Daniel Moghimi
Before joining Google as a Senior Research Scientist, Daniel was a postdoctoral scholar at UCSD. He has a PhD in Electrical and Computer Engineering and an MSc in Computer Science from WPI. He works on computer and hardware security, spanning various topics such as microarchitectural vulnerabilities, side-channel cryptanalysis, and security architecture. His research has improved the security of superscalar CPUs, memory subsystems, and cryptographic implementations, which billions of users use daily.
Authored Publications
Sort By
Phoenix: Rowhammer Attacks on DDR5 with Self-Correcting Synchronization
Diego Meyer
Patrick Jattke
Michele Marazzi
Salman Qazi
Kaveh Razavi
Usenix Security (2026)
Preview abstract
DDR5 has shown an increased resistance to Rowhammer attacks in production settings. Surprisingly, DDR5 achieves this without additional refresh management commands, pointing to the deployment of more sophisticated inDRAM Target Row Refresh (TRR) mechanisms. This paper reverse engineers such advanced TRR schemes in DDR5 devices for the first time. Our findings show that compared to older mitigations deployed in DDR4, these new schemes have considerably fewer blind spots spread over many refresh intervals. This means that an effective DDR5 Rowhammer pattern must precisely track thousands of refresh operations, which we show is not possible with existing techniques. To address this challenge, our new DDR5 Rowhammer attack, called Phoenix, self-corrects the pattern whenever it detects a missed refresh operation during the attack. Our evaluation shows that Phoenix triggers bit flips on 15 out of 15 DDR5 devices in our test pool. Using these bit flips, we build the first Rowhammer privilege escalation exploit that obtains root on a production DDR5 system with default settings in as little as 109 seconds. These results provide further evidence that a principled Rowhammer mitigation, such as per-row activation counters, is mandatory for a secure operation of future devices.
View details
Phoenix: Rowhammer Attacks on DDR5 with Self-Correcting Synchronization
Preview
Michele Marazzi
Kaveh Razavi
Salman Qazi
Diego Meyer
Patrick Jattke
IEEE Security & Privacy (S&P) (2026)
ARM MTE Performance in Practice
Preview
Taehyun Noh
Yingchen Wang
Tal Garfinkel
Mahesh Madhav
Mattan Erez
Shravan Narayan
Usenix Security (2026)
SMaCk: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts
Seonghun Son
Berk Gulmezoglu
ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2025)
Preview abstract
Self-modifying code (SMC) allows programs to alter their own instructions, optimizing performance and functionality on x86 processors. Despite its benefits, SMC introduces unique microarchitectural behaviors that can be exploited for malicious purposes. In this paper, we explore the security implications of SMC by examining how specific x86 instructions affecting instruction cache lines lead to measurable timing discrepancies between cache hits and misses. These discrepancies facilitate refined cache attacks, making them less noisy and more effective. We introduce novel attack techniques that leverage these timing variations to enhance existing methods such as Prime+Probe and Flush+Reload. Our advanced techniques allow adversaries to more precisely attack cryptographic keys and create covert channels akin
to Spectre across various x86 platforms. Finally, we propose a dynamic detection methodology utilizing hardware performance counters to mitigate these enhanced threats.
View details
DroidCCT: Cryptographic Compliance Test via Trillion-Scale Measurement
Preview
Rémi Audebert
Pedro Barbosa
Borbala Benko
Alex (Mac) Mihai
László Siroki
Catherine Vlasov
Annual Computer Security Applications Conference (ACSAC) (2025) (to appear)
ExfilState: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs
Preview
Fabian Thomas
Michael Torres
Michael Schwarz
ACM Conference on Computer and Communications Security (CCS) (2025) (to appear)
Hardware-Assisted Fault Isolation: Going Beyond the Limits of Software-Based Sandboxing
Shravan Narayan
Tal Garfinkel
Mohammadkazem Taram
Joey Rudek
Evan Johnson
Chris Fallin
Anjo Vahldiek-Oberwagner
Michael LeMay
Ravi Sahita
Dean Tullsen
Deian Stefan
IEEE Micro (2024)
Preview abstract
Hardware-assisted Fault Isolation (HFI) is a minimal extension to current processors that supports secure, flexible, and efficient in-process isolation. HFI addresses the limitations of software-based isolation (SFI) systems including: runtime overheads, limited scalability, vulnerability to Spectre attacks, and limited compatibility with existing code. HFI can be seamlessly integrated into exisiting SFI systems (e.g. WebAssembly), or directly sandbox unmodified native binaries. To ease adoption, HFI proposes incremental changes to existing high-performance processors.
View details
Generalized Power Attacks against Crypto Hardware using Long-Range Deep Learning
Karel Král
Marina Zhang
Transactions on Cryptographic Hardware and Embedded Systems (TCHES), IACR (2024)
Preview abstract
To make cryptographic processors more resilient against side-channel attacks, engineers have developed various countermeasures. However, the effectiveness of these countermeasures is often uncertain, as it depends on the complex interplay between software and hardware. Assessing a countermeasure’s effectiveness using profiling techniques or machine learning so far requires significant expertise and effort to be adapted to new targets which makes those assessments expensive. We argue that including cost-effective automated attacks will help chip design teams to quickly evaluate their countermeasures during the development phase, paving the way to more secure chips.In this paper, we lay the foundations toward such automated system by proposing GPAM, the first deep-learning system for power side-channel analysis that generalizes across multiple cryptographic algorithms, implementations, and side-channel countermeasures without the need for manual tuning or trace preprocessing. We demonstrate GPAM’s capability by successfully attacking four hardened hardware-accelerated elliptic-curve digital-signature implementations. We showcase GPAM’s ability to generalize across multiple algorithms by attacking a protected AES implementation and achieving comparable performance to state-of-the-art attacks, but without manual trace curation and within a limited budget. We release our data and models as an open-source contribution to allow the community to independently replicate our results and build on them.
View details
Pathfinder: High-Resolution Control-Flow Attacks with Conditional Branch Predictor
Hosein Yavarzadeh
Archit Agarwal
Max Christman
Christina Garman
Daniel Genkin
Andrew Kwong
Deian Stefan
Mohammadkazem Taram
Dean Tullsen
International Conference on Architectural Support for Programming Languages and Operating Systems, ACM (2024)
Preview abstract
This paper presents novel attack primitives that provide adversaries with the ability to read and write the path history register (PHR) and the prediction history tables (PHTs) of the conditional branch predictor in modern Intel CPUs. These primitives enable us to recover the recent control flow (the last 194 taken branches) and, in most cases, a nearly unlimited control flow history of any victim program. Additionally, we present a tool that transforms the PHR into an unambiguous control flow graph, encompassing the complete history of every branch. This work provides case studies demonstrating the practical impact of novel reading and writing/poisoning primitives. It includes examples of poisoning AES to obtain intermediate values and consequently recover the secret AES key, as well as recovering a secret image by capturing the complete control flow of libjpeg routines. Furthermore, we demonstrate that these attack primitives are effective across virtually all protection boundaries and remain functional in the presence of all recent control-flow mitigations from Intel.
View details
Preview abstract
In-DRAM Stochastic and Approximate Counting (DSAC) is a recently published algorithm that aims to mitigate Rowhammer at low cost. Existing in-DRAM counter-based schemes keep track of row activations and issue Targeted Row Refresh (TRR) upon detecting a concerning pattern. However, due to insufficiency of the tracking ability they are vulnerable to attacks utilizing decoy rows. DSAC claims to improve upon existing TRR mitigation by filtering out decoy-row accesses, so they cannot saturate the limited number of counters available for detecting Rowhammer, promising a reliable mitigation without the area cost of deterministic and provable schemes such as per-row activation counting (PRAC).
In this paper, we analyze DSAC and discover some gaps that make it vulnerable to Rowhammer and Rowpress attacks. The main focus of this work is a novel attack named SoothSayer that targets the counter replacement policy in DSAC by cloning the random number generator. We describe and simulate this attack, and establish its efficacy. Finally, we discuss other weaknesses in DSAC.
View details
