About me

I am a postdoctoral researcher in the imec-DistriNet lab at KU Leuven, Belgium. My research explores microarchitectural security limitations along the hardware-software boundary, with a particular attention for privileged side-channel attacks in trusted execution environments. I obtained my PhD entitled “Microarchitectural Side-Channel Attacks for Privileged Software Adversaries” at KU Leuven in September 2020.

Publications

2020
Microarchitectural Side-Channel Attacks for Privileged Software Adversaries
Jo Van Bulck
PhD thesis KU Leuven, September 14, 2020.
CopyCat: Controlled Instruction-Level Attacks on Enclaves
Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, Berk Sunar
29th USENIX Security Symposium, 2020.
CVE-2019-19960, CVE-2019-19961, CVE-2019-19963, CVE-2020-7960
Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors
Matteo Busi, Job Noorman, Jo Van Bulck, Letterio Galletta, Pierpaolo Degano, Jan Tobias Mühlberg, Frank Piessens
33rd IEEE Computer Security Foundations Symposium (CSF'20), 2020.
Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble
Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens
IEEE Security & Privacy Magazine Special Issue on Hardware-Assisted Security, 2020.
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens
41st IEEE Symposium on Security and Privacy (S&P'20), 2020.
CVE-2020-0551 Intel response
Plundervolt: Software-Based Fault Injection Attacks Against Intel SGX
Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens
41st IEEE Symposium on Security and Privacy (S&P'20), 2020.
CVE-2019-11157 Intel response
2019
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes
Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D. Garcia, Frank Piessens
26th ACM Conference on Computer and Communications Security (CCS'19), 2019.
CVE-2018-3626, CVE-2019-14565, CVE-2019-0876, CVE-2019-1369, CVE-2019-1370 Intel response
ZombieLoad: Cross-Privilege-Boundary Data Sampling
Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, Daniel Gruss
26th ACM Conference on Computer and Communications Security (CCS'19), 2019.
CVE-2018-12130, CVE-2019-11135, CVE-2020-0549 Intel response
Fallout: Leaking Data on Meltdown-Resistant CPUs
Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, Yuval Yarom
26th ACM Conference on Computer and Communications Security (CCS'19), 2019.
CVE-2018-12126 Intel response
A Systematic Evaluation of Transient Execution Attacks and Defenses
Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, Daniel Gruss
28th USENIX Security Symposium, 2019.
Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas Wenisch, Yuval Yarom, Raoul Strackx
IEEE Micro Top Picks from the 2018 Computer Architecture Conferences, 2019.
2018
Tutorial: Uncovering and Mitigating Side-Channel Leakage in Intel SGX Enclaves
Jo Van Bulck, Frank Piessens
8th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE'18), 2018.
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic
Jo Van Bulck, Frank Piessens, Raoul Strackx
25th ACM Conference on Computer and Communications Security (CCS'18), 2018.
Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution
Ofir Weisse, Jo Van Bulck, Marina Minkin, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Raoul Strackx, Thomas Wenisch, Yuval Yarom
Technical report, 2018.
CVE-2018-3620, CVE-2018-3646 Intel response
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas Wenisch, Yuval Yarom, Raoul Strackx
27th USENIX Security Symposium, 2018.
CVE-2018-3615 Intel response
Tutorial: Building Distributed Enclave Applications with Sancus and SGX
Jan Tobias Mühlberg, Jo Van Bulck
48th International Conference on Dependable Systems and Networks (DSN'18), 2018.
Reflections on Post-Meltdown Trusted Computing: A Case for Open Security Processors
Jan Tobias Mühlberg, Jo Van Bulck
;login: the USENIX magazine vol.43 no.3, 2018.
Off-Limits: Abusing Legacy x86 Memory Segmentation to Spy on Enclaved Execution
Jago Gyselinck, Jo Van Bulck, Frank Piessens, Raoul Strackx
International Symposium on Engineering Secure Software and Systems (ESSoS'18), 2018.
2017
VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks
Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens
33th Annual Computer Security Applications Conference (ACSAC'17), 2017.
Nominated for distinguished paper award
SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control
Jo Van Bulck, Frank Piessens, Raoul Strackx
2nd Workshop on System Software for Trusted Execution (SysTEX'17), 2017.
Best paper award
Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution
Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, Raoul Strackx
26th USENIX Security Symposium, 2017.
Patched in Libgcrypt v1.7.7
Sancus 2.0: A Low-Cost Security Architecture for IoT Devices
Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, Felix Freiling
ACM Transactions on Privacy and Security (TOPS'17), 2017.
2016
Implementation of a High Assurance Smart Meter using Protected Module Architectures
Jan Tobias Mühlberg, Sara Cleemput, Mustafa A. Mustafa, Jo Van Bulck, Bart Preneel, Frank Piessens
10th WISTP International Conference on Information Security Theory and Practice (WISTP'16), 2016.
Towards Availability and Real-Time Guarantees for Protected Module Architectures
Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg, Frank Piessens
Workshop on Modularity Across the System Stack (MASS'16), 2016.
2015
Secure Resource Sharing for Embedded Protected Module Architectures
Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg, Frank Piessens
9th WISTP International Conference on Information Security Theory and Practice (WISTP'15), 2015.
Secure Resource Sharing for Embedded Protected Module Architectures
Jo Van Bulck
Master thesis KU Leuven, 2015.
VASCO thesis award 2015, BELCLIV thesis award 2016

Talks

2020 Microarchitectural Side-Channel Attacks for Privileged Software Adversaries
Jo Van Bulck
PhD defense @ KU Leuven, Leuven, Belgium, September 14, 2020.
The Tale Continues: Pitfalls and Best Practices for SGX Shielding Runtimes
Jo Van Bulck, Fritz Alder
2nd Intel SGX Community Workshop, Online, July 14, 2020.
Podcast: Intel SGX
Julian Stecklina, Florian Pester, Jo Van Bulck
Podcast @ Syslog.show, Online, June 23, 2020.
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection
Jo Van Bulck
Presentation @ 41st IEEE Symposium on Security and Privacy (S&P'20), Online, May, 18, 2020.
LVI: Hijacking Transient Execution with Load Value Injection
Daniel Gruss, Daniel Moghimi, Jo Van Bulck
Talk @ Hardwear.io Virtual Con, Online, April 30, 2020.
Podcast: Load Value Injection
Dennis Fisher, Jo Van Bulck
Podcast @ Decipher Security, Online, March 17, 2020.
Privileged Side-Channel Attacks for Enclave Software Adversaries
Jo Van Bulck
Guest Talk @ University of Birmingham Seminar, Birmingham, UK, February 20, 2020.
Microarchitectural Side-Channel Attacks for Privileged Software Adversaries
Jo Van Bulck
Talk @ DistriNet Reunion, Leuven, Belgium, February 5, 2020.
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes
Jo Van Bulck
Talk @ FOSDEM'20, Brussels, Belgium, February 1, 2020.
Leaky Processors: Lessons from Spectre, Meltdown, and Foreshadow
Jo Van Bulck, Daniel Gruss
Talk @ Red Hat Research Day, Brno, Czech Republic, January 23, 2020.
2019 A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes
Jo Van Bulck, David Oswald
Presentation @ 26th ACM Conference on Computer and Communications Security (CCS'19), London, UK, November, 14, 2019.
Microarchitectural Side-Channel Attacks for Privileged Adversaries
Jo Van Bulck
Invited lecture @ COSIC Hardware Security Course, Leuven, Belgium, October 21, 2019.
Leaky Processors: Lessons from Spectre, Meltdown, and Foreshadow
Jo Van Bulck
Invited Talk @ KU Leuven Alumni Forum, Leuven, Belgium, October 15, 2019.
Cards Against Confusion
Claudio Canella, Jo Van Bulck, Daniel Gruss
Talk @ SHARD Workshop, Leiden, Netherlands, September 23, 2019.
Podcast: ZombieLoad
Maarten Hendrikx, Toon van de Putte, Steven Op de beeck, Ruurd Sanders, Jo Van Bulck
Podcast @ Tech45, Online, June 22, 2019.
A Christmas Carol: The Spectres of the Past, Present, and Future
Daniel Gruss, Moritz Lipp, Michael Schwarz, Claudio Canella, Jo Van Bulck
Talk @ Grazer Linuxtage, Graz, Austria, April 26, 2019.
2018 Tutorial: Uncovering and Mitigating Side-Channel Leakage in Intel SGX Enclaves
Jo Van Bulck
Invited Tutorial @ 8th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE'18), Kanpur, India, December 15, 2018.
Leaky Processors: Stealing Your Secrets With Foreshadow
Jo Van Bulck
Invited Talk @ OWASP BeNeLux-Days, Mechelen, Belgium, November 30, 2018.
Leaky Processors and the RISE of Hardware-Based Trusted Computing
Jo Van Bulck
Keynote @ RISE Annual Conference, London, UK, November 14, 2018.
Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow
Jo Van Bulck
Invited Talk @ 20st ISSE Conference, Brussels, Belgium, November 6, 2018.
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic
Jo Van Bulck
Presentation @ 25th ACM Conference on Computer and Communications Security (CCS'18), Toronto, Canada, October, 16, 2018.
Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution
Jo Van Bulck, Ofir Weisse
Presentation @ 27th USENIX Security Symposium, Baltimore, USA, August 16, 2018, 2018.
Tutorial: Building Distributed Enclave Applications with Sancus and SGX
Jan Tobias Mühlberg, Jo Van Bulck
Tutorial @ 48th International Conference on Dependable Systems and Networks (DSN'18), Luxembourg City, Luxembourg, June, 25, 2018.
Secure Automotive Computing with Sancus
Jan Tobias Mühlberg, Jo Van Bulck
Demo booth @ Imec Technology Forum 2018, Antwerp, Belgium, May 23-24, 2018.
Hardware-Based Trusted Computing Architectures From an Attack and Defense Perspective
Jo Van Bulck
Talk @ Newline 0x08, Ghent, Belgium, April 14, 2018.
2017 SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control
Jo Van Bulck
Presentation @ 2nd Workshop on System Software for Trusted Execution (SysTEX'17), Shanghai, China, October, 28, 2017.
Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution
Jo Van Bulck
Invited Talk @ Intel Tech Talk, Online, September 28, 2017.
Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution
Jo Van Bulck
Presentation @ 26th USENIX Security Symposium, Vancouver, Canada, August 18, 2017.
Beyond Controlled-Channel Attacks: Information Leakage from Elementary CPU Behavior
Jo Van Bulck
Invited Talk @ Distributed Trust Workshop on Data Protection and Privacy, Leuven, Belgium, June 20, 2017.
Secure Automotive Computing with Sancus
Jan Tobias Mühlberg, Jo Van Bulck
Demo booth @ Imec Technology Forum 2017, Antwerp, Belgium, May 16-17, 2017.
Interrupt Latency Timing Attacks Against Enclave Programs
Jo Van Bulck
Talk @ DRADS DistriNet Workshop, Leuven, Belgium, April 28, 2017.
Secure Resource Sharing for Embedded Protected Module Architectures
Jo Van Bulck
BELCLIV Award Lecture, Brussels, Belgium, April 21, 2017.
2016 Towards Availability and Real-Time Guarantees for Protected Module Architectures
Jo Van Bulck
Presentation @ Workshop on Modularity Across the System Stack (MASS'16), Malaga, Spain, March 14, 2016.
2015 Secure Resource Sharing for Embedded Protected Module Architectures
Jo Van Bulck
Presentation @ 9th WISTP International Conference on Information Security Theory and Practice (WISTP'15), Heraklion, Crete, Greece, August 24, 2015.