Hi! I am an assistant professor of computer science at Carnegie Mellon University, where I am a core faculty member in S3D and CyLab and have a courtesy appointment in ECE. I completed my Ph.D. in Computer Science (2023) at the University of Illinois Urbana-Champaign, where I was advised by Chris Fletcher.
My research interests are in system security. My recent work has been focusing on uncovering and mitigating new classes of microarchitectural vulnerabilities and their impact on secure software. In the past, I also worked on improving the security of operating system audit frameworks.
I am grateful to work with a team of amazing students.
I am looking for students! If you are interested in joining my group, please apply to CMU and mention my name in your application(s). I can advise students from several programs, including the SC, SE, CSD, and ECE PhD programs. Among these, your best bet to work with me is to apply specifically to the SC or the SE PhD programs, which have no application fees and are two of the programs with the strongest focus on security and privacy research in CMU’s School of Computer Science. Also, if you are a US citizen from an underrepresented group or first-gen college student, consider applying for the GEM (deadline mid-November) and the CMU Rales fellowships.
Scheduled Disclosure: Turning Power Into Timing Without Frequency Scaling
Inwhan Chun, Isabella Siu, Riccardo Paccagnella.
IEEE Symposium on Security and Privacy (S&P 2025).
[pdf]
Peek-a-Walk: Leaking Secrets via Page Walk Side Channels
Alan Wang, Boru Chen, Yingchen Wang, Christopher Fletcher, Daniel Genkin, David Kohlbrenner, Riccardo Paccagnella.
IEEE Symposium on Security and Privacy (S&P 2025).
[pdf, code]
Bending microarchitectural weird machines towards practicality
Ping-Lun Wang, Riccardo Paccagnella, Riad S. Wahby, Fraser Brown.
USENIX Security Symposium (USENIX Security 2024).
[pdf, talk, code]
★
Pwnie 2024 Nominee for Most Underhyped Research
GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers
Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher Fletcher, David Kohlbrenner, Riccardo Paccagnella, Daniel Genkin.
USENIX Security Symposium (USENIX Security 2024).
[pdf, talk, code, website]
Apple’s Guidance;
Go Cryptography Patch;
Asahi’s Mitigation
❝
Ars Technica;
ZERO DAY;
Schneier;
The
Register;
Kaspersky;
The Hacker News;
Tom’s Hardware;
Risky Business;
Molly Rocket;
Low Level Learning;
SecurityWeek;
Hackaday;
Dark Reading;
AppleInsider;
TechRadar;
BleepingComputer;
9to5Mac;
Lifehacker;
Macworld;
Android Authority;
Security Now;
PCWorld;
HW Upgrade
GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression
Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy Vasquez, David Kohlbrenner, Hovav Shacham, Christopher Fletcher.
IEEE Symposium on Security and Privacy (S&P 2024).
[pdf, code, website]
Mesa’s Patch;
OpenGL’s Patch;
Arm’s Response
❝
Ars Technica;
Hackaday;
SecurityWeek;
Kaspersky;
The Hacker News;
Tom’s Hardware;
TechRadar;
BleepingComputer;
PC Gamer;
CyLab News;
Risky Biz;
BlackBerry Blog;
Bitdefender;
HW Upgrade
DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data
Yingchen Wang, Riccardo Paccagnella, Alan Wandke, Zhao Gang, Grant Garrett-Grossman, Christopher Fletcher, David Kohlbrenner, Hovav Shacham.
IEEE Symposium on Security and Privacy (S&P 2023).
[pdf, talk, website]
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Yingchen Wang*, Riccardo Paccagnella*, Elizabeth He, Hovav Shacham, Christopher Fletcher, David Kohlbrenner.
IEEE Micro Special Issue on Top Picks (IEEE Micro 2023.04). (*co-first authors)
[article]
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Yingchen Wang*, Riccardo Paccagnella*, Elizabeth He, Hovav Shacham, Christopher Fletcher, David Kohlbrenner.
USENIX Security Symposium (USENIX Security 2022). (*co-first authors)
[pdf, talk, slides, code, website]
★
IEEE Micro Top Picks 2023
★
Pwnie 2022 Award for Best Cryptographic Attack
★
Intel Bug Bounty Award
CVE-2022-23823; CVE-2022-24436; CVE-2022-35888
Intel’s Guidance;
AMD’s Guidance;
Arm’s Guidance;
Ampere’s Guidance;
Red Hat’s Response
❝
Ars Technica;
Schneier;
Hackaday;
TechRadar;
Phoronix;
Digital Trends;
SecurityWeek;
New Scientist;
IFLScience;
Cloudflare;
Kaspersky;
The Hacker News;
PCMag;
PCWorld;
Tom’s Hardware;
Dark Reading;
The Register;
Hacker News;
Security Now;
Wired
Don’t Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects
Miles Dai*, Riccardo Paccagnella*, Miguel Gomez-Garcia, John McCalpin, Mengjia Yan.
USENIX Security Symposium (USENIX Security 2022). (*co-first authors)
[pdf, talk, slides, code]
Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest
Jose Rodrigo Sanchez Vicarte, Michael Flanders, Riccardo Paccagnella, Grant Garrett-Grossman, Adam Morrison, Christopher Fletcher, David Kohlbrenner.
IEEE Symposium on Security and Privacy (S&P 2022).
[pdf, talk, code]
❝
Tom’s Hardware;
9to5Mac;
AppleInsider;
Macworld;
Digital Trends;
TechRadar;
TechSpot;
Risky Biz;
iMore;
HW Upgrade
Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
Riccardo Paccagnella, Licheng Luo, Christopher Fletcher.
USENIX Security Symposium (USENIX Security 2021).
[pdf, talk, slides, code]
★ Pwnie 2021 Nominee for Most Innovative Research
Intel’s Guidance
❝
The Register;
Phoronix;
The Record;
SecurityWeek;
TechRadar;
The Hacker News;
ThreatPost;
Security Now;
HW Upgrade
Jamais Vu: Thwarting Microarchitectural Replay Attacks
Dimitrios Skarlatos, Zirui Zhao, Riccardo Paccagnella, Christopher Fletcher, Josep Torrellas.
International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).
[pdf, slides, code]
Speculative Interference Attacks: Breaking Invisible Speculation Schemes
Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu, Ron Gabor, Christopher Fletcher, Abhishek Basak, Alaa Alameldeen.
International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).
[pdf, slides, code]
Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks
Riccardo Paccagnella, Kevin Liao, Dave Tian, Adam Bates.
ACM Conference on Computer and Communications Security (CCS 2020).
[pdf, talk, slides, code]
Game of Threads: Enabling Asynchronous Poisoning Attacks
Jose Rodrigo Sanchez Vicarte, Ben Schreiber, Riccardo Paccagnella, Christopher Fletcher.
International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2020).
[pdf, talk, code]
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution
Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher Fletcher, Andrew Miller, Dave Tian.
Network and Distributed System Security Symposium (NDSS 2020).
[pdf, talk, slides, code]
Emerging Threats in IoT Voice Services
Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael Bailey.
IEEE Security & Privacy Magazine (S&P Mag 2019.04).
[pdf]
Skill Squatting Attacks on Amazon Alexa
Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael Bailey.
USENIX Security Symposium (USENIX Security 2018).
[pdf, talk]
I am best reached at rpaccagn@cs.cmu.edu.
