Publications & Talks

You can also find my articles on my Google Scholar profile.

Conference Papers

00SEVen – Re-enabling Virtual Machine Forensics: Introspecting Confidential VMs Using Privileged in-VM Agents

Published in 33rd USENIX Security Symposium, 2024 (accept rate: TBA)
Fabian Schwarz has given a talk on this publication at the venue

This paper enables secure remote inspection of confidential AMD SEV-SNP virtual machines (TEE VMs) by introducing attestable, VMPL0-protected in-VM agents and VMPL-aware network channels.

Recommended citation: Schwarz, F. and Rossow, C., "00SEVen -- Re-enabling Virtual Machine Forensics: Introspecting Confidential VMs Using Privileged in-VM Agents". In: 33rd USENIX Security Symposium. August 2024
Download Paper | Download Slides | Download Prototype

FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs

Published in 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022 (accept rate: 19.3%)
Fabian Schwarz has given a talk on this publication at the venue

This paper addresses the cost and recovery issues of FIDO2 web authentication by presenting a design that combines electronic IDs with an attestable, TEE-protected credential service to derive secure attribute-based FIDO2 credentials.

Recommended citation: Schwarz, F., Do, K., Heide, G., Hanzlik, L., and Rossow, C., "FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs". In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. November 2022
Download Paper | Download Prototype

TrustedGateway: TEE-Assisted Routing and Firewall Enforcement using ARM TrustZone

Published in 25th International Symposium on Research in Attacks, Intrusions and Defenses, 2022 (accept rate: 25.2%)
Fabian Schwarz has given a talk on this publication at the venue

This paper presents a new design for standalone gateway routers that protects their network traffic and policy enforcement against system-level attackers using the Arm TrustZone system-level TEE.

Recommended citation: Schwarz, F., "TrustedGateway: TEE-Assisted Routing and Firewall Enforcement using ARM TrustZone". In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses. ACM, October 2022.
Download Paper | Download Prototype

SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients

Published in 29th USENIX Security Symposium, 2020 (accept rate: 16.1%)
Fabian Schwarz has given a talk on this publication at the venue

This paper presents a firewall extension that enables gateway firewalls to enforce secure per-application policies. SENG combines client-side TEEs (Intel SGX) with a gateway-located server to perform attestation-based traffic-to-app attribution.

Recommended citation: Schwarz, F. and Rossow, C., "SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients". In: 29th USENIX Security Symposium. August 2020
Download Paper | Download Slides | Download Prototype

Technical Reports

FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs (Extended Version)

Published in Publication Database of CISPA Helmholtz Center for Information Security (research paper: ACM CCS 2022), 2023

This technical report is an extended version of our FeIDo research paper. FeIDo addresses the cost and recovery issues of FIDO2 web authentication by combining electronic IDs with an attestable, TEE-protected credential service to derive secure attribute-based FIDO2 credentials.

Recommended citation: Schwarz, F., Do, K., Heide, G., Hanzlik, L., and Rossow, C., "FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs". Technical Report. January 2023
Download Paper | Download Prototype

Unpublished

KeyVisor – A Lightweight ISA Extension for Protected Key Handles with CPU-enforced Usage Policies

Not yet published

This paper presents a lightweight security extension for RISC-V CPUs that protects AES keys against local attackers and enforces secure key usage policies. The paper is currently under revision.

Master Thesis

Kernel-based Process Monitoring of Network Services

Submitted in 2017

This master thesis presents a dynamic eBPF-based function tracing architecture, and combines it with static call graph tracing to analyze the potential of seccomp filters for decreasing the attack surface of network services.

Recommended citation: Schwarz, Fabian Frank, "Kernel-based Process Monitoring of Network Services". Master Thesis. Saarland University. 2017

Bachelor Thesis

Security Analysis of Mobile Banking Apps

Submitted in 2015

This bachelor thesis performs a threat analysis of German mobile banking apps on Android.

Recommended citation: Schwarz, Fabian Frank, "Security Analysis of Mobile Banking Apps". Bachelor Thesis. Saarland University. 2015