Hi! I am an assistant professor of computer science at Carnegie Mellon University, where I am a core faculty member in S3D and CyLab and have a courtesy appointment in ECE. I completed my Ph.D. in Computer Science (2023) at the University of Illinois Urbana-Champaign, where I was advised by Chris Fletcher.
My research interests are in system and hardware security. Recently, my work has been uncovering and mitigating new classes of hardware vulnerabilities that undermine the prevailing models for building secure software. In the past, I also worked on improving the security of operating system audit frameworks.
I am best reached at rpaccagn@cs.cmu.edu.
GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression
Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy Vasquez, David Kohlbrenner, Hovav Shacham, Christopher Fletcher.
IEEE Symposium on Security and Privacy (S&P 2024).
[pdf, website]
DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data
Yingchen Wang, Riccardo Paccagnella, Alan Wandke, Zhao Gang, Grant Garrett-Grossman, Christopher Fletcher, David Kohlbrenner, Hovav Shacham.
IEEE Symposium on Security and Privacy (S&P 2023).
[pdf, talk, website]
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Yingchen Wang*, Riccardo Paccagnella*, Elizabeth He, Hovav Shacham, Christopher Fletcher, David Kohlbrenner.
IEEE Micro Special Issue on Top Picks (IEEE Micro 2023.04). (*co-first authors)
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Yingchen Wang*, Riccardo Paccagnella*, Elizabeth He, Hovav Shacham, Christopher Fletcher, David Kohlbrenner.
USENIX Security Symposium (USENIX Security 2022). (*co-first authors)
[pdf, talk, slides, code, website]
★
Pwnie 2022 Award for Best Cryptographic Attack
★
Intel Bug Bounty Award
CVE-2022-23823; CVE-2022-24436; CVE-2022-35888
❝
Ars Technica;
Schneier;
Hackaday;
Techradar;
Phoronix;
Digital Trends;
SecurityWeek;
New Scientist;
IFLScience;
Cloudflare;
Kaspersky;
The Hacker News;
PCMag;
PCWorld;
Tom’s Hardware;
Dark Reading;
The Register;
Hacker News;
Security Now;
Wired
Don’t Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects
Miles Dai*, Riccardo Paccagnella*, Miguel Gomez-Garcia, John McCalpin, Mengjia Yan.
USENIX Security Symposium (USENIX Security 2022). (*co-first authors)
[pdf, talk, slides, code]
Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest
Jose Rodrigo Sanchez Vicarte, Michael Flanders, Riccardo Paccagnella, Grant Garrett-Grossman, Adam Morrison, Christopher Fletcher, David Kohlbrenner.
IEEE Symposium on Security and Privacy (S&P 2022).
[pdf, talk, code]
❝
Tom’s Hardware;
9to5Mac;
AppleInsider;
Macworld;
Digital Trends;
Techradar;
TechSpot;
Risky Biz;
iMore;
HW Upgrade
Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
Riccardo Paccagnella, Licheng Luo, Christopher Fletcher.
USENIX Security Symposium (USENIX Security 2021).
[pdf, talk, slides, code]
❝
The Register;
Phoronix;
The Record;
SecurityWeek;
TechRadar;
The Hacker News;
ThreatPost;
Security Now;
HW Upgrade
Jamais Vu: Thwarting Microarchitectural Replay Attacks
Dimitrios Skarlatos, Zirui Zhao, Riccardo Paccagnella, Christopher Fletcher, Josep Torrellas.
International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).
[pdf, slides, code]
Speculative Interference Attacks: Breaking Invisible Speculation Schemes
Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu, Ron Gabor, Christopher Fletcher, Abhishek Basak, Alaa Alameldeen.
International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).
[pdf, slides, code]
Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks
Riccardo Paccagnella, Kevin Liao, Dave Tian, Adam Bates.
ACM Conference on Computer and Communications Security (CCS 2020).
[pdf, talk, slides, code]
Game of Threads: Enabling Asynchronous Poisoning Attacks
Jose Rodrigo Sanchez Vicarte, Ben Schreiber, Riccardo Paccagnella, Christopher Fletcher.
International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2020).
[pdf, talk, code]
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution
Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher Fletcher, Andrew Miller, Dave Tian.
Network and Distributed System Security Symposium (NDSS 2020).
[pdf, talk, slides, code]
Emerging Threats in IoT Voice Services
Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael Bailey.
IEEE Security & Privacy Magazine (S&P Mag 2019.04).
[pdf]
Skill Squatting Attacks on Amazon Alexa
Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael Bailey.
USENIX Security Symposium (USENIX Security 2018).
[pdf, talk]