Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Within this website:
External resources:
Within this website:
External resources:
  • the dblp Computer Science Bibliography

Dagstuhl Seminar 23481

MAD: Microarchitectural Attacks and Defenses

( Nov 26 – Dec 01, 2023 )

(Click in the middle of the image to enlarge)

Please use the following short url to reference this page:



Shared Documents


Our society relies on a multitude of information systems that generate, process, and store a massive amount of potentially sensitive data. Protecting and regulating the access to this growing collection of data is critical to prevent security breaches and data misuse. For this, information systems deploy many security mechanisms at different levels: from applicationlevel security checks to, for instance, security mechanisms directly implemented in operating systems. These mechanisms are implemented in a layered fashion where mechanisms at a higher level (say, an application-level security check) rely on the security guarantees provided by lower levels (say, process isolation provided by the operating system). Since the majority of these security mechanisms are implemented in software, their security relies on specific assumptions about how processors execute software.

However, microarchitectural attacks have shown, time and again, that many software mechanisms rely on incorrect assumptions about how programs are executed by processors. These attacks, which target the hardware-software interface, exploit the side-effects (like subtle timing differences in a program’s execution time) resulting from a processor’s internal optimizations to compromise a system’s security. Even worse, these attacks clearly highlight that we lack a precise hardware-software interface for security, which is a prerequisite for building trustworthy and reliable security mechanisms.


The Dagstuhl Seminar 23481 focused on the topic ofMicroarchitectural Attacks and Defenses (MAD for short), a rapidly growing research area focused on discovering, mitigating, and preventing microarchitectural attacks. As an indication of this rapid growth, the Spectre [1] and Meltdown [2] papers – two seminal works (published in 2018) illustrating how microarchitectural attacks can bypass and circumvent many software-level security mechanisms – have jointly attracted more than 4500 citations. Since then, researchers from multiple communities – computer security, computer architectures, programming languages and verification, and applied cryptography – have been working on tackling the challenges posed by microarchitectural attacks. In particular, the MAD community has, so far, been broadly focusing on the following research topics:

In terms of attack-oriented research, the MAD community has been focusing on characterizing the microarchitectural side-effects arising in modern processors and on identifying new microarchitectural attacks. In particular, the discovery of new microarchitectural details is often the first step towards developing new attacks. Even though the majority of this research still heavily relies on manual analysis and reverse engineering, researchers started to focus also on the development of approaches and tools to automate the discovery of leaks and attacks.
Hardware and software defenses:
The MAD community has also been focusing on the development of defenses and mitigations – spanning the entire spectrum from hardware to software – against microarchitectural attacks. For instance, the community has proposed different ways of modifying current microarchitectures to directly prevent microarchitectural leaks, e.g., by identifying (and delaying) those operations that might result in leaks of sensitive information. In terms of software defenses, instead, the community has been focusing on techniques for securely executing computations even on top of current “leaky” processors, e.g., by relying on compiler-based mitigations to prevent leaks.
Foundations and verification:
In terms of foundations and verification, the MAD community has been focusing on three core challenges. First, identifying and formalizing new security abstractions capturing microarchitectural leaks. Second, developing automated techniques for reasoning about microarchitectural leaks in software given high-level leakage models. Third, developing verification techniques for proving the security of processors at register-transfer level against microarchitectural attacks.


The main goal of the Dagstuhl Seminar 23481 - MAD: Microarchitectural Attacks and Defenses was to bring together researchers that work on different, but related, research topics such as

  1. microarchitectural and side-channel attacks,
  2. software security,
  3. computer architectures and hardware security,
  4. program verification and formal methods for security, and
  5. applied cryptography.

For this, the seminar focused on:

  1. Providing an overview of the latest research results related with security at the hardware-software interface with a focus on microarchitectural attacks and defenses.
  2. Strengthening the interaction between researchers from different community working on topics relevant to microarchitectural attacks and defenses.
  3. Discussing relevant open problems about microarchitectural attacks and defenses, identifying novel insights that can arise by combining results from different research areas, and fostering the collaboration between researchers.

Attendees and seminar's structure

The seminar was attended by 35 researchers with diverse background, spanning all research communities related to MAD: computer security, applied cryptography, computer architectures, and programming languages and verification. The attendees were also a good mix between academia (28 attendees) and industry (7 attendees). This mixture of diverse backgrounds, which was particularly appreciated by many participants, led to many interesting discussions fueled by a wide variety of points of views.

The seminar lasted 4.5 days and it was organized as follows. The first two days were dedicated to establishing a common background for all attendees. This was achieved through overview talks on core MAD topics: (a) microarchitectural attacks and defenses, (b) formal methods and verification, (c) defenses at software and hardware level, and (d) a special session dedicated to Rowhammer attacks and defenses. Each overview topic was covered in 2 talks given by leading researchers on the respective topics. The remaining days were dedicated to contributed talks by the attendees (in the mornings) and small discussion groups (in the afternoons). The discussion groups started from topics proposed by the organizers such as “What are the current capabilities of formal methods approaches and which are the challenges for tackling microarchitectural attacks?”, “What is a good methodology for evaluating the security guarantees of microarchitectural defenses?”, or “Which interesting future systems/technologies might have implications for microarchitectural security?”. On the other days, the discussion was directly driven by the attendees, sometimes continuing on the above topics and sometimes exploring other research questions (e.g., identifying a new taxonomy of microarchitectural attacks).

Future Plans

Microarchitectural attacks are here to stay: addressing them requires to fundamentally rethink the design of hardware and software security mechanisms. We believe that the core topics of the MAD Dagstuhl Seminar will be relevant and at the edge of research for a long time. Moreover, the seminar attracted a lot of interest and received positive feedback from the attendees, which particularly appreciated being in contact with leading researchers from other areas working on MAD as well as the presence of both industrial and academic attendees. For these reasons, we believe that this Dagstuhl Seminar should be repeated in the future. Potential improvements for the future editions could be (1) inviting more computer architects and increasing the amount of attendees from industry (in particular, from chip vendors), and (2) dedicating part of the seminar to deep-dives on specific topics.


  1. Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the 40th IEEE Symposium on Security and Privacy (S&P 2019).
  2. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 2018)
Copyright Christopher W. Fletcher, Marco Guarnieri, David Kohlbrenner, and Clémentine Maurice


Microarchitectural attacks, such as Spectre and Meltdown, are a recent class of security threats that affect almost all modern processors. These attacks target the hardware/software interface by exploiting the side-effects (like subtle timing differences in a program's execution time) resulting from a processor's internal optimizations to compromise a system's security. They affect a wide range of processors (from smartphone to server processors) and can be used to bypass and circumvent many software-level security mechanisms. Building systems that are resistant against such attacks requires fundamentally rethinking the design of hardware and software security mechanisms.

Recently, there has been a significant amount of research on (a) characterizing the microarchitectural side-effects of existing processors, (b) identifying new microarchitectural attacks, (c) developing hardware and software mechanisms for mitigating attacks, and (d) developing techniques for reasoning about microarchitectural leaks in hardware and software designs. Unfortunately, these research efforts originate from different research areas-computer security, computer architectures, applied cryptography, programming languages and verification-with only limited interactions across areas.

The Microarchitectural Attacks and Defenses (MAD) Dagstuhl Seminar will gather together leading researchers that are working on security at the hardware-software interface. This will provide an opportunity for (1) presenting a comprehensive overview of current advances in microarchitectural attacks and defenses, (2) fostering interaction and collaboration between researchers from different research communities, and (3) identifying new research directions and open challenges that need to be addressed to build systems resistant to microarchitectural attacks.

Copyright Christopher W. Fletcher, Marco Guarnieri, David Kohlbrenner, and Clémentine Maurice


  • Cryptography and Security
  • Hardware Architecture
  • Programming Languages

  • microarchitectural attacks
  • hardware-software co-design for security
  • security architectures
  • side-channel analysis