IOTEE: Securing and analysing trusted execution beyond the CPU
Lead Research Organisation:
University of Birmingham
Department Name: School of Computer Science
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
Publications
J De Meulemeester
(2025)
BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments
Related Projects
| Project Reference | Relationship | Related To | Start | End | Award Value |
|---|---|---|---|---|---|
| EP/X03738X/1 | 31/08/2023 | 29/09/2025 | £448,286 | ||
| EP/X03738X/2 | Transfer | EP/X03738X/1 | 29/09/2025 | 28/09/2028 | £0 |
| Description | Academic collaboration on TEE security |
| Organisation | University of Lubeck |
| Country | Germany |
| Sector | Academic/University |
| PI Contribution | Started collaboration with Prof Eisenbarth on topics around TEEs and CPU/interface security |
| Collaborator Contribution | Discussions, joint paper (BadRAM), follow-up plans |
| Impact | BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments |
| Start Year | 2024 |
| Description | Google collaboration on TEE security |
| Organisation | |
| Country | United States |
| Sector | Private |
| PI Contribution | Joined discussions with relevant members of Google's security team |
| Collaborator Contribution | Feedback on research, ideas for joint work and possible funding in the future. |
| Impact | Ongoing discussions with Google on TEE security, planned to lead into joint work or funding |
| Start Year | 2025 |
| Title | BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments |
| Description | This repository contains the scripts and tools to perform BadRAM attacks, as well as the proof-of-concept and end-to-end attacks presented in our paper. |
| Type Of Technology | Software |
| Year Produced | 2024 |
| Impact | the attack was widely picked up by the media, and led to various follow-up discussions |
| URL | https://github.com/badramattack/badram |
| Title | FaultFinder |
| Description | FaultFinder: lightning-fast, multi-architectural fault injection simulation. This repository accompanies the paper presented in the ASHES'24 workshop. |
| Type Of Technology | Software |
| Year Produced | 2024 |
| Open Source License? | Yes |
| Impact | used for follow-up work on SPDM in the IOTEE project |
| URL | https://github.com/fault-finder/fault-finder |
| Description | CODASIP discussions/visit |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | The team invited engineers from CODASIP in Nov for a half-day meeting at the University of Birmingham. This included discussions on possible use of the research outputs in industrial applications, in particular CODASIP's CHERI RISCV cores. Possible follow-up activity will be around forming a KTP or similar. Additional, separate discussions with CODASIP revolved around forming and joining a potential CHERI alliance. |
| Year(s) Of Engagement Activity | 2023 |
| Description | Press Release: Flaw in computer memory leads to global security fixes |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Media (as a channel to the public) |
| Results and Impact | For the "BadRAM" vulnerability, we published a press relase, that was then widely picked up in the media (Ars Technica, The Register, Heise, MSN, ...) |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://www.birmingham.ac.uk/news/2024/flaw-in-computer-memory-leads-to-global-security-fixes |
| Description | Visit and seminar talk at KU Leuven |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Oswald presented the work around software-induced faults on servers at a seminar in the Computer Science department in Leuven. Follow-up discussions led to a new joint research project around DRAM security. |
| Year(s) Of Engagement Activity | 2023 |