🏆 Our paper received the Distinguished Paper Award at ACM CCS 2025!
BadAML: Exploiting Legacy Firmware Interfaces to Compromise Confidential Virtual Machines

Satoru Takekoshi (4th-year Ph.D. student) from the Shinagawa Laboratory presented his research at the 32nd ACM Conference on Computer and Communications Security (ACM CCS 2025) held in Taipei in October 2025, where his paper received the Distinguished Paper Award.
The paper proposes BadAML, an attack that exploits the standard firmware interfaces ACPI and AML to enable arbitrary code execution inside confidential virtual machines (CVMs) without depending on specific CPU vendors or operating systems. It also presents AML Sandbox, a defense mechanism that enforces security policies based on the trust boundary of CVMs, demonstrating its effectiveness across 18 real-world cloud CVM instances.
This work uncovers an overlooked attack vector in CVMs and underscores the importance of protecting legacy interfaces.
We would like to express our sincere gratitude to all co-authors, collaborators, and contributors for their invaluable support.
(2025).