About me
I am a professor in the DistriNet lab at the Department of Computer Science of KU Leuven, Belgium. My research explores attacks and defenses at the hardware-software boundary, with particular attention to privileged side channels in trusted execution environments.
Publications
2024 | Exceptions Prove the Rule: Investigating and Resolving Residual Side Channels in Provably Secure Interrupt Handling Matteo Busi, Pierpaolo Degano, Riccardo Focardi, Letterio Galletta, Flaminia Luccio, Frank Piessens, Jo Van Bulck 4th Workshop on Program Analysis and Verification on Trusted Platforms (PAVeTrust), 2024. |
Intellectual Property Exposure: Subverting and Securing Intellectual Property Encapsulation in Texas Instruments Microcontrollers Marton Bognar, Cas Magnus, Frank Piessens, Jo Van Bulck 33rd USENIX Security Symposium, 2024. | |
Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes Fritz Alder, Lesly-Ann Daniel, David Oswald, Frank Piessens, Jo Van Bulck 45th IEEE Symposium on Security and Privacy (S&P), 2024. CVE-2022-26509, CVE-2023-37479, CVE-2023-38022, CVE-2023-38021, CVE-2022-46487, CVE-2022-46486, CVE-2023-38023, CVE-2023-42776 | |
2023 | SGX-Step: An Open-Source Framework for Precise Dissection and Practical Exploitation of Intel SGX Enclaves Jo Van Bulck, Frank Piessens ACSAC 2023 Cybersecurity Artifacts Competition and Impact Award Finalist Short Paper, 2023. ACSAC 2023 Cybersecurity Artifacts Competition and Impact Award |
AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves Scott Constable, Jo Van Bulck, Xiang Cheng, Yuan Xiao, Cedric Xing, Ilya Alexandrovich, Taesoo Kim, Frank Piessens, Mona Vij, Mark Silberstein 32nd USENIX Security Symposium, 2023. | |
MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling Marton Bognar, Hans Winderix, Jo Van Bulck, Frank Piessens 8th IEEE European Symposium on Security and Privacy (EuroS&P), 2023. | |
About Time: On the Challenges of Temporal Guarantees in Untrusted Environments Fritz Alder, Gianluca Scopelliti, Jo Van Bulck, Jan Tobias Mühlberg 6th Workshop on System Software for Trusted Execution (SysTEX), 2023. | |
2022 | A Case for Unified ABI Shielding in Intel SGX Runtimes Jo Van Bulck, Fritz Alder, Frank Piessens 5th Workshop on System Software for Trusted Execution (SysTEX), 2022. Patched in Enarx v0.2.1 |
Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures Marton Bognar, Jo Van Bulck, Frank Piessens 43rd IEEE Symposium on Security and Privacy (S&P), 2022. | |
Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments Fritz Alder, Jo Van Bulck, Jesse Spielman, David Oswald, Frank Piessens ACM Digital Threats: Research and Practice (DTRAP), 2022. | |
2021 | Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves Fritz Alder, Jo Van Bulck, Frank Piessens, Jan Tobias Mühlberg 28th ACM Conference on Computer and Communications Security (CCS), 2021. |
Securing Interruptible Enclaved Execution on Small Microprocessors Matteo Busi, Job Noorman, Jo Van Bulck, Letterio Galletta, Pierpaolo Degano, Jan Tobias Mühlberg, Frank Piessens ACM Transactions on Programming Languages and Systems (TOPLAS), 2021. | |
Robust Authentication for Automotive Control Networks through Covert Channels Stien Vanderhallen, Jo Van Bulck, Frank Piessens, Jan Tobias Mühlberg Computer Networks, 2021. | |
2020 | Faulty Point Unit: ABI Poisoning Attacks on Intel SGX Fritz Alder, Jo Van Bulck, David Oswald, Frank Piessens 36th Annual Computer Security Applications Conference (ACSAC), 2020. ACSAC 2020 distinguished paper with artifacts award CVE-2020-0561, CVE-2020-15107 Artifacts evaluated: Reusable |
Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck PhD thesis KU Leuven, September 14, 2020. ACM SIGSAC Doctoral Dissertation Award 2021, ERCIM STM PhD Award 2021, FWO/IBM Innovation Award 2021 | |
CopyCat: Controlled Instruction-Level Attacks on Enclaves Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, Berk Sunar 29th USENIX Security Symposium, 2020. CVE-2019-19960, CVE-2019-19961, CVE-2019-19963, CVE-2020-7960 | |
Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors Matteo Busi, Job Noorman, Jo Van Bulck, Letterio Galletta, Pierpaolo Degano, Jan Tobias Mühlberg, Frank Piessens 33rd IEEE Computer Security Foundations Symposium (CSF), 2020. | |
Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens IEEE Security & Privacy Magazine Special Issue on Hardware-Assisted Security, 2020. | |
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens 41st IEEE Symposium on Security and Privacy (S&P), 2020. CVE-2020-0551 Intel response | |
Plundervolt: Software-Based Fault Injection Attacks Against Intel SGX Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens 41st IEEE Symposium on Security and Privacy (S&P), 2020. CVE-2019-11157 Intel response | |
2019 | A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D. Garcia, Frank Piessens 26th ACM Conference on Computer and Communications Security (CCS), 2019. CVE-2018-3626, CVE-2019-14565, CVE-2019-0876, CVE-2019-1369, CVE-2019-1370 Intel response |
ZombieLoad: Cross-Privilege-Boundary Data Sampling Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, Daniel Gruss 26th ACM Conference on Computer and Communications Security (CCS), 2019. CVE-2018-12130, CVE-2019-11135, CVE-2020-0549 Intel response | |
Fallout: Leaking Data on Meltdown-Resistant CPUs Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, Yuval Yarom 26th ACM Conference on Computer and Communications Security (CCS), 2019. CVE-2018-12126 Intel response | |
A Systematic Evaluation of Transient Execution Attacks and Defenses Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, Daniel Gruss 28th USENIX Security Symposium, 2019. | |
Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas Wenisch, Yuval Yarom, Raoul Strackx IEEE Micro Top Picks from the 2018 Computer Architecture Conferences, 2019. | |
2018 | Tutorial: Uncovering and Mitigating Side-Channel Leakage in Intel SGX Enclaves Jo Van Bulck, Frank Piessens 8th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE), 2018. |
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck, Frank Piessens, Raoul Strackx 25th ACM Conference on Computer and Communications Security (CCS), 2018. | |
Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution Ofir Weisse, Jo Van Bulck, Marina Minkin, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Raoul Strackx, Thomas Wenisch, Yuval Yarom Technical report, 2018. CVE-2018-3620, CVE-2018-3646 Intel response | |
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas Wenisch, Yuval Yarom, Raoul Strackx 27th USENIX Security Symposium, 2018. CVE-2018-3615 Intel response | |
Tutorial: Building Distributed Enclave Applications with Sancus and SGX Jan Tobias Mühlberg, Jo Van Bulck 48th International Conference on Dependable Systems and Networks (DSN), 2018. | |
Reflections on Post-Meltdown Trusted Computing: A Case for Open Security Processors Jan Tobias Mühlberg, Jo Van Bulck ;login: the USENIX magazine vol.43 no.3, 2018. | |
Off-Limits: Abusing Legacy x86 Memory Segmentation to Spy on Enclaved Execution Jago Gyselinck, Jo Van Bulck, Frank Piessens, Raoul Strackx International Symposium on Engineering Secure Software and Systems (ESSoS), 2018. Artifacts evaluated | |
2017 | VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens 33th Annual Computer Security Applications Conference (ACSAC), 2017. Nominated for ACSAC 2017 distinguished paper award Artifacts evaluated |
SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control Jo Van Bulck, Frank Piessens, Raoul Strackx 2nd Workshop on System Software for Trusted Execution (SysTEX), 2017. SysTEX 2017 best paper award, ACSAC 2023 Cybersecurity Artifacts Competition and Impact Award | |
Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, Raoul Strackx 26th USENIX Security Symposium, 2017. CVE-2017-9526 (Patched in Libgcrypt v1.7.7) | |
Sancus 2.0: A Low-Cost Security Architecture for IoT Devices Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, Felix Freiling ACM Transactions on Privacy and Security (TOPS), 2017. | |
2016 | Implementation of a High Assurance Smart Meter using Protected Module Architectures Jan Tobias Mühlberg, Sara Cleemput, Mustafa A. Mustafa, Jo Van Bulck, Bart Preneel, Frank Piessens 10th WISTP International Conference on Information Security Theory and Practice (WISTP), 2016. |
Towards Availability and Real-Time Guarantees for Protected Module Architectures Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg, Frank Piessens Workshop on Modularity Across the System Stack (MASS), 2016. | |
2015 | Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg, Frank Piessens 9th WISTP International Conference on Information Security Theory and Practice (WISTP), 2015. |
Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck Master thesis KU Leuven, 2015. VASCO thesis award 2015, BELCLIV thesis award 2016 |
Talks
2024 | Attacks and Defenses for Trusted Execution Environments Jo Van Bulck Guest lecture @ KU Leuven Seminar in Cybersecurity, Leuven, Belgium, November 15, 2024. |
Attacks and Defenses for Trusted Execution Environments Jo Van Bulck Guest lecture @ CMU Advanced Topics in Hardware Security, online, November 14, 2024. | |
Impact through Beautiful Ideas in Excellent Communication: An interview with Jo Van Bulck Daniel Shea, Jo Van Bulck Podcast @ Scholarly Communication, Online, September 25, 2024. | |
Beyond the Surface: Validation Challenges and Opportunities for Confidential Computing Jo Van Bulck Keynote @ 4th Program Analysis and Verification on Trusted Platforms (PAVeTrust) Workshop, Milano, Italy, September, 9, 2024. | |
Certified Confidential Computing: Principled Symbolic Validation for Enclave Shielding Runtimes Jo Van Bulck Invited talk @ Confidential Computing Consortium Technical Advisory Council, Online, August 22, 2024. | |
Opening and Welcome Jo Van Bulck, Nuno Santos Talk @ 7th Workshop on System Software for Trusted Execution (SysTEX 2024), Vienna, Austria, July 8, 2024. | |
Reflections on Trusting Trusted Execution: The Story of Microarchitectural Attacks and Defenses Jo Van Bulck Invited lecture @ COSIC Course on Cryptography and Cyber Security, Leuven, Belgium, July 4, 2024. | |
Opening Pandora's Box: Uncovering Pervasive Bugs in Intel SGX Runtimes with Truthful Symbolic Execution Jo Van Bulck Invited talk @ Intel IPAS Tech Sharing, Online, June 25, 2024. | |
Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes Jo Van Bulck Conference presentation @ 45th IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 22, 2024. | |
Open-Source Prototyping for Systems Security Research Jo Van Bulck, Hans Winderix, Marton Bognar, Lesly-Ann Daniel, Daan Vanoverloop Poster presentation @ KU Leuven Open Science Day, Leuven, Belgium, May 6, 2024. | |
On the Interplay between Attacks and New Defenses: The Story of SGX-Step and Transferable Insights for Other Architectures Jo Van Bulck Talk @ Huawei - KU Leuven research collaboration workshop, Leuven, Belgium, March 6, 2024. | |
2023 | SGX-Step: An Open-Source Framework for Precise Dissection and Practical Exploitation of Intel SGX Enclaves Jo Van Bulck Artifact competition talk @ 40th Annual Computer Security Applications Conference (ACSAC), Austin, USA, December 7, 2023. |
Interrupt-Driven Attacks and Defenses for Microarchitectural Security Jo Van Bulck Talk @ Dagstuhl Seminar on Microarchitectural Attacks and Defenses (MAD), Schloss Dagstuhl, Leibniz-Zentrum für Informatik, Germany, November 29, 2023. | |
Chips & Salsa Episode 58: AEX-Notify Jerry Bryant, Christopher Robinson, Scott Constable, Jo Van Bulck, Xiang Cheng Podcast @ Intel Technology, Online, September 5, 2023. | |
AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves Jo Van Bulck Paper presentation @ 32nd USENIX Security Symposium, Anaheim, USA, August 10, 2023. | |
Side-Channel Attacks and Defenses for Trusted Execution Environments Jo Van Bulck Invited Talk @ EPFL, Lausanne, Switzerland, May 2, 2023. | |
Happy Birthday Sancus! – Lessons from 10 Years of Maintaining a Trusted Computing Research Prototype Jo Van Bulck, Frank Piessens Keynote @ DRADS DistriNet Workshop, Rendeux, Belgium, March 24, 2023. | |
Panel Discussion: Hardware Hacking Lennert Wouters, Jo Van Bulck, Jeroen Baert Invited panelist @ VTK alumni event, Leuven, Belgium, February 18, 2023. | |
Devroom Closing and Goodbye Fritz Alder, Jo Van Bulck, Fabiano Fidencio Talk @ 4th Confidential Computing Devroom, FOSDEM, Brussels, Belgium, February 5, 2023. | |
2022 | Towards Principled Symbolic Validation for Intel SGX Binaries Jo Van Bulck Invited talk @ MSR Confidential Computing seminar, Online, October 5, 2022. |
Privileged Side-Channel Attacks on Trusted Execution Environments Jo Van Bulck Invited lecture @ 4th Summer School on Security & Correctness, Graz, Austria, September 30, 2022. | |
Towards ABI Unification for Intel SGX Enclave Shielding Runtimes Jo Van Bulck Lightning talk @ SILM'22 Workshop, Genoa, Italy, June 6, 2022. | |
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Jo Van Bulck Poster presentation @ 43rd IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 23, 2022. | |
Deepen the Defenses: A Case for Microarchitectural Isolation Jo Van Bulck Invited talk @ Cybersec Europe, FutureLab Stage, Brussels, Belgium, May 11, 2022. | |
The Hitchhiker's Guide to Subverting Intel SGX Enclaves Jo Van Bulck Invited Talk @ Intel Project Circuit Breaker SGX Bootcamp, Online, March 27, 2022. | |
A Case for Unified ABI Shielding in Intel SGX Runtimes Jo Van Bulck Paper presentation @ 5th Workshop on System Software for Trusted Execution (SysTEX), Lausanne, Switzerland, March 1, 2022. | |
You're Gonna Need A Bigger Boat: Lessons from Capsizing SGX Enclave Programs Jo Van Bulck Invited Talk @ BINSEC seminar, Université Paris-Saclay, Online, February 10, 2022. | |
Process-Based Abstractions for VM-Based Environments Vasily Sartakov, Jo Van Bulck, Mike Bursell, Jethro G. Beekman, Hugo Lefeuvre, Marta Rybczynska Panel discussion @ FOSDEM, Online, February 5, 2022. | |
Opening 3th Hardware-Aided Trusted Computing Devroom: Welcome, Overview, Lineup Jo Van Bulck, Fritz Alder, Vasily Sartakov Talk @ FOSDEM, Online, February 5, 2022. | |
2021 | Review & Perspective: Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck Talk @ Cybersecurity Initiative Flanders (CIF) Review, Leuven, October 28, 2021. |
Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck FWO/IBM Innovation Award Talk @ IBM Belgium, Brussels, October 14, 2021. | |
Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck STM PhD Award Talk @ 17th International Workshop on Security and Trust Management (STM), Online, October 8, 2021. | |
Opening 2nd Hardware-Aided Trusted Computing Devroom: Welcome, Overview, Lineup Jo Van Bulck Talk @ FOSDEM, Online, February 6, 2021. | |
2020 | Ramming Enclave Gates: A Systematic Vulnerability Assessment of TEE Shielding Runtimes Jo Van Bulck, Fritz Alder, David Oswald Talk @ Remote Chaos Experience (RC3), Online, December 31, 2020. |
Microarchitectural Inception Jo Van Bulck, Michael Schwarz, Daniel Gruss, Moritz Lipp Talk @ Remote Chaos Experience (RC3), Online, December 27, 2020. | |
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Jo Van Bulck Finalist @ CSAW'20 Applied Research Competition, Online, November 6, 2020. | |
Microarchitectural Side-Channel Attacks for Untrusted Operating Systems Jo Van Bulck Invited Talk @ LSDS seminar, Imperial College London, Online, October 29, 2020. | |
Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck PhD defense @ KU Leuven, Leuven, Belgium, September 14, 2020. | |
The Tale Continues: Pitfalls and Best Practices for SGX Shielding Runtimes Jo Van Bulck, Fritz Alder Talk @ 2nd Intel SGX Community Workshop, Online, July 14, 2020. | |
Podcast: Intel SGX Julian Stecklina, Florian Pester, Jo Van Bulck Podcast @ Syslog.show, Online, June 23, 2020. | |
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Jo Van Bulck Paper presentation @ 41st IEEE Symposium on Security and Privacy (S&P), Online, May 18, 2020. | |
LVI: Hijacking Transient Execution with Load Value Injection Daniel Gruss, Daniel Moghimi, Jo Van Bulck Talk @ Hardwear.io Virtual Con, Online, April 30, 2020. | |
Podcast: Load Value Injection Dennis Fisher, Jo Van Bulck Podcast @ Decipher Security, Online, March 17, 2020. | |
Privileged Side-Channel Attacks for Enclave Software Adversaries Jo Van Bulck Invited Talk @ University of Birmingham Seminar, Birmingham, UK, February 20, 2020. | |
Microarchitectural Side-Channel Attacks for Privileged Software Adversaries Jo Van Bulck Talk @ DistriNet Reunion, Leuven, Belgium, February 5, 2020. | |
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes Jo Van Bulck Talk @ FOSDEM, Brussels, Belgium, February 1, 2020. | |
Leaky Processors: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck, Daniel Gruss Talk @ Red Hat Research Day, Brno, Czech Republic, January 23, 2020. | |
2019 | A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes Jo Van Bulck, David Oswald Paper presentation @ 26th ACM Conference on Computer and Communications Security (CCS), London, UK, November 14, 2019. |
Microarchitectural Side-Channel Attacks for Privileged Adversaries Jo Van Bulck Invited lecture @ COSIC Hardware Security Course, Leuven, Belgium, October 21, 2019. | |
Leaky Processors: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck Invited Talk @ KU Leuven Alumni Forum, Leuven, Belgium, October 15, 2019. | |
Cards Against Confusion Claudio Canella, Jo Van Bulck, Daniel Gruss Talk @ SHARD Workshop, Leiden, Netherlands, September 23, 2019. | |
Podcast: ZombieLoad Maarten Hendrikx, Toon van de Putte, Steven Op de beeck, Ruurd Sanders, Jo Van Bulck Podcast @ Tech45, Online, June 22, 2019. | |
A Christmas Carol: The Spectres of the Past, Present, and Future Daniel Gruss, Moritz Lipp, Michael Schwarz, Claudio Canella, Jo Van Bulck Talk @ Grazer Linuxtage, Graz, Austria, April 26, 2019. | |
2018 | Tutorial: Uncovering and Mitigating Side-Channel Leakage in Intel SGX Enclaves Jo Van Bulck Invited Tutorial @ 8th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE), Kanpur, India, December 15, 2018. |
Leaky Processors: Stealing Your Secrets With Foreshadow Jo Van Bulck Invited Talk @ OWASP BeNeLux-Days, Mechelen, Belgium, November 30, 2018. | |
Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck Keynote @ RISE Annual Conference, London, UK, November 14, 2018. | |
Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck Invited Talk @ 20st ISSE Conference, Brussels, Belgium, November 6, 2018. | |
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck Paper presentation @ 25th ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 16, 2018. | |
Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution Jo Van Bulck, Ofir Weisse Paper presentation @ 27th USENIX Security Symposium, Baltimore, USA, August 16, 2018, 2018. | |
Tutorial: Building Distributed Enclave Applications with Sancus and SGX Jan Tobias Mühlberg, Jo Van Bulck Tutorial @ 48th International Conference on Dependable Systems and Networks (DSN), Luxembourg City, Luxembourg, June 25, 2018. | |
Secure Automotive Computing with Sancus Jan Tobias Mühlberg, Jo Van Bulck Demo booth @ Imec Technology Forum 2018, Antwerp, Belgium, May 23-24, 2018. | |
Hardware-Based Trusted Computing Architectures From an Attack and Defense Perspective Jo Van Bulck Talk @ Newline 0x08, Ghent, Belgium, April 14, 2018. | |
2017 | SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control Jo Van Bulck Paper presentation @ 2nd Workshop on System Software for Trusted Execution (SysTEX), Shanghai, China, October 28, 2017. |
Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution Jo Van Bulck Invited Talk @ Intel Tech Talk, Online, September 28, 2017. | |
Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution Jo Van Bulck Paper presentation @ 26th USENIX Security Symposium, Vancouver, Canada, August 18, 2017. | |
Beyond Controlled-Channel Attacks: Information Leakage from Elementary CPU Behavior Jo Van Bulck Invited Talk @ Distributed Trust Workshop on Data Protection and Privacy, Leuven, Belgium, June 20, 2017. | |
Secure Automotive Computing with Sancus Jan Tobias Mühlberg, Jo Van Bulck Demo booth @ Imec Technology Forum 2017, Antwerp, Belgium, May 16-17, 2017. | |
Interrupt Latency Timing Attacks Against Enclave Programs Jo Van Bulck Talk @ DRADS DistriNet Workshop, Leuven, Belgium, April 28, 2017. | |
Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck BELCLIV Award Lecture, Brussels, Belgium, April 21, 2017. | |
2016 | Towards Availability and Real-Time Guarantees for Protected Module Architectures Jo Van Bulck Paper presentation @ Workshop on Modularity Across the System Stack (MASS), Malaga, Spain, March 14, 2016. |
2015 | Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck Paper presentation @ 9th WISTP International Conference on Information Security Theory and Practice (WISTP), Heraklion, Crete, Greece, August 24, 2015. |
Awards and Recognitions
2023 | Cybersecurity Artifacts Competition and Impact Award ACSAC 2023, December 7, 2023. |
Top Reviewer Award ACM CCS 2023, November 26, 2023. | |
2022 | Best Reviewer Award ACM CCS 2022, November 7, 2022. |
2021 | ACM SIGSAC Doctoral Dissertation Award for "Outstanding PhD Thesis in Computer and Information Security", November 18, 2021. |
FWO/IBM Innovation Award 2021 for "an outstanding PhD thesis that presents an original contribution to informatics or its applications", November 16, 2021. | |
ERCIM WG STM Best Ph.D. Thesis Award for "Best Ph.D. Thesis on Security and Trust Management", October 8, 2021. | |
Postdoctoral Fellowship Junior Research Foundation - Flanders (FWO), October 1, 2021. | |
2020 | Distinguished Paper with Artifacts Award ACSAC 2020, December 9, 2020. |
Applied Research Competition Finalist CSAW Europe, November 6, 2020. | |
Summa cum laude with the congratulations of the Examination Board for PhD thesis "of the highest international scientific level" (at most 5% of doctorates), September 14, 2020. | |
2019 | Top Picks from the 2018 Computer Architecture Conferences IEEE Micro, April 5, 2019. |
2018 | Applied Research Competition First Place CSAW, November 11, 2018. |
2017 | Nominated for Distinguished Paper Award ACSAC 2017, December 6, 2017. |
Best Paper Award SysTEX 2017, October 28, 2017. | |
BELCLIV 2016 Master Thesis Award for "de beste masterthesis die een originele bijdrage levert tot de beveiliging van informatiesystemen", April 21, 2017. | |
2016 | PhD Fellowship Fundamental Research Research Foundation - Flanders (FWO), October 1, 2016. |
2015 | Vasco Data Security 2014-2015 Master Thesis Award for "een uitmuntende bijdrage aan de technologie voor authentisering van gebruikers of technologie voor informatiebeveiliging in het algemeen", July 3, 2015. |
Academic Service
- Program Co-Chair: SysTEX (2024), FOSDEM Open-Source Confidential Computing Devroom (2024, 2023, 2022, 2021, 2020).
- Technical Program Committee: USENIX Security (2024), ACM CCS (2023, 2022), DIMVA (2023, 2022), IEEE SEED (2024), SysTEX (2023, 2022), PAVeTrust (2023, 2022, 2021).
- Journal Reviewer: Computers & Security (2022, 2021), ACM Computing Surveys (2020), IEEE Transactions on Dependable and Secure Computing (2020), IEEE Access (2019).
- Subreviewer: IEEE S&P (2023, 2021, 2020, 2019, 2017), ACM CCS (2019, 2018), USENIX Security (2017), ESORICS (2017), POST (2017), SysTEX (2017).
Teaching
- Lecturer: Operating Systems 2024-2023 (co-taught with Frank Piessens).
- Guest Lectures: Carnegie Mellon University Advanced Topics in Hardware Security (2024), KUL Seminar in Cybersecurity (2024), COSIC Course on Cryptography and Cyber Security (2024), Graz Summer School (2022), KUL Operating Systems (2022, 2021), COSIC Hardware Security Course (2019), KUL Computer Architecture and System Software (2018).
- Tutorials: SPACE 2018, DSN 2018.
- Teaching Assistant: Operating Systems (2023-2021), Computer Architecture and System Software (2020-2018), Structuur en Organisatie van Systeemsoftware (2017-2015), Informatica Werktuigen (2018-2015), Data Structures and Algorithms (2018-2016).
- Co-supervised PhD Theses:
- 2020 - current: Márton Bognár.
- 2019 - 2023: Fritz Alder – Interface Sanitization and Real-Time Scheduling for Enclaved Execution, KU Leuven.
- Master Thesis Supervision:
- 2024: Gert-Jan Goossens, Zidan Bortels.
- 2023: Cas Magnus, Wim Decelle, Martijn Dendooven.
- 2022: Jolan Hofmans, Wouter Jochems.
- 2021: Florent Nander Meijer, Jonas De Roover, Benjamin De Roeck.
- 2020: Márton Bognár, Stien Vanderhallen.
- 2019: Thomas De Backer, Sven Cuyt, Sergio Seminara.
- 2018: Sten Verbois, Jago Gyselinck.
- 2017: Alexandru Madalin Ghenea.
- Bachelor Honours Students:
- 2017: Michiel Van Beirendonck.
Selected Open-Source Contributions
Maintainer | SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control Founder, maintainer, and core developer. |
Bare-SGX: Minimal SGX Enclave Development on Bare-Metal Linux Platforms Founder, maintainer, and core developer. | |
Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes Founder, maintainer, and co-developer. | |
Sancus: A Lightweight Trusted Execution Environment for Secure IoT Devices Maintainer and co-developer. | |
Contributor | Intel SGX SDK Contributed to AEX-Notify runtime; various low-level security fixes. |
Microsoft Open Enclave Contributed various low-level security fixes. | |
Linux kernel Contributed various security and reliability fixes in the SGX selftest framework. |
Vulnerability Disclosures
CPU μ-arch | TI-PSIRT-2023-040180 – MSP430 IP Encapsulation Write Vulnerability. |
CVE-2020-0551 – Load Value Injection (LVI). | |
CVE-2019-11157 – Sofware-based voltage fault injection. | |
CVE-2020-0549 – L1D Eviction Sampling. | |
CVE-2019-11135 – TSX Asynchronous Abort (TAA). | |
CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS). | |
CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS). | |
CVE-2018-3615 – L1 Terminal Fault (L1TF). | |
Intel SGX runtimes | CVE-2024-34776 – Memory-safety vulnerabilities in AEX-Notify runtime. |
CVE-2023-42776 – Interface sanitization vulnerabilities in Intel SGX DCAP Platform Launch Enclave for Windows. | |
CVE-2023-37479 – Side-channel leakage via ABI poisoning in Microsoft Open Enclave SDK. | |
CVE-2023-38022 – Side-channel leakage via insufficient pointer validation in Fortanix EnclaveOS trusted runtime. | |
CVE-2023-38021 – AEPIC leak via unaligned pointer accesses in Fortanix EnclaveOS trusted runtime. | |
CVE-2023-38023 – AEPIC leak via unaligned pointer accesses in SCONE trusted runtime. | |
CVE-2022-46487 – Floating-point corruption via ABI poisoning in SCONE trusted runtime. | |
CVE-2022-46486 – Memory corruption via pointer poisoning in SCONE trusted runtime. | |
CVE-2022-26509 – Insufficient pointer validation in Protected Code Loader (PCL) in Intel SGX SDK. | |
CVE-2021-44421 – Side-channel leakage via insufficient pointer validation in Occlum trusted runtime. | |
CVE-2020-0561 – Floating-point corruption via ABI poisoning in Intel SGX SDK. | |
CVE-2020-15107 – Floating-point corruption via ABI poisoning in Microsoft Open Enclave SDK. | |
CVE-2019-14565 – Memory corruption via ABI poisoning in Intel SGX SDK. | |
CVE-2019-0876 – Memory corruption in Microsoft Open Enclave SDK. | |
CVE-2019-1369 – Heap memory disclosure in Microsoft Open Enclave SDK. | |
CVE-2019-1370 – Memory corruption via ABI poisoning in Microsoft Open Enclave SDK. | |
CVE-2018-3626 – Side-channel leakage via insufficient pointer validation in Intel SGX SDK edger8r tool. | |
Cryptographic side channels | CVE-2017-9526 – Secret-dependent control flow in Libgcrypt EdDSA signing. |