Too much control over smartphones is in hands of few companies. Gatekeeping limits developers, users, governments. A different phone architecture can hand control back to the users while still protecting existing ecosystems. With Shweta Shinde Ivan Puddu. arxiv.org/abs/2102.02743

I'm hiring PhD students and postdocs for SECTRS @ ETH Zurich group. Come join us ETH CS Department!

An international research team whose members include an ETH Zurich professor has revealed a vulnerability in the #SecurityArchitecture of Intel #processors. Until July, Microsoft and Google products were also affected. ETH CS Department NUS ethz.ch/en/news-and-ev…

We have released the details of our upcoming ACM CCS 2025 2021 paper about a new software attack on SGX Our attack, SmashEx, exploits reentrancy bugs in enclave exception handling Check out our webpage for technical details: jasonyu1996.github.io/SmashEx Jinhua Jason Yu Prateek

Thank you Shweta Shinde for yesterday's insightful inaugural lecture titled “Trust, but Verify: Building the Foundations for Secure Software”. Watch the recording here bit.ly/3E3WEVn UC Berkeley NUS ETH Zurich #trustedcomputing #systemsecurity #programanalysis

Read about our group's recent work by Mark and Shweta Shinde

Shout out to the Acai team! Supraja Sridhara , Andrin Bertschi, Zauney, Benedict Schlueter, Fabio Aliberti

It's rewarding that our secure smartphone efforts are gaining recognition on a broader platform. Proud of the whole team: Friederike Groschupp, Mark, Moritz Schneider, Ivan Puddu, Srdjan Čapkun #cybersecurity #ETHZ #swisscybersecuritydays #scsd24

Can a malicious cloud provider send bad notifications to break confidential VMs? Disclosing #AhoiAttacks that break confidential computing offered by AMD SEV-SNP and Intel TDX by abusing interrupt delivery. Check our USENIX Security & IEEE S&P papers. ahoi-attacks.github.io/?1337

Our first attack #Heckler to appear USENIX Security breaks Intel TDX and AMD SEV-SNP by sending interrupts that trigger existing handlers to change the register state and variables in userspace. We break sshd, sudo, and other apps Details & Demo at ahoi-attacks.github.io/heckler/?1337

Our second attack #WeSee to appear IEEE S&P breaks AMD SEV-SNP by sending an interrupt specially introduced for SEV. Starting from a kernel read to arbitrary code injection, we gain a root shell. Details & Demo at ahoi-attacks.github.io/wesee/?1337

We provide an overview of this new family of attacks ahoi-attacks.github.io/blog/ahoi-over… Track CVE-2024-25742, CVE-2024-25743, CVE-2024-25744 for more updates on fixes and patches A fantastic effort by SECTRS @ ETH Zurich team: Benedict Schlueter Supraja Andrin Bertschi Zauney