Research Outputs

Conference and journal papers

1. S&P

   Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes

   Alder, F., Daniel, L., Oswald, D., Piessens, F., and Bulck, J. Van

   In 2024 IEEE Symposium on Security and Privacy (S&P) 2024

   PDF URL

   The popularity of Intel SGX technology in recent years has given rise to a wide range of shielding runtimes to transparently safeguard secure enclave applications against a hostile operating system. Adequate validation of the crucial and numerous shielding runtimes is, however, a multi-faceted and fast-changing challenge, as new attack techniques against SGX enclaves are discovered regularly and commonly necessitate extensive software patches throughout the SGX ecosystem. This paper proposes Pandora, a practical, enclave-aware symbolic execution tool designed to address this challenge. In contrast to existing tools, Pandora’s truthful and runtime-agnostic symbolic execution of the exact attested enclave binary for the first time allows to validate the critical enclave shielding runtime itself. Furthermore, Pandora provides principled foundations to deal with the moving-target nature of enclave software security by implementing accurate taint tracking of attacker inputs, a precise symbolic enclave memory model, and support for pluggable vulnerability detectors. We extensively evaluate Pandora on 11 different SGX shielding runtimes with 4 detection plugins for a diverse set of vulnerability types. Our experiments show that Pandora can autonomously discover 200 new and 69 known vulnerable code locations. Notably, Pandora is the first tool that allows a wide-scale ecosystem investigation of recent pointer-alignment software mitigations in real-world SGX enclave runtimes.

2. S&P

   SoK: Prudent Evaluation Practices for Fuzzing

   Schloegel, Moritz, Bars, Nils, Schiller, Nico, Bernhard, Lukas, Scharnowski, Tobias, Crump, Addison, Ale-Ebrahim, Arash, Bissantz, Nicolai, Muench, Marius, and Holz, Thorsten

   In IEEE Symposium on Security and Privacy (S&P) 2024

   PDF URL
3. BAR

   FirmLine: a Generic Pipeline for Large-Scale Analysis of Non-Linux Firmware

   Balgavy, Alexander, and Muench, Marius

   In Workshop on Binary Analysis Research (BAR) 2024

   PDF URL

1. PETS

   Watching your call: Breaking VoLTE Privacy in LTE/5G Networks

   Cheng, Zishuai, Ordean, Mihai, Garcia, Flavio D., Cui, Baojiang, and Rys, Dominik

   Proceedings on Privacy Enhancing Technologies Symposium 2023

   PDF URL
2. EuroS&P

   CHERI-TrEE: Flexible enclaves on capability machines

   Van Strydonck, Thomas, Noorman, Job, Jackson, Jennifer, Alves Dias, Leonardo, Vanderstraeten, Robin, Oswald, David, Piessens, Frank, and Devriese, Dominique

   2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P) 2023

   URL
3. CHES

   PMFault: Faulting and Bricking Server CPUs through Management Interfaces

   Chen, Zitai, and Oswald, David

   IACR Transactions on Cryptographic Hardware and Embedded Systems 2023

   URL
4. EuroS&P

   Automatic verification of transparency protocols

   Cheval, Vincent, Moreira, José, and Ryan, Mark

   2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P) 2023

   URL
5. USENIX Security

   Forming Faster Firmware Fuzzers

   Seidel, Lukas, Maier, Dominik, and Muench, Marius

   In 32nd USENIX Security Symposium (USENIX Security 23) 2023

   PDF URL

1. Digital Threats 2022

   Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments

   Alder, Fritz, Van Bulck, Jo, Spielman, Jesse, Oswald, David, and Piessens, Frank

   Digital Threats 2022

   PDF URL

   This article analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact floating-point computations in enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 industry-standard and research enclave shielding runtimes for Intel Software Guard Extensions (SGX), we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions are not always properly sanitized on enclave entry. We furthermore show that this attack goes beyond the x86 architecture and can also affect RISC-V enclaves. Focusing on SGX, we abuse the adversary’s control over precision and rounding modes as an ABI fault injection primitive to corrupt enclaved floating-point operations. Our analysis reveals that this is especially relevant for applications that use the older x87 FPU, which is still under certain conditions used by modern compilers. We exemplify the potential impact of ABI quality-degradation attacks for enclaved machine learning and for the SPEC benchmarks. We then explore the impact on confidentiality, showing that control over exception masks can be abused as a controlled channel to recover enclaved multiplication operands. Our findings, affecting 5 of 7 studied SGX runtimes and one RISC-V runtime, demonstrate the challenges of implementing high-assurance trusted execution across computing architectures.

2. PETS

   SoK: TEE-assisted confidential smart contract

   Li, Rujia, Wang, Qin, Wang, Qi, Galindo, David, and Ryan, Mark

   Proceedings on Privacy Enhancing Technologies Symposium 2022

   PDF

   The blockchain-based smart contract lacks privacy since the contract state and instruction code are exposed to the public. Combining smart-contract execution with Trusted Execution Environments (TEEs) provides an efficient solution, called TEE-assisted smart contracts, for protecting the confidentiality of contract states. However, the combination approaches are varied, and a systematic study is absent. Newly released systems may fail to draw upon the experience learned from existing protocols, such as repeating known design mistakes or applying TEE technology in insecure ways. In this paper, we first investigate and categorize the existing systems into two types: the layer-one solution and layer-two solution. Then, we establish an analysis framework to capture their common lights, covering the desired properties (for contract services), threat models, and security considerations (for underlying systems). Based on our taxonomy, we identify their ideal functionalities and uncover the fundamental flaws and reasons for the challenges in each specification design. We believe that this work would provide a guide for the development of TEE-assisted smart contracts, as well as a framework to evaluate future TEE-assisted confidential contract systems.

3. CCS

   MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware

   Chen, Zitai, Thomas, Sam L., and Garcia, Flavio D.

   In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security 2022

   URL
4. PETS

   A Tale of Four Gates: Privilege Escalation and Permission Bypasses on Android Through App Components

   Aldoseri, Abdulla, Oswald, David, and Chiper, Robert

   In Computer Security – ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part II 2022

   URL

   Android apps interact and exchange data with other apps through so-called app components. Previous research has shown that app components can cause application-level vulnerabilities, for example leading to data leakage across apps. Alternatively, apps can (intentionally or accidentally) expose their permissions (e.g. for camera and microphone) to other apps that lack these privileges. This causes a confused deputy situation, where a less privileged app exposes its app components, which use these permissions, to the victim app. While previous research mainly focused on these issues, less attention has been paid to how app components can affect the security and privacy guarantees of Android OS. In this paper, we demonstrate two according vulnerabilities, affecting recent Android versions. First, we show how app components can be used to leak data from and, in some cases, take full control of other Android user profiles, bypassing the dedicated lock screen. We demonstrate the impact of this vulnerability on major Android vendors (Samsung, Huawei, Google and Xiaomi). Secondly, we found that app components can be abused by spyware to access sensors like the camera and the microphone in the background up to Android 10, bypassing mitigations specifically designed to prevent this behaviour. Using a two-app setup, we find that app components can be invoked stealthily to e.g. periodically take pictures and audio recordings in the background. Finally, we present Four Gates Inspector, our open-source static analysis tool to systematically detect such issues for a large number of apps with complex codebases. Our tool successfully identified exposed components issues in 34 out 5,783 apps with average analysis runtime of 4.3 s per app and, detected both known malware samples and unknown samples downloaded from the F-Droid repository. We responsibly disclosed all vulnerabilities presented in this paper to the affected vendors, leading to several CVE records and a currently unresolved high-severity issue in Android 10 and earlier.

5. CARDIS 2022

   Reveal the Invisible Secret: Chosen-Ciphertext Side-Channel Attacks on NTRU

   Xu, Zhuang, Pemberton, Owen, Oswald, David, and Zheng, Zhiming

   In Proceedings of the 21st Smart Card Research and Advanced Application Conference (CARDIS) 2022 2022

1. USENIX Security

   VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface

   Chen, Zitai, Vasilakis, Georgios, Murdock, Kit, Dean, Edward, Oswald, David, and Garcia, Flavio D.

   In 30th USENIX Security Symposium (USENIX Security 21) 2021

   PDF Website URL

Talks

1. HOST

   Fine-Grained Memory Protection for Zephyr with Capabilities on CHERI-RISC-V

   Jackson, Jennifer, and Jiang, Minmin

   IEEE International Symposium on Hardware Oriented Security and Trust 2024

1. WISC 23

   Evaluating the Microarchitectural Safety of CHERI

   Henes, Jacqui

   Women in Security and Cryptography 2023
2. Black Hat

   PMFault: Voltage Fault Injection on Server Platforms Through the PMBus

   Chen, Zitai, and Oswald, David

   Black Hat Asia 2023

   URL

1. CHERITech22

   CHERI and Trusted Execution Environments

   Jackson, Jennifer

   CHERI Technical Workshop 2022

   URL
2. CARDIS 2022

   Workshop on the CHERI security features and the ARM Morello prototype implementation

   Jennifer Jackson, Jacqui Henes, and Oswald, David

   CARDIS Fall School 2022

   URL

1. SILM

   Plundering and Pillaging with Voltage: Software and Hardware-based Fault-injection Attacks against SGX

   Garcia, Flavio D.

   3rd edition of workshop on the Security of Software / Hardware Interfaces (SILM 2021). Co-located with EuroS&P. 2021
2. hardware.io

   Stealing secrets from Intel vaults, with side channels and voltage faults

   Oswald, David, and Chen, Zitai

   Hardware.io Webiner 2021

   URL

Others

1. MSci Project

   Eccsmith: Turning the Blacksmith Rowhammer Fuzzer Into an ECC Validator

   Norton, Patricia

   2024

   PDF URL
2. MSci Project

   Investigating Information Leakages Observed Through the Power Consumption Side Channel on the Morello Board

   Fraunhoffer, Andrea-Bianca

   2024

   PDF

1. Github

   Github Repo: CHERITrEE

   Jackson, Jennifer, and Van Strydonck, Thomas

   2023

   URL
2. Github

   Github Repo: Pandora

   Alder, Fritz, Daniel, Lesly-Ann, Oswald, David, Piessens, Frank, and Van Bulck, Jo

   2023

   URL

1. GitHub

   GitHub Repo: Morello baremetal examples

   Jackson, Jennifer

   2022

   URL

1. CVE

   Security issue in the Occlum Rust TEE runtime, which can be used to leak enclave secrets

   CVE-2021-44421, 2021

   URL
2. GitHub

   OpenSource Contribution: Giles and Oswald: buffer overflow vulnerabilities in OpenPLC were reported and fixed

   Giles, Lorne, and Oswald, David

   2021

   URL

1. GitHub

   GitHub Repo: CHERI documentation

   Jackson, Jennifer, and Oswald, David

   2020

   URL