Riccardo Paccagnella

Hi! I am an assistant professor of computer science at Carnegie Mellon University, where I am a core faculty member in S3D and CyLab and have a courtesy appointment in ECE. I completed my Ph.D. in Computer Science (2023) at the University of Illinois Urbana-Champaign, where I was advised by Chris Fletcher.

My research interests are in system and hardware security. Recently, my work has been uncovering and mitigating new classes of hardware vulnerabilities that undermine the prevailing models for building secure software. In the past, I also worked on improving the security of operating system audit frameworks.

I am best reached at rpaccagn@cs.cmu.edu.

PEER-REVIEWED PUBLICATIONS

• GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression
  Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy Vasquez, David Kohlbrenner, Hovav Shacham, Christopher Fletcher.
  IEEE Symposium on Security and Privacy (S&P 2024).
  [pdf, website]

• DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data
  Yingchen Wang, Riccardo Paccagnella, Alan Wandke, Zhao Gang, Grant Garrett-Grossman, Christopher Fletcher, David Kohlbrenner, Hovav Shacham.
  IEEE Symposium on Security and Privacy (S&P 2023).
  [pdf, talk, website]

• Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
  Yingchen Wang*, Riccardo Paccagnella*, Elizabeth He, Hovav Shacham, Christopher Fletcher, David Kohlbrenner.
  IEEE Micro Special Issue on Top Picks (IEEE Micro 2023.04). (*co-first authors)

• Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
  Yingchen Wang*, Riccardo Paccagnella*, Elizabeth He, Hovav Shacham, Christopher Fletcher, David Kohlbrenner.
  USENIX Security Symposium (USENIX Security 2022). (*co-first authors)
  [pdf, talk, slides, code, website]
  ★ IEEE Micro Top Picks 2023
  ★ Pwnie 2022 Award for Best Cryptographic Attack
  ★ Intel Bug Bounty Award
  CVE-2022-23823; CVE-2022-24436; CVE-2022-35888
  ❝ Ars Technica; Schneier; Hackaday; Techradar; Phoronix; Digital Trends; SecurityWeek; New Scientist; IFLScience; Cloudflare; Kaspersky; The Hacker News; PCMag; PCWorld; Tom’s Hardware; Dark Reading; The Register; Hacker News; Security Now; Wired

• Don’t Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects
  Miles Dai*, Riccardo Paccagnella*, Miguel Gomez-Garcia, John McCalpin, Mengjia Yan.
  USENIX Security Symposium (USENIX Security 2022). (*co-first authors)
  [pdf, talk, slides, code]
  
  ❝ MIT News; SemiEngineering

• Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest
  Jose Rodrigo Sanchez Vicarte, Michael Flanders, Riccardo Paccagnella, Grant Garrett-Grossman, Adam Morrison, Christopher Fletcher, David Kohlbrenner.
  IEEE Symposium on Security and Privacy (S&P 2022).
  [pdf, talk, code]
  ★ CSAW'22 Applied Research Competition Best Paper Runner-up Award
  ❝ Tom’s Hardware; 9to5Mac; AppleInsider; Macworld; Digital Trends; Techradar; TechSpot; Risky Biz; iMore; HW Upgrade

• Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
  Riccardo Paccagnella, Licheng Luo, Christopher Fletcher.
  USENIX Security Symposium (USENIX Security 2021).
  [pdf, talk, slides, code]
  ★ Pwnie 2021 Nominee for Most Innovative Research
  ❝ The Register; Phoronix; The Record; SecurityWeek; TechRadar; The Hacker News; ThreatPost; Security Now; HW Upgrade

• Jamais Vu: Thwarting Microarchitectural Replay Attacks
  Dimitrios Skarlatos, Zirui Zhao, Riccardo Paccagnella, Christopher Fletcher, Josep Torrellas.
  International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).
  [pdf, slides, code]

• Speculative Interference Attacks: Breaking Invisible Speculation Schemes
  Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu, Ron Gabor, Christopher Fletcher, Abhishek Basak, Alaa Alameldeen.
  International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).
  [pdf, slides, code]

• Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks
  Riccardo Paccagnella, Kevin Liao, Dave Tian, Adam Bates.
  ACM Conference on Computer and Communications Security (CCS 2020).
  [pdf, talk, slides, code]

• Game of Threads: Enabling Asynchronous Poisoning Attacks
  Jose Rodrigo Sanchez Vicarte, Ben Schreiber, Riccardo Paccagnella, Christopher Fletcher.
  International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2020).
  [pdf, talk, code]

• Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution
  Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher Fletcher, Andrew Miller, Dave Tian.
  Network and Distributed System Security Symposium (NDSS 2020).
  [pdf, talk, slides, code]

• Emerging Threats in IoT Voice Services
  Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael Bailey.
  IEEE Security & Privacy Magazine (S&P Mag 2019.04).
  [pdf]

• Skill Squatting Attacks on Amazon Alexa
  Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael Bailey.
  USENIX Security Symposium (USENIX Security 2018).
  [pdf, talk]
  ❝ Ars Technica; TechRadar; Tom’s Guide; SecurityWeek; As Sketchnotes