About Me

profile

I am a Senior Research Scientist at Google. Before that, I was a postdoctoral scholar at UCSD. I have a PhD in Electrical and Computer Engineering and an MSc in Computer Science from WPI.

I work on computer and hardware security, spanning various topics such as microarchitectural vulnerabilities, side-channel cryptanalysis, and security architecture. My research has improved the security of superscalar CPUs, memory subsystems, and cryptographic implementations, which billions of users use daily.

Publications

Refereed Academic Papers

  1. D Moghimi. Title redacted due to vulnerability embargo The 32th USENIX Security Symposium (SEC 2023).
  2. S Narayan, T Garfinkel, M Taram, J Rudek, D Moghimi, E Johnson, C Fallin, A Vahldiek-Oberwagner, M LeMay, R Sahita, D Tullsen, D Stefan. Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI. The 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2023). [Cite] [PDF]
  3. Z Wang, M Taram, D Moghimi, S Swanson, D Tullsen, J Zhao. NVLeak: Off-Chip Side-Channel Attacks via Non-Volatile Memory Systems The 32th USENIX Security Symposium (SEC 2023). [Cite] [PDF]
  4. S Ajorpaz, D Moghimi, J Collins, N Abu-Ghazaleh, G Pokam, D Tullsen. EVAX: Towards a Practical, Pro-active & Adaptive Architecture for High Performance & Security The 55th IEEE/ACM International Symposium on Microarchitecture (MICRO 2022). [PDF]  [Cite]
  5. S Cauligi, C Disselkoen, D Moghimi, G Barthe, D Stefan. SoK: Practical Foundations for Spectre Defenses The 43rd IEEE Symposium on Security and Privacy (S&P 2022). [arXiv]  [PDF]  [Cite]
  6. S Narayan, C Disselkoen, D Moghimi, S Cauligi, E Johnson, Z Gang, A Vahldiek-Oberwagner, R Sahita, H Shacham, D Tullsen, D Stefan. Swivel: Hardening WebAssembly against Spectre  The 30th USENIX Security Symposium (SEC 2021). [arXiv]  [PDF]  [Cite]
  7. D Moghimi, J Van Bulck, N Heninger, F Piessens, B Sunar. CopyCat: Controlled Instruction-Level Attacks on Enclaves  The 29th USENIX Security Symposium (SEC 2020). [PDF]  [Cite]  [Slides]  [Video]
  8. D Moghimi, M Lipp, B Sunar, M Schwarz. Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis The 29th USENIX Security Symposium (SEC 2020). [PDF]  [Cite]  [Slides]  [Video]
  9. Z Weissman, T Tiemann, D Moghimi, E Custodio, T Eisenbarth, B Sunar. JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms  IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES 2020). [PDF]  [Cite]  [ZDNet]  [tom’s Hardware]
  10. J Van Bulck, D Moghimi, M Schwarz, M Lipp, M Minkin, D Genkin, Y Yarom, B Sunar, D Gruss, F Piessens.LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection The 41st IEEE Symposium on Security and Privacy (S&P 2020). [PDF]  [Cite]  [Dark Reading]  [The Register]  [ZDNet]  [tom’s Hardware]
  11. D Moghimi, B Sunar, T Eisenbarth, N Heninger. TPM-Fail: TPM meets Timing and Lattice Attacks   The 29th USENIX Security Symposium (SEC 2020). [PDF]  [Cite]  [Slides]  [Video]  [Dark Reading]  [Hacker News]  [The Register]  [ZDNet]
  12. M Schwarz, M Lipp, D Moghimi, J Van Bulck, J Stecklina, T Prescher, D Gruss. ZombieLoad: Cross-Privilege-Boundary Data Sampling The 26th ACM Conference on Computer and Communications Security (CCS 2019). [PDF]  [Cite]  [Tech Target]  [Fox News]
  13. C Canella, D Genkin, L Giner, D Gruss, M Lipp, M Minkin, D Moghimi, F Piessens, M Schwarz1, B Sunar, J Van Bulck, Y Yarom. Fallout: Leaking Data on Meltdown-resistant CPUs  The 26th ACM Conference on Computer and Communications Security (CCS 2019). [PDF]  [Cite]  [Wired News]
  14. S Islam, A Moghimi, I Bruhns, M Krebbel, B Gulmezoglu, T Eisenbarth, B Sunar. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks The 28th USENIX Security Symposium (SEC 2019). [PDF]  [Cite]  [Slides]  [Video]  [The Register]  [ZDNet]  [Forbes Article]
  15. A Moghimi, J Wichelmann, T Eisenbarth, B Sunar. MemJam: A False Dependency Attack against Constant-Time Crypto Implementations (Extended Version) International Journal of Parallel Programming (IJPP 2019). [PDF]  [Cite]
  16. J Wichelmann, A Moghimi, T Eisenbarth, B Sunar. MicroWalk: A Framework for Finding Side Channels in Binaries   Annual Computer Security Applications Conference (ACSAC 2018). [PDF]  [Cite]
  17. F Dall, G De Micheli, T Eisenbarth, D Genkin, N Heninger, A Moghimi, Y Yarom. CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks  IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES 2018). [PDF]  [Cite]
  18. A Moghimi, T Eisenbarth, B Sunar. MemJam: A False Dependency Attack against Constant-Time Crypto Implementations in SGX  Cryptographers’ Track at the RSA Conference (CT-RSA 2018). [PDF]  [Cite]
  19. A Moghimi, G Irazoqui, T Eisenbarth. CacheZoom: How SGX Amplifies The Power of Cache Attacks  International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017). [PDF]  [Cite]

Preprints / Technical Reports

  1. S Cauligi, M Guarnieri, D Moghimi, D Stefan, M Vassena. A Turning Point for Verified Spectre Sandboxing arXiv preprint arXiv:2208.01548
  2. D Moghimi. Data Sampling on MDS-resistant 10th Generation Intel Core (Ice Lake) [PDF]  [Cite]
  3. M Minkin , D Moghimi , M Lipp , M Schwarz , J Van Bulck , D Genkin , D Gruss , F Piessens, B Sunar, Y Yarom. Fallout: Reading Kernel Writes From User Space  arXiv preprint arXiv:1905.12701
  4. B Gulmezoglu, A Moghimi, T Eisenbarth, B Sunar. FortuneTeller: Predicting Microarchitectural Attacks via Unsupervised Deep Learning arXiv preprint arXiv:1907.03651

Posters

  1. N Brown, N Patel, P Plenefisch, A Moghimi, T Eisenbarth, C Shue, and K Venkatasubramanian. Poster: Scream: Sensory Channel Remote Execution Attack Methods  Usenix Security (USENIX Security 2016 Poster Session). [PDF]
  2. M Abi-Antoun, E Khalaj, Radu Vanciu, and A Moghimi. Poster: Abstract Runtime Structure for Reasoning about Security  Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS 2016). [PDF]  [Cite]

Thesis / Dissertation

  1. D Moghimi. Revisiting Isolated and Trusted Execution via Microarchitectural Cryptanalysis  PhD Dissertation at Electrical and Computer Engineering of Worcester Polytechnic Institute (December 2020) [PDF]  [Slides]  [Video]
  2. D Moghimi. How SGX Amplifies the Power of Cache Attacks MS Thesis at Computer Science of Worcester Polytechnic Institute (May 2017) [PDF]  [Slides]

Talks

Conferences

  1. D Moghimi, Thore Tiemann, Zane Weissman. JackHammer: Rowhammer and Cache Attacks on Heterogeneous FPGA-CPU Platforms Conference talk at hardwear.io Netherlands 2020 - October 2020 [Slides]  [Video]
  2. D Moghimi. Remote Timing Attacks on TPMs, AKA TPM-Fail Conference talk at Black Hat USA 2020 “Online” - August 2020 [Slides]  [Video]
  3. D Gruss, D Moghimi, J Van Bulck. LVI: Hijacking Transient Execution with Load Value Injection Conference talk at Hardwear.io Virtual Con 2020 - April 2020 [Slides]
  4. D Moghimi. Breaking Deployed Crypto: The Side Channel Analyst’s Way Conference talk at Hardwear.io Virtual Con 2020 - April 2020 [Slides]  [Video]
  5. D Moghimi. TPM-Fail: TPM meets Timing and Lattice Attacks Conference talk at Real World Crypto 2020, New York City, NY - January 2020 [Slides]  [Video]
  6. D Moghimi. ZombieLoad: Leaking Data on Intel CPUs Conference talk at ToorCon 21 (2019), San Diego, CA - November 2019 [Slides]  [Video]
  7. D Moghimi. MemJam: A False Dependency Attack against Constant-Time Crypto Implementations  Conference talk at RSA Conference 2018 (CT-RSA 2018), San Francisco, CA - April 2018  [Slides]
  8. D Moghimi. Side-channel Attacks on SGX Enclaves Conference talk at New England Security Day (NESD 2017), Northeastern, Boston, MA - September 2017

Invited Talks

  1. D Moghimi. CopyCat: Controlled Instruction-Level Attacks on Enclaves Invited talk at Intel Labs “Online” - September 2020  [Slides]
  2. D Moghimi. Microarchitectural Data Leakage via Automated Attack Synthesis Invited talk at Intel Product Security Incedent Response Team “Online” - June 2020 [Slides]
  3. D Moghimi. Exploiting Microarchitectural Flaws in the Heart of the Memory Subsystem​ Invited talk at Columbia University, New York City, NY - February 2020 [Slides]
  4. D Moghimi. Microarchitectural Attacks and Cloud Accelerators Guest talk at Intel SCAP Conference 2019, Intel, Hillsboro, OR - June 2019 [Slides]
  5. D Moghimi. Microarchitectural Attacks: Protecting Cloud Accelerators Guest talk at Intel SCAP Meeting 2019, University of Florida, Gainesville, FL - April 2019 [Slides]

Professional Service

Organizer: Workshop on Attacks on Cryptography (WAC 4)

Program Committe: ACM CCS (2022, 2023), IEEE S&P (2023), Usenix Security (2022), IACR TCHES (2022, 2023), IAW-IACR SPACE (2021), ACM ASHES (2020, 2021)

Journal Reviewer: IEEE TC (2022), ACM TACO (2022), Elsevier COSE (2022), IEEE TETC (2021), ACM CSUR (2021), IEEE TDSC (2020), ACM DTRAP (2020, 2021), ACM JETC (2020), IJIS (2019), IEEE TIFS (2018, 2020, 2022)

External Reviewer: ACM CCS 2021, IACR Eurocrypt 2020, DATE 2019, IACR Kangacrypt 2018, IACR TCHES 2018, IACR Asiacrypt 2017, IFIP/IEEE VLSI-SoC 2017

Vulnerability Reports

INTEL-SA-00241/CVE-2019-11090: Intel PTT (fTPM) ECDSA Remote Timing Attack

INTEL-SA-00233/CVE-2018-12126: Intel Store Buffer Data Sampling (MSBDS)

INTEL-SA-00238/CVE-2019-0162: Intel VMM Information Disclosure

INTEL-SA-00106/CVE-2018-3691: Intel IPP Various Side-channel Vulnerability

INTEL-SA-00135: Intel SGX SDK and PSW Side-channel Vulnerability

INTEL-SA-00202/CVE-2018-12155: Intel IPP Various Side-channel Vulnerability

CVE-2019-16863: STMicroelectronics ST33TPH* TPM 2.0 ECDSA Remote Timing Attack

CVE-2019-19960: WolfSSL ECDSA Nonce Side-channel Vulnerability

CVE-2019-19961: WolfSSL RSA Key Generation Side-channel Vulnerability

CVE-2019-19962: WolfSSL RSA Fault Injection Weakness

CVE-2019-19963: WolfSSL DSA Nonce Side-channel Vulnerability

CVE-2013-3947: AhnLab V3 Internet Security IOCTL Handling Local Buffer Overflow

OSVDB 96208: Agnitum Outpost Security Suite Named Pipe Local Traversal

OSVDB 96209: Agnitum Outpost Security Suite IOCTL Local Buffer Overflow

OSVDB 98976: Avira Internet Security Trusted Process Control Code Execution Bypass

OSVDB 98971: Avira Internet Security IOCTL Local Buffer Overflow