\n
\n\n \n \n \n \n \n Unwinding the Stack for Fun and Profit.\n \n \n \n\n\n \n Duta, V.; Freyer, F.; Pagani, F.; Muench, M.; and Giuffrida, C.\n\n\n \n\n\n\n In
Black Hat Europe, December 2022. \n
\n\n
\n\n
\n\n
\n\n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@inproceedings{duta_unwinding_2022,\n\ttitle = {Unwinding the {Stack} for {Fun} and {Profit}},\n\tbooktitle = {Black {Hat} {Europe}},\n\tauthor = {Duta, Victor and Freyer, Fabian and Pagani, Fabio and Muench, Marius and Giuffrida, Cristiano},\n\tmonth = dec,\n\tyear = {2022},\n\tkeywords = {class\\_binary, proj\\_intersect, proj\\_memo, proj\\_theseus, proj\\_tropics, type\\_conf, type\\_paper},\n}\n\n
\n
\n\n\n\n
\n
\n\n \n \n \n \n \n \n Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots.\n \n \n \n \n\n\n \n Geretto, E.; Giuffrida, C.; Bos, H.; and van der Kouwe, E.\n\n\n \n\n\n\n In
ACSAC, December 2022. \n
\n\n
\n\n
\n\n
\n\n \n \n Paper\n \n \n \n Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 87 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n Artifact Evaluation Badges:\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@inproceedings{geretto_snappy_2022,\n\ttitle = {Snappy: {Efficient} {Fuzzing} with {Adaptive} and {Mutable} {Snapshots}},\n\turl = {Paper=https://download.vusec.net/papers/snappy_acsac22.pdf Code=https://github.com/vusec/snappy},\n\tbooktitle = {{ACSAC}},\n\tauthor = {Geretto, Elia and Giuffrida, Cristiano and Bos, Herbert and van der Kouwe, Erik},\n\tmonth = dec,\n\tyear = {2022},\n\tkeywords = {artifacts:functional, class\\_testing, proj\\_intersect, proj\\_memo, proj\\_theseus, proj\\_tropics, type\\_ae, type\\_conf, type\\_paper, type\\_top},\n}\n\n
\n
\n\n\n\n
\n
\n\n \n \n \n \n \n \n DangZero: Efficient Use-After-Free Detection via Direct Page Table Access.\n \n \n \n \n\n\n \n Gorter, F.; Koning, K.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In
CCS, November 2022. \n
\n\n
\n\n
\n\n
\n\n \n \n Paper\n \n \n \n Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 153 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@inproceedings{gorter_dangzero_2022,\n\ttitle = {{DangZero}: {Efficient} {Use}-{After}-{Free} {Detection} via {Direct} {Page} {Table} {Access}},\n\turl = {Paper=https://download.vusec.net/papers/dangzero_ccs22.pdf Code=https://github.com/vusec/dangzero},\n\tbooktitle = {{CCS}},\n\tauthor = {Gorter, Floris and Koning, Koen and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = nov,\n\tyear = {2022},\n\tkeywords = {class\\_sanitizer, proj\\_intersect, proj\\_memo, proj\\_theseus, proj\\_tropics, proj\\_unicore, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n
\n
\n\n\n\n
\n
\n\n \n \n \n \n \n \n Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks.\n \n \n \n \n\n\n \n Barberis, E.; Frigo, P.; Muench, M.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In
USENIX Security, August 2022. \n
Pwnie Award Nomination for Epic Achievement, Intel Bounty Reward\n\n
\n\n
\n\n
\n\n \n \n Paper\n \n \n \n Web\n \n \n \n Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 573 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n Artifact Evaluation Badges:\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@inproceedings{barberis_branch_2022,\n\ttitle = {Branch {History} {Injection}: {On} the {Effectiveness} of {Hardware} {Mitigations} {Against} {Cross}-{Privilege} {Spectre}-v2 {Attacks}},\n\turl = {Paper=http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf Web=https://www.vusec.net/projects/bhi-spectre-bhb Code=https://github.com/vusec/bhi-spectre-bhb},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {Barberis, Enrico and Frigo, Pietro and Muench, Marius and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = aug,\n\tyear = {2022},\n\tnote = {Pwnie Award Nomination for Epic Achievement, Intel Bounty Reward},\n\tkeywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\\_sidechannels, proj\\_intersect, proj\\_offcore, proj\\_theseus, proj\\_tropics, proj\\_unicore, type\\_ae, type\\_award, type\\_bounty, type\\_conf, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n
\n
\n\n\n\n
\n
\n\n \n \n \n \n \n \n TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering.\n \n \n \n \n\n\n \n Tatar, A.; Trujillo, D.; Giuffrida, C.; and Bos, H.\n\n\n \n\n\n\n In
USENIX Security, August 2022. \n
\n\n
\n\n
\n\n
\n\n \n \n Paper\n \n \n \n Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 108 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n Artifact Evaluation Badges:\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@inproceedings{tatar_tlbdr_2022,\n\ttitle = {{TLB};{DR}: {Enhancing} {TLB}-based {Attacks} with {TLB} {Desynchronized} {Reverse} {Engineering}},\n\turl = {Paper=https://download.vusec.net/papers/tlbdr_sec22.pdf Code=https://github.com/vusec/tlbdr},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {Tatar, Andrei and Trujillo, Daniël and Giuffrida, Cristiano and Bos, Herbert},\n\tmonth = aug,\n\tyear = {2022},\n\tkeywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\\_sidechannels, proj\\_intersect, proj\\_offcore, proj\\_theseus, proj\\_tropics, proj\\_unicore, type\\_ae, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n
\n
\n\n\n\n
\n
\n\n \n \n \n \n \n \n Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel.\n \n \n \n \n\n\n \n Johannesmeyer, B.; Koschel, J.; Razavi, K.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In
NDSS, April 2022. \n
\n\n
\n\n
\n\n
\n\n \n \n Paper\n \n \n \n Slides\n \n \n \n Web\n \n \n \n Code\n \n \n \n Video\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 519 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@inproceedings{johannesmeyer_kasper_2022,\n\ttitle = {Kasper: {Scanning} for {Generalized} {Transient} {Execution} {Gadgets} in the {Linux} {Kernel}},\n\turl = {Paper=https://download.vusec.net/papers/kasper_ndss22.pdf Slides=https://download.vusec.net/slides/kasper_ndss22.pdf Web=https://www.vusec.net/projects/kasper Code=https://github.com/vusec/kasper Video=https://www.youtube.com/watch?v=v89Zt3vxrww},\n\tbooktitle = {{NDSS}},\n\tauthor = {Johannesmeyer, Brian and Koschel, Jakob and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = apr,\n\tyear = {2022},\n\tkeywords = {class\\_sidechannels, proj\\_intersect, proj\\_offcore, proj\\_theseus, proj\\_tropics, proj\\_unicore, proj\\_veripatch, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n
\n
\n\n\n\n