Publications

2024

Mon CHÈRI ♡ Adapting Capability Hardware Enhanced RISC with Conditional Capabilities
M. Gülmez, H. Englund, J. T. Mühlberg, T. Nyman
Pre-print: https://arxiv.org/abs/2407.08663

2023

Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust
M. Gülmez, T. Nyman, C. Baumann, J. T. Mühlberg
In Proceedings of IEEE Secure Development Conference 2023 (SecDev 2023)
DOI: https://doi.org/10.1109/SecDev56634.2023.00020
Pre-print: https://arxiv.org/abs/2306.08127

Exploring the Environmental Benefits of In-Process Isolation for Software Resilience
M. Gülmez, T. Nyman, C. Baumann, J. T. Mühlberg
In Proceedings of 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S 2023).
DOI: http://doi.org/10.1109/DSN-S58398.2023.00056
Pre-print: https://arxiv.org/abs/2306.02131

Rewind & Discard: Improving Software Resilience Using Isolated Domains
M. Gülmez, T. Nyman, C. Baumann, J. T. Mühlberg
In Proceedings of 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2023).
DOI: http://doi.org/10.1109/DSN58367.2023.00046


2022

Hardware Platform Security for Mobile Devices
L. J. Gunn, N. Asokan, J-E. Ekberg, H. Liljestrand, V. Nayani, T. Nyman
In Foundations and Trends in Privacy and Security: Vol. 3: No. 3-4, pp 214-394, Jun. 2022.
DOI:http://dx.doi.org/10.1561/3300000024
Available: https://ssg.aalto.fi

Unlimited Lives: Secure In-Process Rollback with Isolated Domains
M. Gülmez, T. Nyman, C. Baumann, J. T. Mühlberg
Pre-print: https://arxiv.org/abs/2205.03205


2021

Exploitation Techniques for Data-oriented Attacks with Existing and Potential Defense Approaches
L. Cheng, S. Ahmed, H. Liljestrand, T. Nyman, H. Cai, T. Jaeger,  N. Asokan,  D. Yao
In ACM Trans. Priv. Secur. 24, 4, Article 26 (November 2021).
DOI: https://doi.org/10.1145/3462699

PacStack: an Authenticated Call Stack
H. Liljestrand, T. Nyman, L. J. Gunn, J-E. Ekberg, N. Asokan
In Proceedings of the 30th USENIX Security Symposium (USENIX Security 2021).
Available: https://www.usenix.org
Technical report available at: https://arxiv.org/abs/1905.10242


2020

Toward Hardware-assisted Run-Time Protection
T. Nyman
Aalto University publication series DOCTORAL DISSERTATIONS, 150/2020
URN: http://urn.fi/URN:ISBN:978-952-64-0065-5


2019

Protecting the stack with PACed canaries
H. Liljestrand, Z. Gauhar, T. Nyman, J-E. Ekberg, N. Asokan
In 4th Workshop on System Software for Trusted Execution (SysTEX 2019)
DOI: https://doi.org/10.1145/3342559.3365336
Technical report available at: https://arxiv.org/abs/1909.05747

Late Breaking Results: Authenticated Call Stack
H. Liljestrand, T. Nyman, J-E. Ekberg. N. Asokan
In Proceedings of the 56th Annual Design Automation Conference (DAC 2019).
DOI: https://doi.org/10.1145/3316781.3322469

Exploitation Techniques and Defenses for Data-Oriented Attacks.
L. Cheng, H. Liljestrand, T. Nyman, Y. Tsung Lee., D. Yao., T. Jaeger, N. Asokan.
In Proceedings of IEEE Secure Development Conference 2019 (SecDev 2019)
DOI: https://doi.org/10.1109/SecDev.2019.00022
Available: https://conferences.computer.org/
Technical report available at: https://arxiv.org/abs/1902.08359

HardScope: Hardening Embedded Systems Against Data-Oriented Attacks.
T. Nyman, G. Dessouky, S. Zeitouni. A. Lehikoinen, A. Paverd, N. Asokan and A-R. Sadeghi.
In Proceedings of the 56th Annual Design Automation Conference (DAC 2019).
DOI: https://doi.org/10.1145/3316781.3317836
Technical report available at: https://arxiv.org/abs/1705.10295

PAC it up: Towards Pointer Integrity using ARM Pointer Authentication.
H. Liljestrand, T. Nyman, K. Wang, C. Chinea Perez, J-E Ekberg, N. Asokan
In Proceedings of the 28th USENIX Security Symposium (USENIX Security 2019).
Available: https://www.usenix.org/
Technical report available at: https://arxiv.org/abs/1811.09189


2018

ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices.
N. Asokan, T. Nyman, N. Rattanavipanon, A-R. Sadeghi and G. Tsudik.
In IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 37, no. 11,. IEEE, 2290-2300, Nov. 2018. (Special Issue ESWEEK 2018, CASES 2018, CODES + ISSS 2018 and EMSOFT 2018).
DOI: https://doi.org/10.1109/TCAD.2018.2858422
Technical report available at: https://arxiv.org/abs/1807.05002


2017

CFI CaRE: Hardware-supported Call and Return Enforcement for Commercial Microcontrollers.
T. Nyman, J-E. Ekberg, L. Davi and N. Asokan.
In Dacier M., Bailey M., Polychronakis M., Antonakakis M. (eds) Research in Attacks, Intrusions, and Defenses (RAID 2017). Lecture Notes in Computer Science, vol 10453. Springer, Cham, 259-284.
DOI: https://doi.org/10.1007/978-3-319-66332-6_12
Technical report available at: https://arxiv.org/abs/1706.05715

LO-FAT: Low-Overhead Control Flow ATtestation in Hardware.
G. Dessouky, S. Zeitouni, T. Nyman, A. Paverd, L. Davi, P. Koeberl, N. Asokan and A-R. Sadeghi.
In Proceedings of the 54th Annual Design Automation Conference 2017 (DAC ’17). ACM, New York, NY, USA, Article 24, 6 pages.
DOI: https://doi.org/10.1145/3061639.3062276
Technical report available at: https://arxiv.org/abs/1706.03754


2016

C-FLAT: Control-Flow Attestation for Embedded Systems Software.
T. Abera, N. Asokan , L. Davi , J-E. Ekberg, T. Nyman , A. Paverd , A-R. Sadeghi and G. Tsudik.
In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16). ACM, New York, NY, USA, 743-754.
DOI: https://doi.org/10.1145/2976749.2978358
Technical report available at: https://arxiv.org/abs/1605.07763

Characterizing SEAndroid Policies in the Wild.
E. Reshetova, F. Bonazzi, T. Nyman, R. Borgaonkar, N. Asokan.
In Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP ’16) – Volume 1. SciTePress, 482-489.
DOI: https://www.doi.org/10.5220/0005759204820489
Technical report available at:  https://arxiv.org/abs/1510.05497


2015

On Making Emerging Trusted Execution Environments Accessible to Developers.
T. Nyman, B. McGillion and N. Asokan.
In Conti M., Schunter M., Askoxylakis I. (eds) Trust and Trustworthy Computing (Trust 2015). Lecture Notes in Computer Science, vol 9229. Springer, Cham, 58-67.
DOI: https://doi.org/10.1007/978-3-319-22846-4_4
Technical report available at: http://arxiv.org/abs/1506.07739

Open-TEE – An Open Virtual Trusted Execution Environment.
B. McGillion, T. Dettenborn, T. Nyman and N. Asokan.
In Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA  (TRUSTCOM ’15) – Volume 01. IEEE Computer Society, Washington, DC, USA, 400-407.
DOI: http://dx.doi.org/10.1109/Trustcom.2015.400
Technical report available at: http://arxiv.org/abs/1506.07367


2014

Security of OS-Level Virtualization Technologies.
E. Reshetova, J. Karhunen, T. Nyman and N. Asokan.
In Bernsmed K., Fischer-Hübner S. (eds) Secure IT Systems (NordSec 2014). Lecture Notes in Computer Science, vol 8788. Springer, Cham, 77–93.
DOI: https://doi.org/10.1007/978-3-319-11599-3_5
Technical report available at: https://arxiv.org/abs/1407.4245

Citizen Electronic Identities Using TPM 2.0.
T. Nyman, J-E. Ekberg, N. Asokan.
In Proceedings of the 4th International Workshop on Trustworthy Embedded Devices (TrustEd ’14). ACM, New York, NY, USA, 37-48.
DOI: http://doi.acm.org/10.1145/2666141.2666146
Technical report available at: https://arxiv.org/abs/1409.1023