About me
I am a professor in the DistriNet lab at the Department of Computer Science of KU Leuven, Belgium. My research explores attacks and defenses at the hardware-software boundary, with particular attention to privileged side channels in trusted execution environments.
Publications
| 2025 | Confusing Value with Enumeration: Studying the Use of CVEs in Academia Moritz Schloegel, Daniel Klischies, Simon Koch, David Klein, Lukas Gerlach, Malte Wessels, Leon Trampert, Martin Johns, Mathy Vanhoef, Michael Schwarz, Thorsten Holz, Jo Van Bulck 34th USENIX Security Symposium, 2025. USENIX Security 2025 Distinguished Paper Award Artifacts evaluated: Available @inproceedings{schloegel2025confusing,
title = {Confusing Value with Enumeration: Studying the Use of {CVEs} in Academia},
author = {Schloegel, Moritz and Klischies, Daniel and Koch, Simon and Klein, David and Gerlach, Lukas and Wessels, Malte and Trampert, Leon and Johns, Martin and Vanhoef, Mathy and Schwarz, Michael and Holz, Thorsten and Van Bulck, Jo},
booktitle = {34th {USENIX} Security Symposium ({USENIX} Security 25)},
month = Aug,
year = 2025
}
Quantitative/qualitative analysis and user study of CVE usage in A* security papers, showing increasing inclusion trend and widespread misconceptions.
| ||||||
SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution Daniel Weber, Lukas Gerlach, Leon Trampert, Youheng Lü, Jo Van Bulck, Michael Schwarz 34th USENIX Security Symposium, 2025. Artifacts evaluated: Available, Functional, Reproduced @inproceedings{weber2025scase,
title = {{SCASE}: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution},
author = {Weber, Daniel and Gerlach, Lukas and Trampert, Leon and L\"u, Youheng and Van Bulck, Jo and Schwarz, Michael},
booktitle = {34th {USENIX} Security Symposium ({USENIX} Security 25)},
month = Aug,
year = 2025
}
Automated key extraction from opaque binaries using SGX-Step page-access traces to effectively prune the symbolic-execution search space.
| |||||||
openIPE: An Extensible Memory Isolation Framework for Microcontrollers Marton Bognar, Jo Van Bulck 10th IEEE European Symposium on Security and Privacy (EuroS&P), 2025. EuroS&P 2025 Distinguished Paper Award @inproceedings{bognar25openipe,
title = {{openIPE}: An Extensible Memory Isolation Framework for Microcontrollers},
author = {Bognar, Marton and Van Bulck, Jo},
year = 2025,
booktitle = {10th {IEEE} European Symposium on Security and Privacy (EuroS{\&}P)},
}
 Low-end memory isolation framework compatible with Texas Instruments' proprietary IPE specification, enabling rapid prototyping of hardware, software, and firmware extensions.
| |||||||
Wait a Cycle: Eroding Cryptographic Trust in Low-End TEEs via Timing Side Channels Ruben Van Dijck, Marton Bognar, Jo Van Bulck 8th Workshop on System Software for Trusted Execution (SysTEX), 2025. SysTEX 2025 Best Paper with Artifacts Award Artifacts evaluated: Available, Functional, Reusable @inproceedings{vandijck2025wait,
title = {Wait a Cycle: Eroding Cryptographic Trust in Low-End {TEEs} via Timing Side Channels},
author = {Van Dijck, Ruben and Bognar, Marton and Van Bulck, Jo},
booktitle = {8th Workshop on System Software for Trusted Execution {(SysTEX)}},
month = Jun,
year = 2025,
}
Systematic study of timing channels in low-end research TEEs, finding non-constant-time behavior in library functions, compilers, and cryptographic hardware.
| |||||||
Principled Symbolic Validation of Enclaves on Low-End Microcontrollers Gert-Jan Goossens, Jo Van Bulck 8th Workshop on System Software for Trusted Execution (SysTEX), 2025. Artifacts evaluated: Available, Functional, Reusable @inproceedings{goossens2025principled,
title = {Principled Symbolic Validation of Enclaves on Low-End Microcontrollers},
author = {Goossens, Gert-Jan and Van Bulck, Jo},
booktitle = {8th Workshop on System Software for Trusted Execution {(SysTEX)}},
month = Jun,
year = 2025,
}
Extension to our earlier Pandora-SGX symbolic-execution tool, including a hardware abstraction layer to validate enclave software on low-end microcontrollers.
| |||||||
TLBlur: Compiler-Assisted Automated Hardening against Controlled Channels on Off-the-Shelf Intel SGX Platforms Daan Vanoverloop, Andres Sanchez, Flavio Toffalini, Frank Piessens, Mathias Payer, Jo Van Bulck 34th USENIX Security Symposium, 2025. Artifacts evaluated: Available, Functional, Reproduced @inproceedings{vanoverloop2025tlblur,
title = {{TLBlur}: Compiler-Assisted Automated Hardening against Controlled Channels on Off-the-Shelf {Intel SGX} Platforms},
author = {Vanoverloop, Daan and Sanchez, Andres and Toffalini, Flavio and Piessens, Frank and Payer, Mathias and Van Bulck, Jo},
booktitle = {34th {USENIX} Security Symposium ({USENIX} Security 25)},
month = Aug,
year = 2025
}
 Compiler-assisted mitigation for Intel SGX that uses the AEX-Notify hardware extension to transparently "blur" the bandwidth of controlled-channel attacks to the set of recently accessed pages.
| |||||||
BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments Jesse De Meulemeester, Luca Wilke, David Oswald, Thomas Eisenbarth, Ingrid Verbauwhede, Jo Van Bulck 46th IEEE Symposium on Security and Privacy (S&P), 2025. CVE-2024-21944 AMD response @inproceedings{demeulemeester24-badram,
title = {{BadRAM}: Practical Memory Aliasing Attacks on Trusted Execution Environments},
author = {De Meulemeester, Jesse and Wilke, Luca and Oswald, David and Eisenbarth, Thomas and Verbauwhede, Ingrid and Van Bulck, Jo},
booktitle = {46th {IEEE} Symposium on Security and Privacy ({S\&P})},
month = May,
year = 2025,
}
 Novel attack primitive that breaks AMD SEV-SNP by modifying DRAM SPD metadata to create aliases in the physical address space.
| |||||||
| 2024 | Exceptions Prove the Rule: Investigating and Resolving Residual Side Channels in Provably Secure Interrupt Handling Matteo Busi, Pierpaolo Degano, Riccardo Focardi, Letterio Galletta, Flaminia Luccio, Frank Piessens, Jo Van Bulck 4th Workshop on Program Analysis and Verification on Trusted Platforms (PAVeTrust), 2024. @inproceedings{busi2024exceptions,
author = {Busi, Matteo and Degano, Pierpaolo and Focardi, Riccardo and Galletta, Letterio and Luccio, Flaminia and Piessens, Frank and Van Bulck, Jo},
title = {Exceptions Prove the Rule: Investigating and Resolving Residual Side Channels in Provably Secure Interrupt Handling},
booktitle = {4th Workshop on Program Analysis and Verification on Trusted Platforms (PAVeTrust)},
month = Sept,
year = 2024,
}
Analysis and mitigation of a subtle flaw in how the formal model for Sancus-V handles memory-access exceptions vs. interrupts.
| ||||||
Intellectual Property Exposure: Subverting and Securing Intellectual Property Encapsulation in Texas Instruments Microcontrollers Marton Bognar, Cas Magnus, Frank Piessens, Jo Van Bulck 33rd USENIX Security Symposium, 2024. TI-PSIRT-2023-040180 TI response Artifacts evaluated: Available, Functional, Reproduced @inproceedings{bognar2024exposure,
author = {Bognar, Marton and Magnus, Cas and Piessens, Frank and Van Bulck, Jo},
title = {Intellectual Property Exposure: Subverting and Securing {Intellectual Property Encapsulation} in {Texas Instruments} Microcontrollers},
booktitle = {33rd {USENIX} Security Symposium},
month = Aug,
year = 2024,
}
| |||||||
Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes Fritz Alder, Lesly-Ann Daniel, David Oswald, Frank Piessens, Jo Van Bulck 45th IEEE Symposium on Security and Privacy (S&P), 2024. CVE-2022-26509, CVE-2023-37479, CVE-2023-38022, CVE-2023-38021, CVE-2022-46487, CVE-2022-46486, CVE-2023-38023, CVE-2023-42776 @inproceedings{alder2024pandora,
title = {Pandora: Principled Symbolic Validation of {Intel SGX} Enclave Runtimes},
author = {Alder, Fritz and Daniel, Lesly-Ann and Oswald, David and Piessens, Frank and Van Bulck, Jo},
booktitle = {45th {IEEE} Symposium on Security and Privacy ({S\&P})},
month = May,
year = 2024,
}
 Truthful symbolic-execution tool, based on angr, to autonomously detect varied interface-sanitization vulnerabilities in heterogenous SGX runtimes.
| |||||||
| 2023 | SGX-Step: An Open-Source Framework for Precise Dissection and Practical Exploitation of Intel SGX Enclaves Jo Van Bulck, Frank Piessens ACSAC 2023 Cybersecurity Artifacts Competition and Impact Award Finalist Short Paper, 2023. ACSAC 2023 Cybersecurity Artifacts Competition and Impact Award Artifacts Competition @inproceedings{vanbulck2023sgxstep,
title = {{SGX-Step}: An Open-Source Framework for Precise Dissection and Practical Exploitation of {Intel SGX} Enclaves},
author = {Van Bulck, Jo and Piessens, Frank},
booktitle = {ACSAC 2023 Cybersecurity Artifacts Competition and Impact Award Finalist Short Paper},
month = Dec,
year = 2023,
}
 Insights and impact from maintaining the open-source SGX-Step attack framework that led to mitigations in recent Intel processors and SDKs.
| ||||||
AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves Scott Constable, Jo Van Bulck, Xiang Cheng, Yuan Xiao, Cedric Xing, Ilya Alexandrovich, Taesoo Kim, Frank Piessens, Mona Vij, Mark Silberstein 32nd USENIX Security Symposium, 2023. @inproceedings{constable2023aexnotify,
title = {{AEX-Notify}: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for {Intel SGX} Enclaves},
author = {Constable, Scott and Van Bulck, Jo and Cheng, Xiang and Xiao, Yuan and
Xing, Cedric and Alexandrovich, Ilya and Kim, Taesoo and
Piessens, Frank and Vij, Mona and Silberstein, Mark },
booktitle = {32nd {USENIX} Security Symposium},
pages = {4051--4068},
month = Aug,
year = 2023,
}
| |||||||
MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling Marton Bognar, Hans Winderix, Jo Van Bulck, Frank Piessens 8th IEEE European Symposium on Security and Privacy (EuroS&P), 2023. @inproceedings{bognar2023microprofiler,
title = {MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling},
author = {Bognar, Marton and Winderix, Hans and Van Bulck, Jo and Piessens, Frank},
booktitle = {8th {IEEE} European Symposium on Security and Privacy {(EuroS\&P)}},
month = Jul,
year = 2023,
}
Automated profiling methodology to inform compile-time code-balancing mitigations for Nemesis interrupt-latency and DMA contention side channels on low-end microcontrollers.
| |||||||
About Time: On the Challenges of Temporal Guarantees in Untrusted Environments Fritz Alder, Gianluca Scopelliti, Jo Van Bulck, Jan Tobias Mühlberg 6th Workshop on System Software for Trusted Execution (SysTEX), 2023. @inproceedings{alder2023about,
title = {About Time: On the Challenges of Temporal Guarantees in Untrusted Environments},
author = {Alder, Fritz and Scopelliti, Gianluca and Van Bulck, Jo and M\"uhlberg, Jan Tobias},
booktitle = {6th Workshop on System Software for Trusted Execution {(SysTEX)}},
month = May,
year = 2023,
}
Analysis of challenges to reliably track different levels of time in trusted execution environments.
| |||||||
| 2022 | A Case for Unified ABI Shielding in Intel SGX Runtimes Jo Van Bulck, Fritz Alder, Frank Piessens 5th Workshop on System Software for Trusted Execution (SysTEX), 2022. Patched in Enarx v0.2.1 @inproceedings{vanbulck2022abi,
title = {A Case for Unified {ABI} Shielding in {Intel SGX} Runtimes},
author = {Van Bulck, Jo and Alder, Fritz and Piessens, Frank},
booktitle = {5th Workshop on System Software for Trusted Execution {(SysTEX)}},
month = Mar,
year = 2022,
}
Systematic analysis of ABI sanitization assembly code stubs in Intel SGX runtimes and argument for code unification.
| ||||||
Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures Marton Bognar, Jo Van Bulck, Frank Piessens 43rd IEEE Symposium on Security and Privacy (S&P), 2022. @inproceedings{bognar2022gap,
title = {Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures},
author = {Bognar, Marton and Van Bulck, Jo and Piessens, Frank},
booktitle = {43rd {IEEE} Symposium on Security and Privacy {(S\&P)}},
month = May,
year = 2022,
}
Systematic, inductive study of remaining attack surfaces in embedded trusted-execution research prototypes with formal, deductive security arguments.
| |||||||
Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments Fritz Alder, Jo Van Bulck, Jesse Spielman, David Oswald, Frank Piessens ACM Digital Threats: Research and Practice (DTRAP), 2022. @article{alder2022fpu,
title = {Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments},
author = {Alder, Fritz and Van Bulck, Jo and Spielman, Jesse and Oswald, David and Piessens, Frank },
journal = {Digital Threats: Research and Practice},
volume = {3},
number = {2},
pages = {1--26},
month = Feb,
year = 2022,
}
Journal version of the FPU-SGX paper, including extension to RISC-V TEEs.
| |||||||
| 2021 | Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves Fritz Alder, Jo Van Bulck, Frank Piessens, Jan Tobias Mühlberg 28th ACM Conference on Computer and Communications Security (CCS), 2021. @inproceedings{alder2021aion,
title = {Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves},
author = {Alder, Fritz and Van Bulck, Jo and Piessens, Frank and M\"uhlberg, Jan Tobias},
booktitle = {28th {ACM} Conference on Computer and Communications Security {(CCS)}},
month = Nov,
year = 2021,
}
| ||||||
Securing Interruptible Enclaved Execution on Small Microprocessors Matteo Busi, Job Noorman, Jo Van Bulck, Letterio Galletta, Pierpaolo Degano, Jan Tobias Mühlberg, Frank Piessens ACM Transactions on Programming Languages and Systems (TOPLAS), 2021. @article{busi2021securing,
title = {Securing Interruptible Enclaved Execution on Small Microprocessors},
author = {Busi, Matteo and Noorman, Job and Van Bulck, Jo and Galletta,
Letterio and Degano, Pierpaolo and M\"uhlberg, Jan Tobias and
Piessens, Frank},
journal = {ACM Transactions on Programming Languages and Systems (TOPLAS)},
volume = {43},
number = {3},
pages = {1--77},
year = 2021,
}
Journal version of the Sancus-V paper, with a more detailed formal proof
| |||||||
Robust Authentication for Automotive Control Networks through Covert Channels Stien Vanderhallen, Jo Van Bulck, Frank Piessens, Jan Tobias Mühlberg Computer Networks, 2021. @article{vanderhalle2021robust,
title = {Robust Authentication for Automotive Control Networks through Covert Channels},
author = {Vanderhallen, Stien and Van Bulck, Jo and Piessens, Frank and M\"uhlberg, Jan Tobias},
journal = {Computer Networks},
volume = {193},
pages = {108079:1--15},
year = 2021,
}
Extension of the VulCAN authentication protocol, with transparent nonce synchronization via timing covert channels.
| |||||||
| 2020 | Faulty Point Unit: ABI Poisoning Attacks on Intel SGX Fritz Alder, Jo Van Bulck, David Oswald, Frank Piessens 36th Annual Computer Security Applications Conference (ACSAC), 2020. ACSAC 2020 distinguished paper with artifacts award CVE-2020-0561, CVE-2020-15107 Artifacts evaluated: Reusable @inproceedings{alder2020fpu,
title = {Faulty Point Unit: {ABI} Poisoning Attacks on {Intel SGX}},
author = {Alder, Fritz and Van Bulck, Jo and Oswald, David and Piessens, Frank },
booktitle = {36th Annual Computer Security Applications Conference {(ACSAC)}},
pages = {415--427},
month = Dec,
year = 2020,
}
Widespread ABI-sanitization vulnerability in SGX runtimes, allowing to degrade floating-point precision and rounding modes.
| ||||||
Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck PhD thesis KU Leuven, September 14, 2020. ACM SIGSAC Doctoral Dissertation Award 2021, ERCIM STM PhD Award 2021, FWO/IBM Innovation Award 2021 @phdthesis{vanbulck2020phd,
title={Microarchitectural Side-Channel Attacks for Privileged Software Adversaries},
author={Van Bulck, Jo},
school={KU Leuven},
month = Sep,
year=2020
}
PhD dissertation, including systematization of Intel SGX attack/defense landscape.
| |||||||
CopyCat: Controlled Instruction-Level Attacks on Enclaves Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, Berk Sunar 29th USENIX Security Symposium, 2020. CVE-2019-19960, CVE-2019-19961, CVE-2019-19963, CVE-2020-7960 @inproceedings{moghimi2020copycat,
title = {{CopyCat}: Controlled Instruction-Level Attacks on Enclaves},
author = {Moghimi, Daniel and Van Bulck, Jo and Heninger, Nadia and Piessens, Frank and Sunar, Berk},
booktitle = {29th {USENIX} Security Symposium},
pages = {469--486},
month = Aug,
year = 2020,
}
| |||||||
Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors Matteo Busi, Job Noorman, Jo Van Bulck, Letterio Galletta, Pierpaolo Degano, Jan Tobias Mühlberg, Frank Piessens 33rd IEEE Computer Security Foundations Symposium (CSF), 2020. @inproceedings{busi2020provably,
title = {Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors},
author = {Busi, Matteo and Noorman, Job and Van Bulck, Jo and Galletta,
Letterio and Degano, Pierpaolo and M\"uhlberg, Jan Tobias and
Piessens, Frank},
booktitle = {33rd {IEEE} Computer Security Foundations Symposium {(CSF)}},
pages = {262--276},
month = Jun,
year = 2020
}
Formal model, security proof, and prototype implementation of a Nemesis-resistant interrupt mechanism for low-end enclave processors.
| |||||||
Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens IEEE Security & Privacy Magazine Special Issue on Hardware-Assisted Security, 2020. @article{murdock2020plundervoltmagazine,
title = {Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble},
author = {Murdock, Kit and Oswald, David and Garcia, Flavio D. and Van
Bulck, Jo and Gruss, Daniel and Piessens, Frank},
journal = {{IEEE} Security \& Privacy Magazine Special Issue on Hardware-Assisted Security},
year = 2020,
}
Accessible journal version of the Plundervolt attack.
| |||||||
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens 41st IEEE Symposium on Security and Privacy (S&P), 2020. CVE-2020-0551 Intel response @inproceedings{vanbulck2020lvi,
title = {{LVI}: Hijacking Transient Execution through Microarchitectural Load Value Injection},
author = {Van Bulck, Jo and Moghimi, Daniel and Schwarz, Michael and
Lipp, Moritz and Minkin, Marina and Genkin, Daniel and Yuval,
Yarom and Sunar, Berk and Gruss, Daniel and Piessens, Frank},
booktitle = {41st {IEEE} Symposium on Security and Privacy {(S\&P)}},
pages = {54--72},
month = May,
year = 2020,
}
 Novel, gadget-driven exploitation methodology that turns around prior Meltdown-type attacks by provoking faults/assists during victim execution.
| |||||||
Plundervolt: Software-Based Fault Injection Attacks Against Intel SGX Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens 41st IEEE Symposium on Security and Privacy (S&P), 2020. CVE-2019-11157 Intel response @inproceedings{murdock2020plundervolt,
title = {Plundervolt: Software-Based Fault Injection Attacks Against {Intel SGX}},
author = {Murdock, Kit and Oswald, David and Garcia, Flavio D. and Van
Bulck, Jo and Gruss, Daniel and Piessens, Frank},
booktitle = {41st {IEEE} Symposium on Security and Privacy {(S\&P)}},
pages = {1466--1482},
month = May,
year = 2020,
}
 Fault attack on Intel SGX enclave computations by carefully undervolting the CPU via an undocumented privileged software interface.
| |||||||
| 2019 | A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D. Garcia, Frank Piessens 26th ACM Conference on Computer and Communications Security (CCS), 2019. CVE-2018-3626, CVE-2019-14565, CVE-2019-0876, CVE-2019-1369, CVE-2019-1370 Intel response @inproceedings{vanbulck2019tale,
title = {A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes},
author = {Van Bulck, Jo and Oswald, David and Marin, Eduard and Aldoseri, Abdulla and Garcia, Flavio D. and Piessens, Frank},
booktitle = {26th {ACM} Conference on Computer and Communications Security {(CCS)}},
pages = {1741--1758},
month = Nov,
year = 2019,
}
 Large-scale study of ABI and API interface sanitization vulnerabilities in Intel SGX enclave shielding runtimes.
| ||||||
ZombieLoad: Cross-Privilege-Boundary Data Sampling Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, Daniel Gruss 26th ACM Conference on Computer and Communications Security (CCS), 2019. CVE-2018-12130, CVE-2019-11135, CVE-2020-0549 Intel response @inproceedings{schwarz2019zombieload,
title = {{ZombieLoad}: Cross-Privilege-Boundary Data Sampling},
author = {Schwarz, Michael and Lipp, Moritz and Moghimi, Daniel and Van
Bulck, Jo and Stecklina, Julian and Prescher, Thomas and
Gruss, Daniel},
booktitle = {26th {ACM} Conference on Computer and Communications Security {(CCS)}},
pages = {753--768},
month = Nov,
year = 2019,
}
 Meltdown-type attack exploiting incorrect transient forwarding from line-fill buffers following faults or microcode assists on affected Intel CPUs.
| |||||||
Fallout: Leaking Data on Meltdown-Resistant CPUs Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, Yuval Yarom 26th ACM Conference on Computer and Communications Security (CCS), 2019. CVE-2018-12126 Intel response @inproceedings{canella2019fallout,
title = {Fallout: Leaking Data on {Meltdown}-Resistant {CPUs}},
author = {Canella, Claudio and Genkin, Daniel and Giner, Lukas and
Gruss, Daniel and Lipp, Moritz and Minkin, Marina and Moghimi,
Daniel and Piessens, Frank and Schwarz, Michael and Sunar,
Berk and Van Bulck, Jo and Yarom, Yuval},
booktitle = {26th {ACM} Conference on Computer and Communications Security {(CCS)}},
pages = {769--784},
year = 2019,
month = Nov,
}
 Meltdown-type attack and TLB timing side channel exploiting incorrect transient forwarding from store buffers following faults or microcode assists on affected Intel CPUs.
| |||||||
A Systematic Evaluation of Transient Execution Attacks and Defenses Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, Daniel Gruss 28th USENIX Security Symposium, 2019. @inproceedings{canella2019systematic,
title = {A Systematic Evaluation of Transient Execution Attacks and Defenses},
author = {Canella, Claudio and Van Bulck, Jo and Schwarz, Michael and
Lipp, Moritz and von Berg, Benjamin and Ortner, Philipp and
Piessens, Frank and Evtyushkin, Dmitry and Gruss, Daniel},
booktitle = {28th {USENIX} Security Symposium},
pages = {249--266},
month = Aug,
year = 2019,
}
Extensible taxonomy of then-known Meltdown-type and Spectre-type transient-execution attacks, leading to the discovery of novel attack variants.
| |||||||
Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas Wenisch, Yuval Yarom, Raoul Strackx IEEE Micro Top Picks from the 2018 Computer Architecture Conferences, 2019. @article{vanbulck2019breaking,
title = {Breaking Virtual Memory Protection and the {SGX} Ecosystem with {Foreshadow}},
author = {Van Bulck, Jo and Minkin, Marina and Weisse, Ofir and Genkin,
Daniel and Kasikci, Baris and Piessens, Frank and Silberstein,
Mark and Wenisch, Thomas F and Yarom, Yuval and Strackx, Raoul},
journal = {{IEEE} {Micro} Top Picks from the 2018 Computer Architecture Conferences},
volume = 39,
number = 3,
pages = {66--74},
year = 2019,
}
Accessible journal version of the original Foreshadow attack.
| |||||||
| 2018 | Tutorial: Uncovering and Mitigating Side-Channel Leakage in Intel SGX Enclaves Jo Van Bulck, Frank Piessens 8th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE), 2018. @inproceedings{vanbulck2018tutorial,
title = {Tutorial: Uncovering and Mitigating Side-Channel Leakage in {Intel SGX} Enclaves},
author = {Van Bulck, Jo and Piessens, Frank},
booktitle = {8th International Conference on Security, Privacy, and Applied Cryptography Engineering {(SPACE)}},
pages = {20--24},
month = Dec,
year = 2018,
}
Abstract for a lecture and interactive tutorial on exploiting and mitigating side channels in Intel SGX enclave programs.
| ||||||
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck, Frank Piessens, Raoul Strackx 25th ACM Conference on Computer and Communications Security (CCS), 2018. @inproceedings{vanbulck2018nemesis,
title = {Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary {CPU} Interrupt Logic},
author = {Van Bulck, Jo and Piessens, Frank and Strackx, Raoul},
booktitle = {25th {ACM} Conference on Computer and Communications Security {(CCS)}},
pages = {178--195},
month = Oct,
year = 2018,
}
 Novel microarchitectural side channel measuring interrupt latency to leak individual instruction timings from Intel SGX and embedded Sancus enclaves.
| |||||||
Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution Ofir Weisse, Jo Van Bulck, Marina Minkin, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Raoul Strackx, Thomas Wenisch, Yuval Yarom Technical report, 2018. CVE-2018-3620, CVE-2018-3646 Intel response @article{weisse2018foreshadowNG,
title = {{Foreshadow-NG}: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution},
author = {Weisse, Ofir and Van Bulck, Jo and Minkin, Marina and Genkin,
Daniel and Kasikci, Baris and Piessens, Frank and Silberstein,
Mark and Strackx, Raoul and Wenisch, Thomas F. and Yarom,
Yuval},
journal = {Technical report},
month = Aug,
year = 2018,
}
 Technical report with independent academic analysis of Intel's generalization of our original Foreshadow-SGX attack to break virtual-machine and operating-system isolation.
| |||||||
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas Wenisch, Yuval Yarom, Raoul Strackx 27th USENIX Security Symposium, 2018. CVE-2018-3615 Intel response @inproceedings{vanbulck2018foreshadow,
title = {Foreshadow: Extracting the Keys to the {Intel SGX} Kingdom
with Transient Out-of-Order Execution},
author = {Van Bulck, Jo and Minkin, Marina and Weisse, Ofir and Genkin,
Daniel and Kasikci, Baris and Piessens, Frank and Silberstein,
Mark and Wenisch, Thomas F. and Yarom, Yuval and Strackx, Raoul},
booktitle = {27th {USENIX} Security Symposium},
pages = {991--1008},
month = Aug,
year = 2018,
}
Novel Meltdown-type attack (aka L1 Terminal Fault - L1TF) that breaks Intel SGX by exploiting incorrect transient forwarding from the L1D cache following faulting loads from unmapped pages on affected Intel CPUs.
| |||||||
Tutorial: Building Distributed Enclave Applications with Sancus and SGX Jan Tobias Mühlberg, Jo Van Bulck 48th International Conference on Dependable Systems and Networks (DSN), 2018. @inproceedings{muehlber2018tutorial,
title = "Tutorial: Building Distributed Enclave Applications with {Sancus} and {SGX}",
author = {M{\"u}hlberg, Jan Tobias and Van Bulck, Jo},
booktitle = {48th International Conference on Dependable Systems and Networks {(DSN)}},
month = Jun,
year = 2018,
}
| |||||||
Reflections on Post-Meltdown Trusted Computing: A Case for Open Security Processors Jan Tobias Mühlberg, Jo Van Bulck ;login: the USENIX magazine vol.43 no.3, 2018. @article{muelberg2018reflections,
title = {Reflections on Post-{Meltdown} Trusted Computing: A Case for Open Security Processors},
author = {M{\"u}hlberg, Jan Tobias and Van Bulck, Jo},
journal = {{;login: the {USENIX} magazine}},
volume = 43,
number = 3,
pages = {6--9},
year = 2018,
}
Opinion article on open-source security architectures with principled and inspectable hardware-software co-design.
| |||||||
Off-Limits: Abusing Legacy x86 Memory Segmentation to Spy on Enclaved Execution Jago Gyselinck, Jo Van Bulck, Frank Piessens, Raoul Strackx International Symposium on Engineering Secure Software and Systems (ESSoS), 2018. Artifacts evaluated @inproceedings{gyselinck2018off,
title = {Off-limits: Abusing Legacy x86 Memory Segmentation to Spy on Enclaved Execution},
author = {Gyselinck, Jago and Van Bulck, Jo and Piessens, Frank and Strackx, Raoul},
booktitle = {International Symposium on Engineering Secure Software and Systems {(ESSoS)}},
pages = {44--60},
month = Jun,
year = 2018,
}
Novel side-channel attack using the x86 segmentation unit to leak fine-grained data- and control-flow from 32-bit Intel SGX enclaves.
| |||||||
| 2017 | VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens 33th Annual Computer Security Applications Conference (ACSAC), 2017. Nominated for ACSAC 2017 distinguished paper award Artifacts evaluated @inproceedings{vanbulck2017vulcan,
title = {{VulCAN}: Efficient Component Authentication and Software Isolation for Automotive Control Networks},
author = {Van Bulck, Jo and M{\"u}hlberg, Jan Tobias and Piessens, Frank },
booktitle = {33rd Annual Computer Security Applications Conference {(ACSAC)}},
pages = {225--237},
month = Dec,
year = 2017,
}
Backwards-compatible authentication protocol for automotive CAN networks using embedded Sancus enclaves for end-point isolation and hardware-level cryptography.
| ||||||
SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control Jo Van Bulck, Frank Piessens, Raoul Strackx 2nd Workshop on System Software for Trusted Execution (SysTEX), 2017. SysTEX 2017 best paper award, ACSAC 2023 Cybersecurity Artifacts Competition and Impact Award @inproceedings{vanbulck2017sgxstep,
title = {{SGX-Step}: A Practical Attack Framework for Precise Enclave Execution Control},
author = {Van Bulck, Jo and Piessens, Frank and Strackx, Raoul},
booktitle = {2nd Workshop on System Software for Trusted Execution {(SysTEX)}},
pages = {4:1--4:6},
month = Oct,
year = 2017,
}
Open-source framework for reliably interrupting Intel SGX enclaves at instruction-level or page-level granularity, enabling high-resolution side-channel attacks.
| |||||||
Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, Raoul Strackx 26th USENIX Security Symposium, 2017. CVE-2017-9526 (Patched in Libgcrypt v1.7.7) @inproceedings{vanbulck2017telling,
title = {Telling your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution},
author = {Van Bulck, Jo and Weichbrodt, Nico and Kapitza, R\"udiger and Piessens, Frank and Strackx, Raoul},
booktitle = {26th {USENIX} Security Symposium},
pages = {1041--1056},
month = Aug,
year = 2017,
}
Stealthy, interrupt-driven controlled-channel attacks on Intel SGX enclaves using page-table attributes and caching behavior, without provoking page faults
| |||||||
Sancus 2.0: A Low-Cost Security Architecture for IoT Devices Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, Felix Freiling ACM Transactions on Privacy and Security (TOPS), 2017. @article{noorman2017sancus,
title = {Sancus 2.0: A Low-Cost Security Architecture for {IoT} Devices},
author = {Noorman, J. and Van Bulck, J. and M{\"u}hlberg, J. Tobias and
Piessens, F. and Maene, P. and Preneel, B. and Verbauwhede, I.
and G{\"o}tzfried, J. and M{\"u}ller, T. and Freiling, F.},
journal = {{ACM} Transactions on Privacy and Security {(TOPS)}},
pages = {1--33},
volume = 20,
number = 3,
year = 2017
}
 Open-source TEE research prototype with minimal CPU extensions for isolation and attestation on lightweight embedded microcontrollers.
| |||||||
| 2016 | Implementation of a High Assurance Smart Meter using Protected Module Architectures Jan Tobias Mühlberg, Sara Cleemput, Mustafa A. Mustafa, Jo Van Bulck, Bart Preneel, Frank Piessens 10th WISTP International Conference on Information Security Theory and Practice (WISTP), 2016. @inproceedings{muehlber2016implementation,
title = {Implementation of a High Assurance Smart Meter using Protected Module Architectures},
author = {M{\"u}hlberg, Jan Tobias and Cleemput, Sara and Mustafa, A.
Mustafa and Van Bulck, Jo and Preneel, Bart and Piessens,
Frank},
booktitle = {10th {WISTP} International Conference on Information Security Theory and Practice {(WISTP)}},
pages = {53--69},
month = Aug,
year = 2016,
}
| ||||||
Towards Availability and Real-Time Guarantees for Protected Module Architectures Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg, Frank Piessens Workshop on Modularity Across the System Stack (MASS), 2016. @inproceedings{vanbulck2016towards,
title = {Towards Availability and Real-Time Guarantees for Protected Module Architectures},
author = {Van Bulck, Jo and Noorman, Job and M{\"u}hlberg, Jan Tobias and Piessens, Frank},
booktitle = {Companion Proceedings of the 15th International Conference on Modularity {(MASS)}},
pages = {146--151},
month = Mar,
year = 2016,
}
| |||||||
| 2015 | Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg, Frank Piessens 9th WISTP International Conference on Information Security Theory and Practice (WISTP), 2015. @inproceedings{vanbulck2015secure,
title = {Secure Resource Sharing for Embedded Protected Module Architectures},
author = {Van Bulck, Jo and Noorman, Job and M{\"u}hlberg, Jan Tobias and Piessens, Frank},
booktitle = {9th {WISTP} International Conference on Information Security Theory and Practice {(WISTP)}},
pages = {71--87},
month = Aug,
year = 2015,
}
| ||||||
Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck Master thesis KU Leuven, 2015. VASCO thesis award 2015, BELCLIV thesis award 2016 @mastersthesis{vanbulck2015thesis,
title = {Secure Resource Sharing for Embedded Protected Module Architectures},
author = {Van Bulck, Jo},
school = {KU Leuven},
year = 2015
}
|
Talks
| 2025 | Trust Under Siege: Exploiting and Mitigating Interface-Based Attacks on TEEs Jo Van Bulck Invited lecture @ Graz Security Week 2025, Graz, Austria, September 4, 2025. |
| Principled Symbolic Validation of Enclaves on Low-End Microcontrollers Jo Van Bulck Paper presentation @ 8th Workshop on System Software for Trusted Execution (SysTEX), Venice, Italy, July 4, 2025. | |
| Jo Van Bulck Guest lecture @ Master Industrial Engineering, Ghent, Belgium, May 21, 2025. | |
| Automatic Discovery of Artifacts in Cybersecurity Literature Marton Bognar, Arthur Bols, Jo Van Bulck Poster presentation @ KU Leuven Open Science Day, Leuven, Belgium, May 6, 2025. | |
| Dealing with Reviewer Feedback and Rebuttals? Jo Van Bulck Panel discussion @ DRADS DistriNet Workshop, Oostduinkerke, Belgium, March 11, 2025. | |
| Fortress or Facade: Strengthening the Future of Confidential Computing Jo Van Bulck Keynote @ DRADS DistriNet Workshop, Oostduinkerke, Belgium, March 10, 2025. | |
| TLBlur: The Art of Obscuring SGX Page Accesses Across Space and Time Daan Vanoverloop, Jo Van Bulck Invited Talk @ Intel Tech Talk, Online, March 3, 2025. | |
| Breaking and Securing Memory Isolation in Texas Instruments Microcontrollers Marton Bognar, Jo Van Bulck Talk @ RuhrSec IT Security Conference, Bochum, Germany, February 21, 2025. | |
| Trust for Our Time: Confidential Computing in Untrusted Environments Jo Van Bulck Inaugural lecture @ KU Leuven, Dept. of Computer Science, Leuven, Belgium, February 14, 2025. | |
| BadRAM: Breaching Processor Security via Rogue Memory Modules Jo Van Bulck Invited talk @ Kata containers confidential computing use case meeting, online, January 16, 2025. | |
| 2024 | Attacks and Defenses for Trusted Execution Environments Jo Van Bulck Guest lecture @ KU Leuven Seminar in Cybersecurity, Leuven, Belgium, November 15, 2024. |
| Attacks and Defenses for Trusted Execution Environments Jo Van Bulck Guest lecture @ CMU Advanced Topics in Hardware Security, online, November 14, 2024. | |
| Impact through Beautiful Ideas in Excellent Communication: An interview with Jo Van Bulck Daniel Shea, Jo Van Bulck Podcast @ Scholarly Communication, Online, September 25, 2024. | |
| Beyond the Surface: Validation Challenges and Opportunities for Confidential Computing Jo Van Bulck Keynote @ 4th Program Analysis and Verification on Trusted Platforms (PAVeTrust) Workshop, Milano, Italy, September, 9, 2024. | |
| Certified Confidential Computing: Principled Symbolic Validation for Enclave Shielding Runtimes Jo Van Bulck Invited talk @ Confidential Computing Consortium Technical Advisory Council, Online, August 22, 2024. | |
| Opening and Welcome Jo Van Bulck, Nuno Santos Talk @ 7th Workshop on System Software for Trusted Execution (SysTEX 2024), Vienna, Austria, July 8, 2024. | |
| Reflections on Trusting Trusted Execution: The Story of Microarchitectural Attacks and Defenses Jo Van Bulck Invited lecture @ COSIC Course on Cryptography and Cyber Security, Leuven, Belgium, July 4, 2024. | |
| Opening Pandora's Box: Uncovering Pervasive Bugs in Intel SGX Runtimes with Truthful Symbolic Execution Jo Van Bulck Invited talk @ Intel IPAS Tech Sharing, Online, June 25, 2024. | |
| Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes Jo Van Bulck Paper presentation @ 45th IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 22, 2024. | |
| Open-Source Prototyping for Systems Security Research Jo Van Bulck, Hans Winderix, Marton Bognar, Lesly-Ann Daniel, Daan Vanoverloop Poster presentation @ KU Leuven Open Science Day, Leuven, Belgium, May 6, 2024. | |
| On the Interplay between Attacks and New Defenses: The Story of SGX-Step and Transferable Insights for Other Architectures Jo Van Bulck Talk @ Huawei - KU Leuven research collaboration workshop, Leuven, Belgium, March 6, 2024. | |
| 2023 | SGX-Step: An Open-Source Framework for Precise Dissection and Practical Exploitation of Intel SGX Enclaves Jo Van Bulck Artifact competition talk @ 40th Annual Computer Security Applications Conference (ACSAC), Austin, USA, December 7, 2023. |
| Interrupt-Driven Attacks and Defenses for Microarchitectural Security Jo Van Bulck Talk @ Dagstuhl Seminar on Microarchitectural Attacks and Defenses (MAD), Schloss Dagstuhl, Leibniz-Zentrum für Informatik, Germany, November 29, 2023. | |
| Chips & Salsa Episode 58: AEX-Notify Jerry Bryant, Christopher Robinson, Scott Constable, Jo Van Bulck, Xiang Cheng Podcast @ Intel Technology, Online, September 5, 2023. | |
| AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves Jo Van Bulck Paper presentation @ 32nd USENIX Security Symposium, Anaheim, USA, August 10, 2023. | |
| Side-Channel Attacks and Defenses for Trusted Execution Environments Jo Van Bulck Invited Talk @ EPFL, Lausanne, Switzerland, May 2, 2023. | |
| Happy Birthday Sancus! – Lessons from 10 Years of Maintaining a Trusted Computing Research Prototype Jo Van Bulck, Frank Piessens Keynote @ DRADS DistriNet Workshop, Rendeux, Belgium, March 24, 2023. | |
| Panel Discussion: Hardware Hacking Lennert Wouters, Jo Van Bulck, Jeroen Baert Invited panelist @ VTK alumni event, Leuven, Belgium, February 18, 2023. | |
| Devroom Closing and Goodbye Fritz Alder, Jo Van Bulck, Fabiano Fidencio Talk @ 4th Confidential Computing Devroom, FOSDEM, Brussels, Belgium, February 5, 2023. | |
| 2022 | Towards Principled Symbolic Validation for Intel SGX Binaries Jo Van Bulck Invited talk @ MSR Confidential Computing seminar, Online, October 5, 2022. |
| Privileged Side-Channel Attacks on Trusted Execution Environments Jo Van Bulck Invited lecture @ 4th Summer School on Security & Correctness, Graz, Austria, September 30, 2022. | |
| Towards ABI Unification for Intel SGX Enclave Shielding Runtimes Jo Van Bulck Lightning talk @ SILM'22 Workshop, Genoa, Italy, June 6, 2022. | |
| LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Jo Van Bulck Poster presentation @ 43rd IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 23, 2022. | |
| Deepen the Defenses: A Case for Microarchitectural Isolation Jo Van Bulck Invited talk @ Cybersec Europe, FutureLab Stage, Brussels, Belgium, May 11, 2022. | |
| The Hitchhiker's Guide to Subverting Intel SGX Enclaves Jo Van Bulck Invited Talk @ Intel Project Circuit Breaker SGX Bootcamp, Online, March 27, 2022. | |
| A Case for Unified ABI Shielding in Intel SGX Runtimes Jo Van Bulck Paper presentation @ 5th Workshop on System Software for Trusted Execution (SysTEX), Lausanne, Switzerland, March 1, 2022. | |
| You're Gonna Need A Bigger Boat: Lessons from Capsizing SGX Enclave Programs Jo Van Bulck Invited Talk @ BINSEC seminar, Université Paris-Saclay, Online, February 10, 2022. | |
| Process-Based Abstractions for VM-Based Environments Vasily Sartakov, Jo Van Bulck, Mike Bursell, Jethro G. Beekman, Hugo Lefeuvre, Marta Rybczynska Panel discussion @ FOSDEM, Online, February 5, 2022. | |
| Opening 3th Hardware-Aided Trusted Computing Devroom: Welcome, Overview, Lineup Jo Van Bulck, Fritz Alder, Vasily Sartakov Talk @ FOSDEM, Online, February 5, 2022. | |
| 2021 | Review & Perspective: Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck Talk @ Cybersecurity Initiative Flanders (CIF) Review, Leuven, October 28, 2021. |
| Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck FWO/IBM Innovation Award Talk @ IBM Belgium, Brussels, October 14, 2021. | |
| Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck STM PhD Award Talk @ 17th International Workshop on Security and Trust Management (STM), Online, October 8, 2021. | |
| Opening 2nd Hardware-Aided Trusted Computing Devroom: Welcome, Overview, Lineup Jo Van Bulck Talk @ FOSDEM, Online, February 6, 2021. | |
| 2020 | Ramming Enclave Gates: A Systematic Vulnerability Assessment of TEE Shielding Runtimes Jo Van Bulck, Fritz Alder, David Oswald Talk @ Remote Chaos Experience (RC3), Online, December 31, 2020. |
| Microarchitectural Inception Jo Van Bulck, Michael Schwarz, Daniel Gruss, Moritz Lipp Talk @ Remote Chaos Experience (RC3), Online, December 27, 2020. | |
| LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Jo Van Bulck Finalist @ CSAW'20 Applied Research Competition, Online, November 6, 2020. | |
| Microarchitectural Side-Channel Attacks for Untrusted Operating Systems Jo Van Bulck Invited Talk @ LSDS seminar, Imperial College London, Online, October 29, 2020. | |
| Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck PhD defense @ KU Leuven, Leuven, Belgium, September 14, 2020. | |
| The Tale Continues: Pitfalls and Best Practices for SGX Shielding Runtimes Jo Van Bulck, Fritz Alder Talk @ 2nd Intel SGX Community Workshop, Online, July 14, 2020. | |
| Podcast: Intel SGX Julian Stecklina, Florian Pester, Jo Van Bulck Podcast @ Syslog.show, Online, June 23, 2020. | |
| LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Jo Van Bulck Paper presentation @ 41st IEEE Symposium on Security and Privacy (S&P), Online, May 18, 2020. | |
| LVI: Hijacking Transient Execution with Load Value Injection Daniel Gruss, Daniel Moghimi, Jo Van Bulck Talk @ Hardwear.io Virtual Con, Online, April 30, 2020. | |
| Podcast: Load Value Injection Dennis Fisher, Jo Van Bulck Podcast @ Decipher Security, Online, March 17, 2020. | |
| Privileged Side-Channel Attacks for Enclave Software Adversaries Jo Van Bulck Invited Talk @ University of Birmingham Seminar, Birmingham, UK, February 20, 2020. | |
| Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck Talk @ DistriNet Reunion, Leuven, Belgium, February 5, 2020. | |
| A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes Jo Van Bulck Talk @ FOSDEM, Brussels, Belgium, February 1, 2020. | |
| Leaky Processors: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck, Daniel Gruss Talk @ Red Hat Research Day, Brno, Czech Republic, January 23, 2020. | |
| 2019 | A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes Jo Van Bulck, David Oswald Paper presentation @ 26th ACM Conference on Computer and Communications Security (CCS), London, UK, November 14, 2019. |
| Microarchitectural Side-Channel Attacks for Privileged Adversaries Jo Van Bulck Invited lecture @ COSIC Hardware Security Course, Leuven, Belgium, October 21, 2019. | |
| Leaky Processors: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck Invited Talk @ KU Leuven Alumni Forum, Leuven, Belgium, October 15, 2019. | |
| Cards Against Confusion Claudio Canella, Jo Van Bulck, Daniel Gruss Talk @ SHARD Workshop, Leiden, Netherlands, September 23, 2019. | |
| Podcast: ZombieLoad Maarten Hendrikx, Toon van de Putte, Steven Op de beeck, Ruurd Sanders, Jo Van Bulck Podcast @ Tech45, Online, June 22, 2019. | |
| A Christmas Carol: The Spectres of the Past, Present, and Future Daniel Gruss, Moritz Lipp, Michael Schwarz, Claudio Canella, Jo Van Bulck Talk @ Grazer Linuxtage, Graz, Austria, April 26, 2019. | |
| 2018 | Tutorial: Uncovering and Mitigating Side-Channel Leakage in Intel SGX Enclaves Jo Van Bulck Invited Tutorial @ 8th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE), Kanpur, India, December 15, 2018. |
| Leaky Processors: Stealing Your Secrets With Foreshadow Jo Van Bulck Invited Talk @ OWASP BeNeLux-Days, Mechelen, Belgium, November 30, 2018. | |
| Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck Keynote @ RISE Annual Conference, London, UK, November 14, 2018. | |
| Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck Invited Talk @ 20st ISSE Conference, Brussels, Belgium, November 6, 2018. | |
| Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck Paper presentation @ 25th ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 16, 2018. | |
| Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution Jo Van Bulck, Ofir Weisse Paper presentation @ 27th USENIX Security Symposium, Baltimore, USA, August 16, 2018, 2018. | |
| Tutorial: Building Distributed Enclave Applications with Sancus and SGX Jan Tobias Mühlberg, Jo Van Bulck Tutorial @ 48th International Conference on Dependable Systems and Networks (DSN), Luxembourg City, Luxembourg, June 25, 2018. | |
| Secure Automotive Computing with Sancus Jan Tobias Mühlberg, Jo Van Bulck Demo booth @ Imec Technology Forum 2018, Antwerp, Belgium, May 23-24, 2018. | |
| Hardware-Based Trusted Computing Architectures From an Attack and Defense Perspective Jo Van Bulck Talk @ Newline 0x08, Ghent, Belgium, April 14, 2018. | |
| 2017 | SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control Jo Van Bulck Paper presentation @ 2nd Workshop on System Software for Trusted Execution (SysTEX), Shanghai, China, October 28, 2017. |
| Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution Jo Van Bulck Invited Talk @ Intel Tech Talk, Online, September 28, 2017. | |
| Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution Jo Van Bulck Paper presentation @ 26th USENIX Security Symposium, Vancouver, Canada, August 18, 2017. | |
| Beyond Controlled-Channel Attacks: Information Leakage from Elementary CPU Behavior Jo Van Bulck Invited Talk @ Distributed Trust Workshop on Data Protection and Privacy, Leuven, Belgium, June 20, 2017. | |
| Secure Automotive Computing with Sancus Jan Tobias Mühlberg, Jo Van Bulck Demo booth @ Imec Technology Forum 2017, Antwerp, Belgium, May 16-17, 2017. | |
| Interrupt Latency Timing Attacks Against Enclave Programs Jo Van Bulck Talk @ DRADS DistriNet Workshop, Leuven, Belgium, April 28, 2017. | |
| Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck BELCLIV Award Lecture, Brussels, Belgium, April 21, 2017. | |
| 2016 | Towards Availability and Real-Time Guarantees for Protected Module Architectures Jo Van Bulck Paper presentation @ Workshop on Modularity Across the System Stack (MASS), Malaga, Spain, March 14, 2016. |
| 2015 | Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck Paper presentation @ 9th WISTP International Conference on Information Security Theory and Practice (WISTP), Heraklion, Crete, Greece, August 24, 2015. |
Awards and Recognitions
| 2025 | Distinguished Paper Award USENIX Security 2025, August 13, 2025. |
| Distinguished Reviewer Award USENIX Security 2025, August 13, 2025. | |
| Best Paper with Artifacts Award SysTEX 2025, July 4, 2025. | |
| Distinguished Paper Award EuroS&P 2025, July 1, 2025. | |
| 2023 | Cybersecurity Artifacts Competition and Impact Award ACSAC 2023, December 7, 2023. |
| Top Reviewer Award ACM CCS 2023, November 26, 2023. | |
| 2022 | Best Reviewer Award ACM CCS 2022, November 7, 2022. |
| 2021 | ACM SIGSAC Doctoral Dissertation Award for "Outstanding PhD Thesis in Computer and Information Security", November 18, 2021. "The committee was unanimous in recognizing the outstanding contributions made by Jo Van Bulck's dissertation in understanding the limitations in the security guarantees provided by current hardware-assisted isolated execution environments. The work described in the dissertation showed a wide variety of attacks against processor architectures ranging from low-end microprocessors with enclave support to widely deployed processor extensions like Intel SGX. The work has already had a significant impact both in academia as well as in industry, and has been widely recognized. It is no exaggeration to say that Dr. Van Bulck has contributed to launching a new research subfield in systems security." |
| FWO/IBM Innovation Award 2021 for "an outstanding PhD thesis that presents an original contribution to informatics or its applications", November 16, 2021. | |
| ERCIM WG STM Best Ph.D. Thesis Award for "Best Ph.D. Thesis on Security and Trust Management", October 8, 2021. | |
| Postdoctoral Fellowship Junior Research Foundation - Flanders (FWO), October 1, 2021. | |
| 2020 | Distinguished Paper with Artifacts Award ACSAC 2020, December 9, 2020. |
| Applied Research Competition Finalist CSAW Europe, November 6, 2020. | |
| Summa cum laude with the congratulations of the Examination Board for PhD thesis "of the highest international scientific level" (at most 5% of doctorates), September 14, 2020. | |
| 2019 | Top Picks from the 2018 Computer Architecture Conferences IEEE Micro, April 5, 2019. |
| 2018 | Applied Research Competition First Place CSAW, November 11, 2018. |
| 2017 | Nominated for Distinguished Paper Award ACSAC 2017, December 6, 2017. |
| Best Paper Award SysTEX 2017, October 28, 2017. | |
| BELCLIV 2016 Master Thesis Award for "de beste masterthesis die een originele bijdrage levert tot de beveiliging van informatiesystemen", April 21, 2017. | |
| 2016 | PhD Fellowship Fundamental Research Research Foundation - Flanders (FWO), October 1, 2016. |
| 2015 | Vasco Data Security 2014-2015 Master Thesis Award for "een uitmuntende bijdrage aan de technologie voor authentisering van gebruikers of technologie voor informatiebeveiliging in het algemeen", July 3, 2015. |
Academic Service
- Program Co-Chair: SysTEX (2024), FOSDEM Open-Source Confidential Computing Devroom (2025, 2024, 2023, 2022, 2021, 2020).
- Technical Program Committee: USENIX Security (2026, 2025, 2024), ACM CCS (2023, 2022), DIMVA (2023, 2022), IEEE SEED (2024), SysTEX (2025, 2023, 2022), uASC (2025), PAVeTrust (2024, 2023, 2022, 2021).
- Journal Reviewer: Computers & Security (2022, 2021), ACM Computing Surveys (2020), IEEE Transactions on Dependable and Secure Computing (2020), IEEE Access (2019).
- Subreviewer: IEEE S&P (2023, 2021, 2020, 2019, 2017), ACM CCS (2019, 2018), USENIX Security (2017), ESORICS (2017), POST (2017), SysTEX (2017).
- Artifact Evaluation: SysTEX 2025 (Artifact Evaluation Chair).
- Steering Committee: Microarchitecture Security Conference (uASC).
- Project Grant Reviewer: Swedish Research Council (2025), ERC (2021).
Teaching
- Lecturer: Operating Systems 2026-2025-2024-2023 (co-taught with Frank Piessens).
- Guest Lectures: Graz Summer School (2025, 2022), Carnegie Mellon University Advanced Topics in Hardware Security (2024), KUL Ghent Course on Secure Software and Hacking (2025), KUL Seminar in Cybersecurity (2024), COSIC Course on Cryptography and Cyber Security (2024), KUL Operating Systems (2022, 2021), COSIC Hardware Security Course (2019), KUL Computer Architecture and System Software (2018).
- Tutorials: SPACE 2018, DSN 2018.
- Teaching Assistant: Operating Systems (2023-2021), Computer Architecture and System Software (2020-2018), Structuur en Organisatie van Systeemsoftware (2017-2015), Informatica Werktuigen (2018-2015), Data Structures and Algorithms (2018-2016).
- PhD Students:
- 2025 - current: Antonis Louka.
- 2020 - 2025: Márton Bognár – Security Arms Race at the Hardware-Software Boundary, KU Leuven.
- 2019 - 2023: Fritz Alder – Interface Sanitization and Real-Time Scheduling for Enclaved Execution, KU Leuven.
- Master Thesis Supervision:
- 2025: Merlijn Verstraete, Alexander Croes, Dries Vanspauwen, Pieter-Jan Sterkens, Jan Brosens, Arne Putzeys, Ruben Van Dijck, Kobe Sauwen.
- 2024: Gert-Jan Goossens, Zidan Bortels.
- 2023: Cas Magnus, Wim Decelle, Martijn Dendooven.
- 2022: Jolan Hofmans, Wouter Jochems.
- 2021: Florent Nander Meijer, Jonas De Roover, Benjamin De Roeck.
- 2020: Márton Bognár, Stien Vanderhallen.
- 2019: Thomas De Backer, Sven Cuyt, Sergio Seminara.
- 2018: Sten Verbois, Jago Gyselinck.
- 2017: Alexandru Madalin Ghenea.
- Bachelor Honours Students:
- 2025: Victor Bullynck.
- 2024: Jip Helsen.
- 2017: Michiel Van Beirendonck.
Selected Open-Source Contributions
| Maintainer | SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control Founder, maintainer, and core developer. |
| Bare-SGX: Minimal SGX Enclave Development on Bare-Metal Linux Platforms Founder, maintainer, and core developer. | |
| Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes Founder, maintainer, and co-developer. | |
| Sancus: A Lightweight Trusted Execution Environment for Secure IoT Devices Maintainer and co-developer. | |
| Contributor | Intel SGX SDK Contributed to AEX-Notify runtime; various low-level security fixes. |
| Microsoft Open Enclave Contributed various low-level security fixes. | |
| Linux kernel Contributed various security and reliability fixes in the SGX selftest framework. |
Vulnerability Disclosures
| CPU μ-arch | CVE-2024-21944 Undermining Integrity Features of AMD SEV-SNP with Memory Aliasing. |
| TI-PSIRT-2023-040180 MSP430 IP Encapsulation Write Vulnerability. | |
| CVE-2020-0551 Load Value Injection (LVI). | |
| CVE-2019-11157 Sofware-based voltage fault injection. | |
| CVE-2020-0549 L1D Eviction Sampling. | |
| CVE-2019-11135 TSX Asynchronous Abort (TAA). | |
| CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS). | |
| CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS). | |
| CVE-2018-3615 L1 Terminal Fault (L1TF). | |
| Intel SGX runtimes | CVE-2025-32004 Insufficient bool sanitization in Intel SGX SDK Edger8r. |
| CVE-2024-34776 Memory-safety vulnerabilities in AEX-Notify runtime. | |
| CVE-2023-42776 Interface sanitization vulnerabilities in Intel SGX DCAP Platform Launch Enclave for Windows. | |
| CVE-2023-37479 Side-channel leakage via ABI poisoning in Microsoft Open Enclave SDK. | |
| CVE-2023-38022 Side-channel leakage via insufficient pointer validation in Fortanix EnclaveOS trusted runtime. | |
| CVE-2023-38021 AEPIC leak via unaligned pointer accesses in Fortanix EnclaveOS trusted runtime. | |
| CVE-2023-38023 AEPIC leak via unaligned pointer accesses in SCONE trusted runtime. | |
| CVE-2022-46487 Floating-point corruption via ABI poisoning in SCONE trusted runtime. | |
| CVE-2022-46486 Memory corruption via pointer poisoning in SCONE trusted runtime. | |
| CVE-2022-26509 Insufficient pointer validation in Protected Code Loader (PCL) in Intel SGX SDK. | |
| CVE-2021-44421 Side-channel leakage via insufficient pointer validation in Occlum trusted runtime. | |
| CVE-2020-0561 Floating-point corruption via ABI poisoning in Intel SGX SDK. | |
| CVE-2020-15107 Floating-point corruption via ABI poisoning in Microsoft Open Enclave SDK. | |
| CVE-2019-14565 Memory corruption via ABI poisoning in Intel SGX SDK. | |
| CVE-2019-0876 Memory corruption in Microsoft Open Enclave SDK. | |
| CVE-2019-1369 Heap memory disclosure in Microsoft Open Enclave SDK. | |
| CVE-2019-1370 Memory corruption via ABI poisoning in Microsoft Open Enclave SDK. | |
| CVE-2018-3626 Side-channel leakage via insufficient pointer validation in Intel SGX SDK edger8r tool. | |
| Cryptographic side channels | CVE-2017-9526 Secret-dependent control flow in Libgcrypt EdDSA signing. |