about

I'm a computer systems security researcher, specializing in low-level systems software and (embedded) hardware. Some keywords to spark your imagination include firmware, SoC design, TrustZone, Secure Boot and Fault Injection. I help people understand and improve the security of SoCs.

I currently work as a security researcher at Intel. I used to work at the VUSec systems security research group, and before that at Riscure, a hardware security testing lab.

contact

I am on Twitter, IRC (try libera), Signal and even Telegram (*sob*) and LinkedIn.

You can mail me at (my first name) at this domain, or noopwafel at gmail.

things about me

I'm narcoleptic, so I struggle a lot with being sleepy. I don't like late afternoons! Please let me stand when possible.

My native tongue is English; I also speak Dutch. (In fact, I am Dutch.)

(selected) publications/talks

Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation
Alyssa Milburn, Erik van der Kouwe and Cristiano Giuffrida
To be presented at the IEEE Symposium on Security and Privacy, 2022.

Fault Injection as an Oscilloscope: Fault Correlation Analysis  [paper]
Albert Spruyt, Alyssa Milburn and Lukasz Chmielewski
To be presented at CHES 2021.

CrossTalk: Speculative Data Leaks Across Cores Are Real  [paper] [teaser trailer]
Hany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos and Cristiano Giuffrida
Presented (with Hany) at the IEEE Symposium on Security and Privacy, 2021 (virtual).

RIDL: Rogue In-Flight Data Load  (see mdsattacks.com)  [updated paper w/appendices]
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos and Cristiano Giuffrida
Presented by Stephan at the IEEE Symposium on Security and Privacy, May 2019.
I presented this work at Intel's SCAP workshop in June 2019, and at hardwear.io 2019.

Hardware Side Channel attacks on the cheap(i)est  [slides/video]
Alyssa Milburn and Albert Spruyt
Presented at TROOPERS19 (NGI), Heidelberg, Germany, March 2019.

There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently  [slides]
Alyssa Milburn, Santiago Cordoba, Nils Wiersma, Ramiro Pareja and Niek Timmers
Presented (with Niek) at Black Hat USA, Las Vegas, NV, August 2018,
and at escar USA, Ypsilanti, MI, June 2018. [workshop paper]

SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities  [paper]
Alyssa Milburn, Cristiano Giuffrida and Herbert Bos
Presented at NDSS, San Diego, CA, February 2017.

other stuff I like

I used to write about security issues I found in software, but that's pretty out-of-date nowadays.

I enjoy low-level computing, particularly compilers (including working with LLVM/gcc), kernel-level work and embedded platforms.

ScummVM logoI'm fascinated by old computer games. I used to be involved in various open source projects in this vein, in particular ScummVM, GemRB and openc2e, back when I had free time.

I love explaining stuff. I like giving talks! I've also helped teach a bunch of CS bachelor program courses, and been a TA for others.

Reverse engineering is great fun too; as well as taking apart old computer games, I've also applied my skills for analyzing embedded firmware, and for security work.

You, if you read all of that without closing your browser tab. Have a stroopwafel!

stroopwafel