Riccardo Paccagnella

Hi! I am an assistant professor of computer science at Carnegie Mellon University, where I am a core faculty member in S3D and CyLab and have a courtesy appointment in ECE. I completed my Ph.D. in Computer Science (2023) at the University of Illinois Urbana-Champaign, where I was advised by Chris Fletcher.

My research interests are in system and hardware security. Recently, my work has been focusing on uncovering and mitigating new classes of microarchitectural vulnerabilities and their impact on secure software. In the past, I also worked on improving the security of operating system audit frameworks.

Teaching

• Introduction to Computer Security: Spring 2025
• Advanced Topics in Hardware Security: Fall 2023, Fall 2024

Students

I am grateful to work with a team of amazing students.

PhD students:

• Inwhan Chun (2023-present); KFAS PhD Fellow
• Isabella Siu (2023-present; co-advised with Riad Wahby)

I am looking for students! If you are interested in joining my group, please apply to CMU and mention my name in your application(s). I can advise students from several programs, including the SC, SE, CSD, and ECE PhD programs. Among these, your best bet to work with me is to apply specifically to the Societal Computing (SC) or the Software Engineering (SE) PhD programs, which have no application fees and are two of the programs with the strongest focus on security and privacy research in CMU’s School of Computer Science. Also, if you are a US citizen from an underrepresented group or first-gen college student, consider applying for the GEM (deadline mid-November) and the CMU Rales fellowships.

Peer-reviewed publications

• Peek-a-Walk: Leaking Secrets via Page Walk Side Channels
  Alan Wang, Boru Chen, Yingchen Wang, Christopher Fletcher, Daniel Genkin, David Kohlbrenner, Riccardo Paccagnella.
  IEEE Symposium on Security and Privacy (S&P 2025).

• Bending microarchitectural weird machines towards practicality
  Ping-Lun Wang, Riccardo Paccagnella, Riad S. Wahby, Fraser Brown.
  USENIX Security Symposium (USENIX Security 2024).
  [pdf, code]
  ★ Pwnie 2024 Nominee for Most Epic Achievement
  ★ Pwnie 2024 Nominee for Most Underhyped Research
  

• GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers
  Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher Fletcher, David Kohlbrenner, Riccardo Paccagnella, Daniel Genkin.
  USENIX Security Symposium (USENIX Security 2024).
  [pdf, code, website]
  
  ★ Pwnie 2024 Award for Best Cryptographic Attack
  ❝ Ars Technica; ZERO DAY; Schneier; The Register; Kaspersky; The Hacker News; Tom’s Hardware; Risky Business; Molly Rocket; Low Level Learning; SecurityWeek; Hackaday; Dark Reading; AppleInsider; TechRadar; BleepingComputer; 9to5Mac; Lifehacker; Macworld; Android Authority; Security Now; PCWorld; HW Upgrade

• GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression
  Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy Vasquez, David Kohlbrenner, Hovav Shacham, Christopher Fletcher.
  IEEE Symposium on Security and Privacy (S&P 2024).
  [pdf, code, website]
  
  CVE-2023-44216
  ❝ Ars Technica; Hackaday; SecurityWeek; Kaspersky; The Hacker News; Tom’s Hardware; TechRadar; BleepingComputer; PC Gamer; CyLab News; Risky Biz; BlackBerry Blog; Bitdefender; HW Upgrade

• DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data
  Yingchen Wang, Riccardo Paccagnella, Alan Wandke, Zhao Gang, Grant Garrett-Grossman, Christopher Fletcher, David Kohlbrenner, Hovav Shacham.
  IEEE Symposium on Security and Privacy (S&P 2023).
  [pdf, talk, website]

• Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
  Yingchen Wang*, Riccardo Paccagnella*, Elizabeth He, Hovav Shacham, Christopher Fletcher, David Kohlbrenner.
  IEEE Micro Special Issue on Top Picks (IEEE Micro 2023.04). (*co-first authors)
  [article]

• Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
  Yingchen Wang*, Riccardo Paccagnella*, Elizabeth He, Hovav Shacham, Christopher Fletcher, David Kohlbrenner.
  USENIX Security Symposium (USENIX Security 2022). (*co-first authors)
  [pdf, talk, slides, code, website]
  ★ IEEE Micro Top Picks 2023
  ★ Pwnie 2022 Award for Best Cryptographic Attack
  ★ Intel Bug Bounty Award
  CVE-2022-23823; CVE-2022-24436; CVE-2022-35888
  ❝ Ars Technica; Schneier; Hackaday; TechRadar; Phoronix; Digital Trends; SecurityWeek; New Scientist; IFLScience; Cloudflare; Kaspersky; The Hacker News; PCMag; PCWorld; Tom’s Hardware; Dark Reading; The Register; Hacker News; Security Now; Wired

• Don’t Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects
  Miles Dai*, Riccardo Paccagnella*, Miguel Gomez-Garcia, John McCalpin, Mengjia Yan.
  USENIX Security Symposium (USENIX Security 2022). (*co-first authors)
  [pdf, talk, slides, code]
  
  ❝ MIT News; SemiEngineering

• Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest
  Jose Rodrigo Sanchez Vicarte, Michael Flanders, Riccardo Paccagnella, Grant Garrett-Grossman, Adam Morrison, Christopher Fletcher, David Kohlbrenner.
  IEEE Symposium on Security and Privacy (S&P 2022).
  [pdf, talk, code]
  ★ CSAW'22 Applied Research Competition Best Paper Runner-up Award
  ❝ Tom’s Hardware; 9to5Mac; AppleInsider; Macworld; Digital Trends; TechRadar; TechSpot; Risky Biz; iMore; HW Upgrade

• Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
  Riccardo Paccagnella, Licheng Luo, Christopher Fletcher.
  USENIX Security Symposium (USENIX Security 2021).
  [pdf, talk, slides, code]
  ★ Pwnie 2021 Nominee for Most Innovative Research
  ❝ The Register; Phoronix; The Record; SecurityWeek; TechRadar; The Hacker News; ThreatPost; Security Now; HW Upgrade

• Jamais Vu: Thwarting Microarchitectural Replay Attacks
  Dimitrios Skarlatos, Zirui Zhao, Riccardo Paccagnella, Christopher Fletcher, Josep Torrellas.
  International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).
  [pdf, slides, code]

• Speculative Interference Attacks: Breaking Invisible Speculation Schemes
  Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu, Ron Gabor, Christopher Fletcher, Abhishek Basak, Alaa Alameldeen.
  International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).
  [pdf, slides, code]

• Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks
  Riccardo Paccagnella, Kevin Liao, Dave Tian, Adam Bates.
  ACM Conference on Computer and Communications Security (CCS 2020).
  [pdf, talk, slides, code]

• Game of Threads: Enabling Asynchronous Poisoning Attacks
  Jose Rodrigo Sanchez Vicarte, Ben Schreiber, Riccardo Paccagnella, Christopher Fletcher.
  International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2020).
  [pdf, talk, code]

• Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution
  Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher Fletcher, Andrew Miller, Dave Tian.
  Network and Distributed System Security Symposium (NDSS 2020).
  [pdf, talk, slides, code]

• Emerging Threats in IoT Voice Services
  Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael Bailey.
  IEEE Security & Privacy Magazine (S&P Mag 2019.04).
  [pdf]

• Skill Squatting Attacks on Amazon Alexa
  Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael Bailey.
  USENIX Security Symposium (USENIX Security 2018).
  [pdf, talk]
  ❝ Ars Technica; TechRadar; Tom’s Guide; SecurityWeek; As Sketchnotes

Contact information

I am best reached at rpaccagn@cs.cmu.edu.