
7. D Moghimi, B Sunar, T Eisenbarth, N Heninger. TPM-Fail: TPM meets Timing and Lattice Attacks   The 29th USENIX Security Symposium (SEC 2020).
    [PDF]  [Cite]  [Slides]  [Video]  [Dark Reading]  [Hacker News]  [The Register]  [ZDNet]
8. M Schwarz, M Lipp, D Moghimi, J Van Bulck, J Stecklina, T Prescher, D Gruss. ZombieLoad: Cross-Privilege-Boundary Data Sampling The 26th ACM Conference on Computer and Communications Security (CCS 2019).
    [PDF]  [Cite]  [Tech Target]  [Fox News]
9. M Minkin , D Moghimi , M Lipp , M Schwarz , J Van Bulck , D Genkin , D Gruss , F Piessens, B Sunar, Y Yarom. Fallout: Reading Kernel Writes From User Space  arXiv preprint arXiv:1905.12701 merged with Store-to-Leak (arXiv:1905.05725), under Canella et al. Fallout: Leaking Data on Meltdown-resistant CPUs  The 26th ACM Conference on Computer and Communications Security (CCS 2019).
    [PDF]  [Cite]  [Wired News]
10. S Islam, A Moghimi, I Bruhns, M Krebbel, B Gulmezoglu, T Eisenbarth, B Sunar. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks The 28th USENIX Security Symposium (SEC 2019).
     [PDF]  [Cite]  [Slides]  [Video]  [The Register]  [ZDNet]  [Forbes Article]
11. A Moghimi, J Wichelmann, T Eisenbarth, B Sunar. MemJam: A False Dependency Attack against Constant-Time Crypto Implementations (Extended Version) International Journal of Parallel Programming (IJPP 2019).
     [PDF]  [Cite]
12. J Wichelmann, A Moghimi, T Eisenbarth, B Sunar. MicroWalk: A Framework for Finding Side Channels in Binaries   Annual Computer Security Applications Conference (ACSAC 2018).
     [PDF]  [Cite]
13. F Dall, G De Micheli, T Eisenbarth, D Genkin, N Heninger, A Moghimi, Y Yarom. CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks  IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES 2018).
     [PDF]  [Cite]
14. A Moghimi, T Eisenbarth, B Sunar. MemJam: A False Dependency Attack against Constant-Time Crypto Implementations in SGX  Cryptographers' Track at the RSA Conference (CT-RSA 2018).
     [PDF]  [Cite]
15. A Moghimi, G Irazoqui, T Eisenbarth. CacheZoom: How SGX Amplifies The Power of Cache Attacks  International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017).
     [PDF]  [Cite]

Preprints / Technical Reports

1. B Gulmezoglu, A Moghimi, T Eisenbarth, B Sunar. FortuneTeller: Predicting Microarchitectural Attacks via Unsupervised Deep Learning arXiv preprint arXiv:1907.03651
2. D Moghimi. Data Sampling on MDS-resistant 10th Generation Intel Core (Ice Lake)
    [PDF]  [Cite]

Posters

1. N Brown, N Patel, P Plenefisch, A Moghimi, T Eisenbarth, C Shue, and K Venkatasubramanian. Poster: Scream: Sensory Channel Remote Execution Attack Methods  Usenix Security (USENIX Security 2016 Poster Session).
    [PDF]
2. M Abi-Antoun, E Khalaj, Radu Vanciu, and A Moghimi. Poster: Abstract Runtime Structure for Reasoning about Security  Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS 2016).
    [PDF]  [Cite]

Thesis / Dissertation

1. D Moghimi. Revisiting Isolated and Trusted Execution via Microarchitectural Cryptanalysis  PhD Dissertation at Electrical and Computer Engineering of Worcester Polytechnic Institute (December 2020)
    [PDF]  [Slides]  [Video]
2. D Moghimi. How SGX Amplifies the Power of Cache Attacks MS Thesis at Computer Science of Worcester Polytechnic Institute (May 2017)
    [PDF]  [Slides]

---

Talks

1. D Moghimi, Thore Tiemann, Zane Weissman. JackHammer: Rowhammer and Cache Attacks on Heterogeneous FPGA-CPU Platforms Conference talk at hardwear.io Netherlands 2020 - October 2020
    [Slides]  [Video]
2. D Moghimi. CopyCat: Controlled Instruction-Level Attacks on Enclaves Invited talk at Intel Labs "Online" - September 2020
    [Slides]
3. D Moghimi. Remote Timing Attacks on TPMs, AKA TPM-Fail Conference talk at Black Hat USA 2020 "Online" - August 2020
    [Slides]  [Video]
4. D Moghimi. Microarchitectural Data Leakage via Automated Attack Synthesis Invited talk at Intel Product Security Incedent Response Team "Online" - June 2020
    [Slides]
5. D Gruss, D Moghimi, J Van Bulck. LVI: Hijacking Transient Execution with Load Value Injection Conference talk at Hardwear.io Virtual Con 2020 - April 2020
    [Slides]
6. D Moghimi. Breaking Deployed Crypto: The Side Channel Analyst’s Way Conference talk at Hardwear.io Virtual Con 2020 - April 2020
    [Slides]  [Video]
7. D Moghimi. Exploiting Microarchitectural Flaws in the Heart of the Memory Subsystem​ Invited talk at Columbia University, New York City, NY - February 2020
    [Slides]
8. D Moghimi. TPM-Fail: TPM meets Timing and Lattice Attacks Conference talk at Real World Crypto 2020, New York City, NY - January 2020
    [Slides]  [Video]
9. D Moghimi. ZombieLoad: Leaking Data on Intel CPUs Conference talk at ToorCon 21 (2019), San Diego, CA - November 2019
    [Slides]  [Video]
10. D Moghimi. Microarchitectural Attacks and Cloud Accelerators Guest talk at Intel SCAP Conference 2019, Intel, Hillsboro, OR - June 2019
     [Slides]
11. D Moghimi. Microarchitectural Attacks: Protecting Cloud Accelerators Guest talk at Intel SCAP Meeting 2019, University of Florida, Gainesville, FL - April 2019
     [Slides]
12. D Moghimi. MemJam: A False Dependency Attack against Constant-Time Crypto Implementations  Conference talk at RSA Conference 2018 (CT-RSA 2018), San Francisco, CA - April 2018
     [Slides]
13. D Moghimi. Side-channel Attacks on SGX Enclaves Conference talk at New England Security Day (NESD 2017), Northeastern, Boston, MA - September 2017

---

Professional Service

• Organizer: Workshop on Attacks on Cryptography (WAC 4)
• Program Committe: IEEE S&P 2023, ACM CCS 2022, Usenix Security 2022, IACR TCHES 2022, ACM ASHES 2021, IAW-IACR SPACE 2021, ACM ASHES 2020
• Journal Reviewer: IEEE TIFS 2022, IEEE TC 2022, ACM TACO 2022, Elsevier COSE 2022, IEEE TETC 2021, ACM CSUR 2021, ACM DTRAP 2021, IEEE TDSC 2020, ACM DTRAP 2020, IEEE TIFS 2020, ACM JETC 2020, IJIS 2019, IEEE TIFS 2018
• External Reviewer: ACM CCS 2021, IACR Eurocrypt 2020, DATE 2019, IACR Kangacrypt 2018, IACR TCHES 2018, IACR Asiacrypt 2017, IFIP/IEEE VLSI-SoC 2017
• Shadow Program Committe: IEEE S&P 2019, IEEE S&P 2017

---

CVEs & Security Advisories

Intel

• INTEL-SA-00241/CVE-2019-11090 Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions xxx; Intel(R) TXE xxx; Intel(R) SPS before versions xxx may allow an unauthenticated user to potentially enable information disclosure via network access.
• INTEL-SA-00233/CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
• INTEL-SA-00238/CVE-2019-0162 Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
• INTEL-SA-00106/CVE-2018-3691 Intel Integrated Performance Primitives Cryptography Library before version 2018 U2.1 does not properly ensure constant execution time.
• INTEL-SA-00135 Intel SGX SDK and Platform Software (PSW) utilize the Intel IPP Cryptography Library.  Vulnerabilities in this library have been reported that may enable a local attacker utilizing software-based side channels to recover certain cryptographic keys.
• INTEL-SA-00202/CVE-2018-12155 Data leakage in cryptographic libraries for Intel(R) IPP before 2019 update 1 release may allow an authenticated user to potentially enable information disclosure via local access.

STMicroelectronics

• CVE-2019-16863 STMicroelectronics ST33TPH* TPM 2.0 devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

WolfSSL

• CVE-2019-19960 In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
• CVE-2019-19961 In wolfSSL before 4.3.0, RSA key generation uses the non-constant-time BEEA modular inversion algorithm during the generation of RSA private key parameters, allowing attackers to leak the RSA key via a side-channel attack.
• CVE-2019-19962 In wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
• CVE-2019-19963 In wolfSSL before 4.3.0, DSA signing uses the BEEA algorithm during modular inversion of the nonce without blinding, leading to a side-channel attack against the nonce.

Ahnlab

• CVE-2013-3947 AhnLab V3 Internet Security MedCoreD.sys 0xA3350014 IOCTL Handling Local Buffer Overflow

Agnitum

• OSVDB 96208 Agnitum Outpost Security Suite Pro acx.exe Service Named Pipe common_handler Interface Command 17h Component Registration Local Traversal Privilege Escalation
• OSVDB 96209 Agnitum Outpost Security Suite Pro Sandbox.sys Driver 80000208 IOCTL Buffer Allocation Handling Local Buffer Overflow

Avira

• OSVDB 98976 Avira Internet Security avipbb.sys Driver Trusted Process Control Code Execution Restriction Bypass Weakness
• OSVDB 98971 Avira Internet Security avipbb.sys Driver Control Code 0x222450 Local Buffer Overflow Weakness