M.Sc. Tommaso Frassetto

Research Assistant

Mornewegstraße 30
D-64293 Darmstadt

Phone:+49 (0)6151 16 - 25340
Email:tommaso.frassetto(a-t)trust.tu-darmstadt.de (PGP key)



Since 2016

Research Assistant

at CYSEC and Technische Universität Darmstadt, Germany 


M.Sc. Computer Science

at University of Padua, Italy


B.Sc. Computer Science

at University of Padua, Italy


  • Best Poster Award, ICDCS 2017

    Markus Miettinen, Samuel Marchal, Ibbad Hafeez, Tommaso Frassetto, N. Asokan, Ahmad-Reza Sadeghi and Sasu Tarkoma, "IoT Sentinel Demo: Automated Device-Type Identification for Security Enforcement in IoT" In: Proc. 37th IEEE International Conference on Distributed Computing Systems (ICDCS 2017), June 5-8, 2017, Atlanta, Georgia, USA.

Publications (2018)

IMIX: In-Process Memory Isolation EXtension

Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, Ahmad-Reza Sadeghi
In: 27th USENIX Security Symposium, August 2018

The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX

Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, Ahmad-Reza Sadeghi
In: 27th USENIX Security Symposium, August 2018


DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization

Author Ferdinand Brasser, Srdjan Capkun, Alexandra Dmitrienko, Tommaso Frassetto, Kari Kostiainen, Urs Müller, Ahmad-Reza Sadeghi
Date September 2017
Kind Techreport
Research Areas System Security Lab
Abstract Recent research has demonstrated that Intel's SGX is vulnerable to various software-based side-channel attacks. In particular, attacks that monitor CPU caches shared between the victim enclave and untrusted software enable accurate leakage of secret enclave data. Known defenses assume developer assistance, require hardware changes, impose high overhead, or prevent only some of the known attacks. In this paper we propose data location randomization as a novel defensive approach to address the threat of side-channel attacks. Our main goal is to break the link between the cache observations by the privileged adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments enclave code such that data locations are permuted at the granularity of cache lines. We realize the permutation with the CPU's cryptographic hardware-acceleration units providing secure randomization. To prevent correlation of repeated memory accesses we continuously re-randomize all enclave data during execution. Our solution effectively protects many (but not all) enclaves from cache attacks and provides a complementary enclave hardening technique that is especially useful against unpredictable information leakage.
Website https://arxiv.org/abs/1709.09917
[Export this entry to BibTeX]
[Back to List-View]

Important Copyright Notice:

The documents contained in these directories are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang