From 2017 to 2023, I researched new side-channel and speculative execution vulnerabilities in hyperscalar CPUs. These processors rely heavily on caching and speculative execution to achieve high performance, yet these same mechanisms open the door to subtle security flaws. In multi-tenant environments, such flaws allow adversaries to observe timing and microarchitectural traces of co-located workloads, creating powerful side channels for extracting sensitive information.
As part of this work, I contributed to the discovery of Microarchitectural Data Sampling (MDS) vulnerabilities—also publicized as Fallout and ZombieLoad. These attacks revealed that speculative data paths in Intel CPUs could leak secrets across isolation boundaries. The discoveries were recognized as one of the most critical classes of microarchitectural vulnerabilities, prompting significant mitigations, widespread microcode updates, and fundamental changes in the way high-performance computing systems were secured, from personal computers to large-scale data centers.
I later identified Downfall, a previously overlooked variant of MDS that persisted in Intel CPUs through the 11th generation. Because MDS and Downfall affected nearly all Intel Core CPUs designed between 2015 and 2020, the impact was global: an estimated 900 million desktop CPUs and 50–70 million server CPUs were vulnerable. Addressing these flaws required not only microcode patches but also broad defense-in-depth strategies across the computing ecosystem, which resulted in improved security for everyone on the internet.
In addition to MDS and Downfall, I explored the broader applicability of microarchitectural side channels through works such as PathFinder, Smack, and NVLeak. These projects demonstrated that such attacks extend across multiple components of modern CPU and memory subsystem designs, underscoring the systemic nature of microarchitectural vulnerabilities.