Publications by Marcel Busch | EPFL Graph Search

Exploiting android’s hardened memory allocator

Most memory corruptions occur on the heap. To harden userspace applications and prevent heap-based exploitation, Google has developed Scudo. Since Android 11, Scudo has replaced jemalloc as the default heap implementation for all native code on Android. Sc ...

USENIX Association2024

SURGEON: Performant, Flexible, and Accurate Re-Hosting via Transplantation

Mathias Josef Payer, Marcel Busch, Florian Hofhammer

Dynamic analysis of microcontroller-based embedded firmware remains challenging. The general lack of source code availability for Commercial-off-the-shelf (COTS) firmware prevents powerful source-based instrumentation and prohibits compiling the firmware i ...

2024

EL3XIR: fuzzing COTS secure monitors

Mathias Josef Payer, Marcel Busch

ARM TrustZone forms the security backbone of mobile devices. TrustZone-based Trusted Execution Environments (TEEs) facilitate security-sensitive tasks like user authentication, disk encryption, and digital rights management (DRM). As such, bugs in the TEE ...

USENIX Association2024

GlobalConfusion: TrustZone Trusted Application 0-Days by Design

Mathias Josef Payer, Marcel Busch

Trusted Execution Environments form the backbone of mobile device security architectures. The GlobalPlatform Internal Core API is the de-facto standard that unites the fragmented landscape of real-world implementations, providing compatibility between diff ...

USENIX Association2024

Spill the TeA: an empirical study of trusted application rollback prevention on android smartphones

Mathias Josef Payer, Marcel Busch

The number and complexity of Trusted Applications (TAs, applications running in Trusted Execution Environments— TEEs) deployed on mobile devices has exploded. A vulnerability in a single TA impacts the security of the entire device. Thus, vendors must rapi ...

USENIX Association2024

TEEzz: Fuzzing Trusted Applications on COTS Android Devices

Mathias Josef Payer, Marcel Busch

Security and privacy-sensitive smartphone applications use trusted execution environments (TEEs) to protect sensitive operations from malicious code. By design, TEEs have privileged access to the entire system but expose little to no insight into their inn ...

IEEE COMPUTER SOC2023