publications

2026

1. SnoopyPower! Remote Power Attacks on Cache and Coherence Paths

   Eliott Quéré, Maria Méndez Real, Alessandro Palumbo, and 3 more authors

   In HOST 2026 - IEEE International Symposium on Hardware Oriented Security and Trust, May 2026

   Abs Bib PDF

   When timing reaches its limits and fails to discriminate events, the microarchitecture falls silent. Yet power does not. Power leakage from the shared distribution network becomes key to remotely exploiting new side-channel sources on modern heterogeneous SoC architectures, directly challenging the literature built around timing-centric mitigations or presumed timing-level opacity of certain modern processor microarchitecture features, such as Arm’s snoop control unit. In this work, we embed a time-to-digital converter in the programmable logic of a Zynq-7000 SoC-FPGA and show that a short, software-triggered power distribution network signature of a probed memory load from the Arm Cortex-A9 is sufficient to characterise the entire memory hierarchy (i.e., L1, L2, and DRAM) service, as well as coherence states from the snoop control unit. This reveals a new class of hybrid software-hardware vulnerabilities in which unprivileged user code, coordinated with an embedded power sensor, can record high-resolution traces from the shared power distribution network and enable fully remote, fine-grained microarchitectural observation using power leakage on heterogeneous architectures. Building on this capability, we introduce two new attack primitives: Flush+Power, a line-level resolution, same-core attack in shared-memory settings, and SnoopyPower, which reveals coherence-active cache lines across cores. Together, these results demonstrate how programmable logic can become a powerful physical threat vector to CPU microarchitectures in heterogeneous systems, revealing power consumption-based side channels that persist even when timing observation fails.

   @inproceedings{quere2026snoopypower,
     title = {SnoopyPower! Remote Power Attacks on Cache and Coherence Paths},
     author = {Qu{\'e}r{\'e}, Eliott and M{\'e}ndez Real, Maria and Palumbo, Alessandro and Rokicki, Thomas and Bossuet, Lilian and Salvador, Rub{\'e}n},
     booktitle = {HOST 2026 - IEEE International Symposium on Hardware Oriented Security and Trust},
     year = {2026},
     address = {Washington DC, United States},
     month = may,
   }

2025

1. Side-Channel Exploitation of DRAM Access Patterns for Fingerprinting FPGA-CPU Environments

   Eliott Quéré, Maria Méndez Real, Alessandro Palumbo, and 2 more authors

   In Rendez-Vous de la Recherche et de l’Enseignement de la Sécurité des Systèmes d’Information (RESSI), May 2025

   Abs HAL Bib

   In multi-tenant FPGA-accelerated cloud platforms, independent users share the same reconfigurable fabric and underlying hardware resources. This work investigates how DRAM access patterns observable through side-channel measurements can be exploited to fingerprint FPGA-CPU environments, enabling co-location detection and infrastructure reconnaissance in reconfigurable cloud scenarios.

   @inproceedings{quere2025side,
     title = {Side-Channel Exploitation of DRAM Access Patterns for Fingerprinting FPGA-CPU Environments},
     author = {Qu{\'e}r{\'e}, Eliott and M{\'e}ndez Real, Maria and Palumbo, Alessandro and Bossuet, Lilian and Salvador, Rub{\'e}n},
     booktitle = {Rendez-Vous de la Recherche et de l'Enseignement de la S{\'e}curit{\'e} des Syst{\`e}mes d'Information (RESSI)},
     year = {2025},
     address = {Lanniron, France},
     month = may,
   }