about

I'm a computer systems security researcher. Nowadays, I specialize in microarchitectural (CPU) security. I used to specialize in low-level systems software and (embedded) hardware, working on firmware, SoC design, TrustZone, Secure Boot, Fault Injection, etc. I help people understand and improve the security of Stheir SoC/CPU designs.

I currently work as a security researcher at Intel. I used to work at the VUSec systems security research group, and before that at Riscure, a hardware security testing lab.

contact

I am on Twitter, IRC (try libera), Signal and even Telegram (*sob*) and LinkedIn.

You can mail me at (my first name) at this domain, or noopwafel at gmail (the latter is more likely to be read). (I recommend CCing firstname.lastname at intel.com.) In general, feel free to send a poke if I didn't reply within a few days.

things about me

I'm narcoleptic, so I struggle a lot with being sleepy. I don't like late afternoons! Please let me stand when possible.

My native tongue is English; I also speak Dutch. (In fact, I am Dutch.)

(selected) publications/talks

You Cannot Always Win the Race: Analyzing mitigations for branch target prediction attacks   [paper] [[very outdated preprint]
Alyssa Milburn, Ke Sun and Henrique Kawakami
I presented this at EuroS&P 2023.

FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware  [paper/code]
Grant Hernandez, Marius Muench, Dominik Maier, Alyssa Milburn, Shinjo Park, Tobias Scharnowski, Tyler Tucker, Patrick Traynor and Kevin R.B. Butler
This was presented at NDSS 2022. We also placed 4th in the 2021 Samsung Mobile Security Hall of Fame for the baseband bugs we found!

Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation
Alyssa Milburn, Erik van der Kouwe and Cristiano Giuffrida
I presented this at IEEE S&P in May 2022.

Fault Injection as an Oscilloscope: Fault Correlation Analysis  [paper]
Albert Spruyt, Alyssa Milburn and Lukasz Chmielewski
Lukasz presented this at CHES 2021.

CrossTalk: Speculative Data Leaks Across Cores Are Real  [paper] [teaser trailer]
Hany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos and Cristiano Giuffrida
Hany and I presented this at IEEE S&P in 2021 (virtually).
I also presented this (and more) as Causing Microarchitectural Mischief at Intel's iSecCon 2020.

RIDL: Rogue In-Flight Data Load  (see mdsattacks.com)  [updated paper w/appendices]
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos and Cristiano Giuffrida
Presented by Stephan at IEEE S&P in 2019.
I presented this work at Intel's SCAP workshop in June 2019, and at hardwear.io 2019.

Hardware Side Channel attacks on the cheap(i)est  [slides/video]
Alyssa Milburn and Albert Spruyt
We presented this at TROOPERS19 (NGI) in March 2019.

There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently  [slides]
Alyssa Milburn, Santiago Cordoba, Nils Wiersma, Ramiro Pareja and Niek Timmers
Niek and I presented this at Black Hat USA in August 2018,
and it was partially based on work I presented at escar USA, Ypsilanti, MI, June 2018 ([paper])

SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities  [paper]
Alyssa Milburn, Cristiano Giuffrida and Herbert Bos
I presented this at NDSS in February 2017.

(You can always check Google Scholar for other publications.)

other stuff I like

I do (still) serve on program committees, so feel free to ask.

I used to write about security issues I found in software, but that's pretty, uh, more than 5 years, uhhh, ridiculously out-of-date nowadays.

I enjoy low-level computing, particularly compilers (including working with LLVM/gcc), kernel-level work and embedded platforms.

ScummVM logoI'm fascinated by old computer games. I used to be involved in various open source projects in this vein, in particular ScummVM, GemRB and openc2e, back when I had free time.

I love explaining stuff. I like giving talks! I've also helped teach a bunch of CS bachelor program courses, and been a TA for others.

Reverse engineering is great fun too; as well as taking apart old computer games, I've also applied my skills for analyzing embedded firmware, and for security work.

You, if you read all of that without closing your browser tab. Have a stroopwafel!

stroopwafel