Tobias Cloosters

Academic Staff

Tobias Cloosters, M.Sc.

S-GW 309
+49 201 18-37019


Tobias Cloosters is a research assistant in the working group for Secure Software Systems at the University of Duisburg-Essen.

Curriculum Vitae:

YearPosition/Study Program
since 12/2019Research Assistant at the Secure Software Systems (Syssec) group at the University of Duisburg-Essen
2017−2019Master of Science: Software and Network Engineering at the University of Duisburg-Essen
2015−2019Student Assistant at the Computer Networking Technology Group of the University of Duisburg-Essen
2013−2017Bachelor of Science: Angewandte Informatik – Systems Engineering at the University of Duisburg-Essen


  • Cloosters, Tobias; Rodler, Michael; Davi, Lucas: TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves. In: Proc. of 29th USENIX Security Symposium. 2020. PDFFull textCitationDetails
    TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves

    Intel's Software Guard Extensions (SGX) introduced new instructions to switch the processor to enclave mode which protects it from introspection. While the enclave mode strongly protects the memory and the state of the processor, it cannot withstand memory corruption errors inside the enclave code. In this paper, we show that the attack surface of SGX enclaves provides new challenges for enclave developers as exploitable memory corruption vulnerabilities are easily introduced into enclave code. We develop TeeRex to automatically analyze enclave binary code for vulnerabilities introduced at the host-to-enclave boundary by means of symbolic execution. Our evaluation on public enclave binaries reveal that many of them suffer from memory corruption errors allowing an attacker to corrupt function pointers or perform arbitrary memory writes. As we will show, TeeRex features a specifically tailored framework for SGX enclaves that allows simple proof-of-concept exploit construction to assess the discovered vulnerabilities. Our findings reveal vulnerabilities in multiple enclaves, including enclaves developed by Intel, Baidu, and WolfSSL, as well as biometric fingerprint software deployed on popular laptop brands.

    Full TextSlidesPresentation Video