Hi, I am Stephan van Schaik (IPA: /ˈsteːfɑn vɑn sxaɪk/, or approximately close in pronunciation would be stay fawn fawn psych). I am currently a Ph.D. student in Computer Science and Engineering (CSE) at the University of Michigan, advised by Daniel Genkin. My current research focuses on computer systems security, more specifically side-channel attacks at the micro-architectural level, especially, but not limited to, those in CPUs, and how they can be used to breach through the various barriers isolating different security domains, including those between userspace and the operating system, between virtual machines and trusted execution environments such as Intel SGX. If you are interested in my research, you can find my publications about this topic below.
In general, I like to delve more into the low-level areas of computer science such as computer architecture, operating system development, parallellism & concurrency, embedded hardware, and so forth.
You can find me on:
SledgeHammer: Amplifying Rowhammer via Bank-level Parallelism
To appear in USENIX Security '24.
iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices
More information can be found at https://ileakage.com (October 25, 2023).
To appear in ACM CCS '23.
Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs
Appeared in USENIX Security '23 (August 11, 2023).
SoK: SGX.Fail: How Stuff Gets eXposed
More information can be found at https://sgx.fail/ (November 29, 2022).
To appear in IEEE S&P '24.
SGAxe: How SGX Fails in Practice
More information can be found at https://sgaxe.com/ (June 9, 2020).
CacheOut: Leaking Data on Intel CPUs via Cache Evictions
More information can be found at https://cacheoutattack.com (January 27, 2020).
Presented the paper at IEEE S&P 2021 (May 24, 2021).
RIDL: Rogue In-Flight Data Load
More information can be found at https://mdsattacks.com (May 14, 2019).
Awarded with the Intel Bounty Reward.
Presented the paper at IEEE S&P 2019 in San Francisco, CA, USA (May 20, 2019).
Presented the poster at the Cybersecurity and Privacy (CySeP) Summer School in Stockholm, Sweden (June 13, 2019).
Presented the talk at OFFZONE 2019 in Moscow, Russia (June 17-18, 2019).
Presented the talk at HITB+ CyberWeek 2019 in Abu Dhabi, UAE (October 17, 2019).
Presented the poster at CSAW '19 in Valence, France and won the 2nd place award for Applied Research (November 7-8 2019).
Addendum 1 to RIDL: Rogue In-Flight Data Load
Addendum 2 to RIDL: Rogue In-Flight Data Load
Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think
Presented the paper at USENIX Security 2018 in Balitmore, MD, USA (August 15, 2018).
RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches
Presented the paper at EuroSec 2017 (Workshop) in Belgrade, Serbia (April 23, 2017).
Ph.D. Computer Science at University of Michigan (January 2020 - current)
Advisor: Daniel Genkin
Ph.D. Computer System Security at VU Amsterdam (May 2018 - January 2020)
TA: Kernel Programming (2018 - 2019) and Hardware Security (2018).
Teaching Assistant at VU Amsterdam (January 2018)
System Engineer at Whitebox Systems (January 2017 - October 2017)
Developed the Trusted Boot Module (TBM), a hardware component implemented using the STM32F1 microcontroller to manage and store keys and to verify signed software images in order to prevent attackers from tampering with the software.
Teaching Assistant at University of Amsterdam (September 2012 - March 2016)
Computer Architecture & Organisation (2013 - 2015), Image Processing (2014), Parallel Programming (2013), Data Structures (2013 - 2014), Introduction to Programming (2012 - 2013), Modern Databases (2015 - 2016), Multimedia (2013 - 2014), Net-Centric Computing (2013), Numerical Recipes (2015 - 2016), Functional Programming (2012 - 2015) and Statistical Reasoning (2014 - 2015).
Tutor at University of Amsterdam (September 2015 - January 2016)
Discussing and monitoring the progress of students as well as assisting students with auxiliary resources they require during their study.
Bring your own Device at University of Amsterdam (February 2014 - September 2015)
Documented and assisted the installation process of Linux Ubuntu and additional software for first year undergraduates.
Security Analysis at University of Amsterdam (July 2012 - August 2012)
Documented and reported various vulnerabilities in both Datanose and Blackboard.
MSc. Computer Science (Computer Systems Security) (September 2015 - May 2018)
VU Amsterdam & Universiteit van Amsterdam (joint degree)
BSc. Computer Science (September 2015 - May 2018)
Universiteit van Amsterdam
Graduated under supervision of Toto van Inge.
- L1D Eviction Sampling (L1DES) (CVE-2020-0549)
- Vector Register Sampling (VRS) (CVE-2020-0548)
- Transactional Asynchronous Abort (TAA) (CVE-2019-11135)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)