Tobias Cloosters

Wissenschaftlicher Mitarbeiter

Tobias Cloosters, M.Sc.

S-GW 309
+49 201 18-37019

Zur Person:

Tobias Cloosters ist wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen.


seit 12/2019Wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit (SysSec) an der Universität Duisburg-Essen
2017−2019Master of Science: Software and Network Engineering an der Universität Duisburg-Essen
2015−2019Wissenschaftliche Hilfskraft am Lehrstuhl für Technik der Rechnernetze der Universität Duisburg-Essen
2013−2017Bachelor of Science: Angewandte Informatik – Systems Engineering an der Universität Duisburg-Essen


  • Andreina, Sebastien; Cloosters, Tobias; Davi, Lucas; Giesen, Jens-Rene; Gutfleisch, Marco; Karame, Ghassan; Naiakshina, Alena; Naji, Houda: Defying the Odds: Solana’s Unexpected Resilience in Spite of the Security Challenges Faced by Developers. In: Proc. of the 31th ACM SIGSAC Conference on Computer & Communications Security (CCS). ACM, Salt Lake City, USA 2024. BIB DownloadDetails

    Solana gained considerable attention as one of the most popular blockchain platforms for deploying decentralized applications. Compared to Ethereum, however, we observe a lack of research on how Solana smart contract developers handle security, what challenges they encounter, and how this affects the overall security of the ecosystem.

    To address this, we conducted the first comprehensive study on the Solana platform. Our study shows, quite alarmingly, that none of the participants could detect all important security vulnerabilities in a code review task and that 83% of the participants are likely to release vulnerable smart contracts. Our study also sheds light on the root causes of developers' challenges with Solana smart contract development, suggesting the need for better security guidance and resources. In spite of these challenges, our automated analysis on currently deployed Solana smart contracts surprisingly suggests that the prevalence of vulnerabilities - especially those pointed out as the most challenging in our developer study - is below 0.3%. We explore the causes of this counter-intuitive resilience and show that frameworks, such as Anchor, are positively aiding Solana developers - even those unmindful of security - in deploying secure contracts.

  • Cloosters, Tobias; Draissi, Oussama; Willbold, Johannes; Holz, Thorsten; Davi, Lucas: Memory Corruption at the Border of Trusted Execution. In: IEEE Security & Privacy, Jg. 2024 (2024), S. 2-11. doi:10.1109/MSEC.2024.3381439BIB DownloadDetails

    Trusted execution environments provide strong security guarantees, like isolation and confidentiality, but are not immune from memory-safety violations. Our investigation of public trusted execution environment code based on symbolic execution and fuzzing reveals subtle memory safety issues.

  • Cloosters, Tobias; Paaßen, David; Wang, Jianqiang; Draissi, Oussama; Jauernig, Patrick; Stapf, Emmanuel; Davi, Lucas; Sadeghi, Ahmad-Reza: RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64. In: Proc. of 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022). Limassol, Cyprus 2022. doi:10.1145/3545948.3545997PDFBIB DownloadDetails
  • Cloosters, Tobias; Surminski, Sebastian; Sangel, Gerrit; Davi, Lucas: SALSA: SGX Attestation for Live Streaming Applications. In: Proc. of 7th IEEE Secure Development Conference (SecDev). IEEE, 2022. doi:10.1109/SecDev53368.2022.00019VolltextBIB DownloadDetails

    Intel SGX is a security feature of processors that allows running software in enclaves, isolated from the operating system. Even an attacker with full control of the computer system cannot inspect these enclaves. This makes SGX enclaves an
    adequate solution to store and process highly sensitive data like encryption keys. However, these enclaves are still vulnerable to standard software attacks. While SGX allows static attestation, i.e., validating the integrity of the program code and data in the enclave, static attestation cannot detect run-time attacks.
    We present SALSA , the first solution to allow run-time attestation of SGX enclaves. To show its applicability, we use SALSA to implement a video streaming service that uses an SGX enclave to decode the video stream. When a compromise of the SGX enclave is detected, the streaming of the video instantaneously stops. This shows a practical use-case for runtime attestation of SGX enclaves. In the evaluation, we show that the performance of this setup is sufficient to attest a live video streaming service.

  • Cloosters, Tobias; Willbold, Johannes; Holz, Thorsten; Davi, Lucas: SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing. In: Proc. of 31st USENIX Security Symposium. 2022. PDFBIB DownloadDetails
  • Cloosters, Tobias; Rodler, Michael; Davi, Lucas: TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves. In: Proc. of 29th USENIX Security Symposium. 2020. VolltextBIB DownloadDetails

    Intel's Software Guard Extensions (SGX) introduced new instructions to switch the processor to enclave mode which protects it from introspection. While the enclave mode strongly protects the memory and the state of the processor, it cannot withstand memory corruption errors inside the enclave code. In this paper, we show that the attack surface of SGX enclaves provides new challenges for enclave developers as exploitable memory corruption vulnerabilities are easily introduced into enclave code. We develop TeeRex to automatically analyze enclave binary code for vulnerabilities introduced at the host-to-enclave boundary by means of symbolic execution. Our evaluation on public enclave binaries reveal that many of them suffer from memory corruption errors allowing an attacker to corrupt function pointers or perform arbitrary memory writes. As we will show, TeeRex features a specifically tailored framework for SGX enclaves that allows simple proof-of-concept exploit construction to assess the discovered vulnerabilities. Our findings reveal vulnerabilities in multiple enclaves, including enclaves developed by Intel, Baidu, and WolfSSL, as well as biometric fingerprint software deployed on popular laptop brands.

    Full TextSlidesPresentation Video