Disrupting TEEs with Malicious Notifications

Ahoi Attacks is a family of attacks on Hardware-based Trusted Execution Environments (TEEs) to break AMD SEV-SNP, Intel TDX and Intel SGX.

Heckler
(USENIX Sec'24)

Breaking Confidential VMs with Malicious Interrupts

WeSee
(IEEE S&P'24)

Using Malicious #VC Interrupts to Break AMD SEV-SNP

Sigy
(ACM AsiaCCS'25)

Breaking Intel SGX Enclaves with Malicious Exceptions & Signals

Defining
Ahoi Attacks
/əˈhɔɪ əˈtaks/
noun
a family of attacks that compromise TEEs using malicious notifications.

Why the name Ahoi?

Ahoy is a word used to call a ship or boat. It is often used today in playful imitations of pirate speak. We coin the term Ahoi (sounds like Ahoy) which is an anagram of 1 edit distance from Iago as an homage to classical works that studied interface attacks with TEEs.

Tell Me More

Ahoi Attacks: An Analogy

Ahoi Attacks: An Explainer

Disrupting TEEs with Malicious Notifications

Heckler(USENIX Sec'24)

WeSee(IEEE S&P'24)

Sigy(ACM AsiaCCS'25)

Ahoi Attacks

Why the name Ahoi?

Heckler
(USENIX Sec'24)

WeSee
(IEEE S&P'24)

Sigy
(ACM AsiaCCS'25)