Some highlights of previously published research projects and CPU
vulnerabilities discovered in our group. (note: click on the logos to be redirected to the website of the respective project)
Overview
Three types of enclave interactions for privileged adversaries: (1) pass
attacker-controlled arguments through the enclave interface; (2) derive execution
metadata during or after enclave invocation through side channels; (3) extract enclave
secrets from the CPU’s microarchitectural state through transient execution.
So-called “microarchitectural” attacks
go beyond the visible architectural interface of the processor by exploiting
subtle, hidden details of the implementation of the underlying CPU (e.g.,
caches and branch predictors).
Videos
Find some introductory videos for some of our previous projects below.