M.Sc. Tommaso Frassetto

Research Assistant

Mornewegstraße 30
D-64293 Darmstadt

Phone:+49 (0)6151 16 - 25340
Email:tommaso.frassetto(a-t)trust.tu-darmstadt.de (PGP key)



Since 2016

Research Assistant

at CYSEC and Technische Universität Darmstadt, Germany 


M.Sc. Computer Science

at University of Padua, Italy


B.Sc. Computer Science

at University of Padua, Italy


  • Best Poster Award, ICDCS 2017

    Markus Miettinen, Samuel Marchal, Ibbad Hafeez, Tommaso Frassetto, N. Asokan, Ahmad-Reza Sadeghi and Sasu Tarkoma, "IoT Sentinel Demo: Automated Device-Type Identification for Security Enforcement in IoT" In: Proc. 37th IEEE International Conference on Distributed Computing Systems (ICDCS 2017), June 5-8, 2017, Atlanta, Georgia, USA.

Publications (2018)

IMIX: In-Process Memory Isolation EXtension

Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, Ahmad-Reza Sadeghi
In: 27th USENIX Security Symposium, August 2018

The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX

Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, Ahmad-Reza Sadeghi
In: 27th USENIX Security Symposium, August 2018


JITGuard: Hardening Just-in-time Compilers with SGX

Author Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi
Date November 2017
Kind Inproceedings
Book title24th ACM Conference on Computer and Communications Security (CCS)
LocationDallas, TX, USA
Research Areas System Security Lab
Abstract Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers exploit these vulnerabilities to manipulate code and data of vulnerable applications to generate malicious behavior by means of code-injection and code-reuse attacks. Researchers already demonstrated the power of data-only attacks by disclosing secret data such as cryptographic keys in the past. A large body of literature has investigated defenses against code-injection, code-reuse, and data-only attacks. Unfortunately, most of these defenses are tailored towards statically generated code and their adaption to dynamic code comes with the price of security or performance penalties. However, many common applications, like browsers and document viewers, embed just-in-time compilers to generate dynamic code. The contribution of this paper is twofold: first, we propose a generic data-only attack against JIT compilers, dubbed DOJITA. In contrast to previous data-only attacks that aimed at disclosing secret data, DOJITA enables arbitrary code-execution. Second, we propose JITGuard, a novel defense to mitigate code-injection, code-reuse, and data-only attacks against just-in-time compilers (including DOJITA). JITGuard utilizes Intel's Software Guard Extensions (SGX) to provide a secure environment for emitting the dynamic code to a secret region, which is only known to the JIT compiler, and hence, inaccessible to the attacker. Our proposal is the first solution leveraging SGX to protect the security critical JIT compiler operations, and tackles a number of difficult challenges. As proof of concept we implemented JITGuard for Firefox's JIT compiler SpiderMonkey. Our evaluation shows reasonable overhead of 9.8% for common benchmarks.
Full paper (pdf)
[Export this entry to BibTeX]
[Back to List-View]

Important Copyright Notice:

The documents contained in these directories are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang