Research Outputs

Conference and journal papers

  1. S&P
    Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes
    Alder, F., Daniel, L., Oswald, D., Piessens, F., and Bulck, J. Van
    In 2024 IEEE Symposium on Security and Privacy (S&P) 2024
  2. S&P
    SoK: Prudent Evaluation Practices for Fuzzing
    Schloegel, Moritz, Bars, Nils, Schiller, Nico, Bernhard, Lukas, Scharnowski, Tobias, Crump, Addison, Ale-Ebrahim, Arash, Bissantz, Nicolai, Muench, Marius, and Holz, Thorsten
    In IEEE Symposium on Security and Privacy (S&P) 2024
  3. BAR
    FirmLine: a Generic Pipeline for Large-Scale Analysis of Non-Linux Firmware
    Balgavy, Alexander, and Muench, Marius
    In Workshop on Binary Analysis Research (BAR) 2024
  1. PETS
    Watching your call: Breaking VoLTE Privacy in LTE/5G Networks
    Cheng, Zishuai, Ordean, Mihai, Garcia, Flavio D., Cui, Baojiang, and Rys, Dominik
    Proceedings on Privacy Enhancing Technologies Symposium 2023
  2. EuroS&P
    CHERI-TrEE: Flexible enclaves on capability machines
    Van Strydonck, Thomas, Noorman, Job, Jackson, Jennifer, Alves Dias, Leonardo, Vanderstraeten, Robin, Oswald, David, Piessens, Frank, and Devriese, Dominique
    2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P) 2023
  3. CHES
    PMFault: Faulting and Bricking Server CPUs through Management Interfaces
    Chen, Zitai, and Oswald, David
    IACR Transactions on Cryptographic Hardware and Embedded Systems 2023
  4. EuroS&P
    Automatic verification of transparency protocols
    Cheval, Vincent, Moreira, José, and Ryan, Mark
    2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P) 2023
  5. USENIX Security
    Forming Faster Firmware Fuzzers
    Seidel, Lukas, Maier, Dominik, and Muench, Marius
    In 32nd USENIX Security Symposium (USENIX Security 23) 2023
  1. Digital Threats 2022
    Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments
    Alder, Fritz, Van Bulck, Jo, Spielman, Jesse, Oswald, David, and Piessens, Frank
    Digital Threats 2022
  2. PETS
    SoK: TEE-assisted confidential smart contract
    Li, Rujia, Wang, Qin, Wang, Qi, Galindo, David, and Ryan, Mark
    Proceedings on Privacy Enhancing Technologies Symposium 2022
  3. CCS
    MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware
    Chen, Zitai, Thomas, Sam L., and Garcia, Flavio D.
    In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security 2022
  4. PETS
    A Tale of Four Gates: Privilege Escalation and Permission Bypasses on Android Through App Components
    Aldoseri, Abdulla, Oswald, David, and Chiper, Robert
    In Computer Security – ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part II 2022
  5. CARDIS 2022
    Reveal the Invisible Secret: Chosen-Ciphertext Side-Channel Attacks on NTRU
    Xu, Zhuang, Pemberton, Owen, Oswald, David, and Zheng, Zhiming
    In Proceedings of the 21st Smart Card Research and Advanced Application Conference (CARDIS) 2022 2022
  1. USENIX Security
    VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
    Chen, Zitai, Vasilakis, Georgios, Murdock, Kit, Dean, Edward, Oswald, David, and Garcia, Flavio D.
    In 30th USENIX Security Symposium (USENIX Security 21) 2021


                                                                1. HOST
                                                                  Fine-Grained Memory Protection for Zephyr with Capabilities on CHERI-RISC-V
                                                                  Jackson, Jennifer, and Jiang, Minmin
                                                                  IEEE International Symposium on Hardware Oriented Security and Trust 2024
                                                                1. WISC 23
                                                                  Evaluating the Microarchitectural Safety of CHERI
                                                                  Henes, Jacqui
                                                                  Women in Security and Cryptography 2023
                                                                2. Black Hat
                                                                  PMFault: Voltage Fault Injection on Server Platforms Through the PMBus
                                                                  Chen, Zitai, and Oswald, David
                                                                  Black Hat Asia 2023
                                                                1. CHERITech22
                                                                  CHERI and Trusted Execution Environments
                                                                  Jackson, Jennifer
                                                                  CHERI Technical Workshop 2022
                                                                2. CARDIS 2022
                                                                  Workshop on the CHERI security features and the ARM Morello prototype implementation
                                                                  Jennifer Jackson, Jacqui Henes, and Oswald, David
                                                                  CARDIS Fall School 2022
                                                                1. SILM
                                                                  Plundering and Pillaging with Voltage: Software and Hardware-based Fault-injection Attacks against SGX
                                                                  Garcia, Flavio D.
                                                                  3rd edition of workshop on the Security of Software / Hardware Interfaces (SILM 2021). Co-located with EuroS&P. 2021
                                                                  Stealing secrets from Intel vaults, with side channels and voltage faults
                                                                  Oswald, David, and Chen, Zitai
                                                         Webiner 2021


                                                                                                                                1. Github
                                                                                                                                  Github Repo: CHERITrEE
                                                                                                                                  Jackson, Jennifer, and Van Strydonck, Thomas
                                                                                                                                2. Github
                                                                                                                                  Github Repo: Pandora
                                                                                                                                  Alder, Fritz, Daniel, Lesly-Ann, Oswald, David, Piessens, Frank, and Van Bulck, Jo
                                                                                                                                1. GitHub
                                                                                                                                  GitHub Repo: Morello baremetal examples
                                                                                                                                  Jackson, Jennifer
                                                                                                                                1. CVE
                                                                                                                                  Security issue in the Occlum Rust TEE runtime, which can be used to leak enclave secrets
                                                                                                                                  CVE-2021-44421, 2021
                                                                                                                                2. GitHub
                                                                                                                                  OpenSource Contribution: Giles and Oswald: buffer overflow vulnerabilities in OpenPLC were reported and fixed
                                                                                                                                  Giles, Lorne, and Oswald, David
                                                                                                                                1. GitHub
                                                                                                                                  GitHub Repo: CHERI documentation
                                                                                                                                  Jackson, Jennifer, and Oswald, David