Boru Chen

Boru Chen

CS Ph.D. Student at Berkeley

Publications

You can also find my articles on Google Scholar.

@inproceedings{gofetch, title = {GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers}, author = {Boru Chen and Yingchen Wang and Pradyumna Shome and Christopher W. Fletcher and David Kohlbrenner and Riccardo Paccagnella and Daniel Genkin}, booktitle = {USENIX Security}, year = {2024}, }
@inproceedings{peekawalk, author = { Wang, Alan and Chen, Boru and Wang, Yingchen and Fletcher, Christopher and Genkin, Daniel and Kohlbrenner, David and Paccagnella, Riccardo }, booktitle = { IEEE S\&P }, title = , year = {2025} }
@inproceedings{controlled-preemtion, author = {Zhu, Yongye and Chen, Boru and Zhao, Zirui Neil and Fletcher, Christopher W.}, title = {Controlled Preemption: Amplifying Side-Channel Attacks from Userspace}, year = {2025}, booktitle = {ASPLOS} }

Peek-a-Walk: Leaking Secrets via Page Walk Side Channels

Alan Wang, Boru Chen, Yingchen Wang, Christopher W. Fletcher, Daniel Genkin, David Kohlbrenner, Riccardo Paccagnella

Published in IEEE S&P (Oakland), 2025 (Full Paper | bibtex)

Peek-a-Walk is a microarchitectural side-channel attack that leaks secrets from the page walk process. This amplifies an attacker’s bit leakage capabilities (up to 42 of the 64 secret bits) in scenarios where secrets are dereferenced microarchitecturally.

Controlled Preemption: Amplifying Side-Channel Attacks from Userspace

Yongye Zhu, Boru Chen, Zirui Neil Zhao, Christopher W. Fletcher

Published in ASPLOS, 2025 (Full Paper | bibtex)

Controlled Preemption studies the responsiveness and fairness of OS thread schedulers, which naturally provides a preemption window where the attacker thread can interleave its execution with a victim thread at a temporally fine-grained level (i.e. single step the victim thread).

GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers

Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella, Daniel Genkin

Published in USENIX Security, 2024 (Full Paper | bibtex)

Pwnie Award -- Best Cryptographic Attack

GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs). We show that DMPs are present in many Apple CPUs and pose a real threat to multiple cryptographic implementations, allowing us to extract keys from OpenSSL Diffie-Hellman, Go RSA, as well as CRYSTALS Kyber and Dilithium.