📄 Paper Accepted to ACM CCS 2025!

Last updated on Jul 3, 2025 Publication

A paper by Satoru Takekoshi, a third-year doctoral researcher in the Shinagawa Laboratory, has been accepted to the 32nd ACM Conference on Computer and Communications Security (ACM CCS 2025).

This paper proposes BadAML, an attack that enables a malicious hypervisor to execute arbitrary code inside confidential virtual machines (CVMs), and presents an effective defense mechanism.

The research demonstrates that by exploiting ACPI—a legacy firmware interface still widely used across operating systems—an adversarial hypervisor can inject arbitrary binary code into a guest OS and execute it with kernel privileges, without being detected by attestation mechanisms of CVMs and without depending on CPU or OS type.

The core concept of this work extends the ideas previously presented at Black Hat Europe 2024.

📣 Presentation at Black Hat Europe 2024
Satoru Takekoshi (UTokyo) and Manami Mori (TMU) presented our research findings at Black Hat Europe 2024.
Dec 11, 2024 Publication
📣 Presentation at Black Hat Europe 2024

In this paper, the authors discuss the attack in detail, explore mitigation techniques, and propose a practical defense called the AML Sandboxing, which they evaluated in real cloud environments to demonstrate its effectiveness.

ACM CCS is recognized as one of the top four international conferences in the field of security. To the best of our knowledge, this is the first time that a systems software paper from Japan has been accepted to ACM CCS.

Satoru Takekoshi, Manami Mori, Takaaki Fukai, Takahiro Shinagawa (2025). BadAML: Exploiting Legacy Firmware Interfaces to Compromise Confidential Virtual Machines. ACM CCS 2025.

Project

CVM
Shinagawa Laboratory
Administartor

Shinagawa Laboratory, The University of Tokyo