---
_id: '58657'
abstract:
- lang: eng
text: "The rapid growth of 3D printing technology has transformed a wide range of
industries, enabling the on-demand production of complex objects, from aerospace
components to medical devices. However, this technology also introduces significant
security challenges. Previous research highlighted the security implications of
G-Codes—commands used to control the printing process. These studies assumed powerful
attackers and focused on manipulations of the printed models, leaving gaps in
understanding the full attack potential.\r\n\r\nIn this study, we systematically
analyze security threats associated with 3D printing, focusing specifically on
vulnerabilities caused by G-Code commands. We introduce attacks and attacker models
that assume a less powerful adversary than traditionally considered, broadening
the scope of potential security threats. Our findings show that even minimal access
to the 3D printer can result in significant security breaches, such as unauthorized
access to subsequent print jobs or persistent misconfiguration of the printer.
We identify 278 potentially malicious G-Codes across the attack categories Information
Disclosure, Denial of Service, and Model Manipulation. Our evaluation demonstrates
the applicability of these attacks across various 3D printers and their firmware.
Our findings underscore the need for a better standardization process of G-Codes
and corresponding security best practices.\r\n"
author:
- first_name: Jost
full_name: Rossel, Jost
id: '58331'
last_name: Rossel
orcid: 0000-0002-3182-4059
- first_name: Vladislav
full_name: Mladenov, Vladislav
last_name: Mladenov
- first_name: Nico
full_name: Wördenweber, Nico
last_name: Wördenweber
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Rossel J, Mladenov V, Wördenweber N, Somorovsky J. Security Implications of
Malicious G-Codes in 3D Printing. In: Proceedings of the 34th USENIX Security
Symposium. ; 2025:1867-1885.'
apa: Rossel, J., Mladenov, V., Wördenweber, N., & Somorovsky, J. (2025). Security
Implications of Malicious G-Codes in 3D Printing. Proceedings of the 34th USENIX
Security Symposium, 1867–1885.
bibtex: '@inproceedings{Rossel_Mladenov_Wördenweber_Somorovsky_2025, title={Security
Implications of Malicious G-Codes in 3D Printing}, booktitle={Proceedings of the
34th USENIX Security Symposium}, author={Rossel, Jost and Mladenov, Vladislav
and Wördenweber, Nico and Somorovsky, Juraj}, year={2025}, pages={1867–1885} }'
chicago: Rossel, Jost, Vladislav Mladenov, Nico Wördenweber, and Juraj Somorovsky.
“Security Implications of Malicious G-Codes in 3D Printing.” In Proceedings
of the 34th USENIX Security Symposium, 1867–85, 2025.
ieee: J. Rossel, V. Mladenov, N. Wördenweber, and J. Somorovsky, “Security Implications
of Malicious G-Codes in 3D Printing,” in Proceedings of the 34th USENIX Security
Symposium, Seattle, WA, USA, 2025, pp. 1867–1885.
mla: Rossel, Jost, et al. “Security Implications of Malicious G-Codes in 3D Printing.”
Proceedings of the 34th USENIX Security Symposium, 2025, pp. 1867–85.
short: 'J. Rossel, V. Mladenov, N. Wördenweber, J. Somorovsky, in: Proceedings of
the 34th USENIX Security Symposium, 2025, pp. 1867–1885.'
conference:
end_date: 2025-08-15
location: Seattle, WA, USA
name: 34th USENIX Security Symposium
start_date: 2025-08-13
date_created: 2025-02-17T11:12:17Z
date_updated: 2025-08-22T10:34:24Z
ddc:
- '000'
department:
- _id: '632'
file:
- access_level: open_access
content_type: application/pdf
creator: jrossel
date_created: 2025-02-17T11:10:31Z
date_updated: 2025-02-17T11:13:10Z
file_id: '58660'
file_name: Security_Analysis_of_G_Codes.pdf
file_size: 1562838
relation: main_file
file_date_updated: 2025-02-17T11:13:10Z
has_accepted_license: '1'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://www.usenix.org/conference/usenixsecurity25/presentation/rossel
oa: '1'
page: 1867 - 1885
publication: Proceedings of the 34th USENIX Security Symposium
publication_status: published
quality_controlled: '1'
status: public
title: Security Implications of Malicious G-Codes in 3D Printing
type: conference
user_id: '58331'
year: '2025'
...
---
_id: '62738'
abstract:
- lang: eng
text: 'Vulnerability disclosures are necessary to improve the security of our digital
ecosystem. However, they can also be challenging for researchers: it may be hard
to find out who the affected parties even are, or how to contact them. Researchers
may be ignored or face adversity when disclosing vulnerabilities. We investigate
researchers'' experiences with vulnerability disclosures, extract best practices,
and make recommendations for researchers, institutions that employ them, industry,
and regulators to enable effective vulnerability disclosures.'
author:
- first_name: Harshini
full_name: Sri Ramulu, Harshini
id: '99000'
last_name: Sri Ramulu
orcid: 0000-0002-0000-5843
- first_name: Anna Lena
full_name: Rotthaler, Anna Lena
id: '97843'
last_name: Rotthaler
- first_name: Jost
full_name: Rossel, Jost
id: '58331'
last_name: Rossel
orcid: 0000-0002-3182-4059
- first_name: Rachel
full_name: Gonzalez Rodriguez, Rachel
last_name: Gonzalez Rodriguez
- first_name: Dominik
full_name: Wermke, Dominik
last_name: Wermke
- first_name: Sascha
full_name: Fahl, Sascha
last_name: Fahl
- first_name: Tadayoshi
full_name: Kohno, Tadayoshi
last_name: Kohno
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
citation:
ama: 'Sri Ramulu H, Rotthaler AL, Rossel J, et al. Poster: Computer Security Researchers’
Experiences with Vulnerability Disclosures. In: Proceedings of the 2025 ACM
SIGSAC Conference on Computer and Communications Security. ACM; 2025. doi:10.1145/3719027.3760723'
apa: 'Sri Ramulu, H., Rotthaler, A. L., Rossel, J., Gonzalez Rodriguez, R., Wermke,
D., Fahl, S., Kohno, T., Somorovsky, J., & Acar, Y. (2025). Poster: Computer
Security Researchers’ Experiences with Vulnerability Disclosures. Proceedings
of the 2025 ACM SIGSAC Conference on Computer and Communications Security.
https://doi.org/10.1145/3719027.3760723'
bibtex: '@inproceedings{Sri Ramulu_Rotthaler_Rossel_Gonzalez Rodriguez_Wermke_Fahl_Kohno_Somorovsky_Acar_2025,
title={Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures},
DOI={10.1145/3719027.3760723},
booktitle={Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications
Security}, publisher={ACM}, author={Sri Ramulu, Harshini and Rotthaler, Anna Lena
and Rossel, Jost and Gonzalez Rodriguez, Rachel and Wermke, Dominik and Fahl,
Sascha and Kohno, Tadayoshi and Somorovsky, Juraj and Acar, Yasemin}, year={2025}
}'
chicago: 'Sri Ramulu, Harshini, Anna Lena Rotthaler, Jost Rossel, Rachel Gonzalez
Rodriguez, Dominik Wermke, Sascha Fahl, Tadayoshi Kohno, Juraj Somorovsky, and
Yasemin Acar. “Poster: Computer Security Researchers’ Experiences with Vulnerability
Disclosures.” In Proceedings of the 2025 ACM SIGSAC Conference on Computer
and Communications Security. ACM, 2025. https://doi.org/10.1145/3719027.3760723.'
ieee: 'H. Sri Ramulu et al., “Poster: Computer Security Researchers’ Experiences
with Vulnerability Disclosures,” 2025, doi: 10.1145/3719027.3760723.'
mla: 'Sri Ramulu, Harshini, et al. “Poster: Computer Security Researchers’ Experiences
with Vulnerability Disclosures.” Proceedings of the 2025 ACM SIGSAC Conference
on Computer and Communications Security, ACM, 2025, doi:10.1145/3719027.3760723.'
short: 'H. Sri Ramulu, A.L. Rotthaler, J. Rossel, R. Gonzalez Rodriguez, D. Wermke,
S. Fahl, T. Kohno, J. Somorovsky, Y. Acar, in: Proceedings of the 2025 ACM SIGSAC
Conference on Computer and Communications Security, ACM, 2025.'
conference:
end_date: 2025-10-17
start_date: 2025-10-13
date_created: 2025-12-02T08:48:00Z
date_updated: 2025-12-02T08:54:18Z
doi: 10.1145/3719027.3760723
keyword:
- software vulnerabilities
- vulnerability disclosure
- security research
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://dl.acm.org/doi/10.1145/3719027.3760723
oa: '1'
publication: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications
Security
publication_status: published
publisher: ACM
status: public
title: 'Poster: Computer Security Researchers'' Experiences with Vulnerability Disclosures'
type: conference
user_id: '58331'
year: '2025'
...
---
_id: '46500'
abstract:
- lang: eng
text: The security of Industrial Control Systems is relevant both for reliable production
system operations and for high-quality throughput in terms of manufactured products.
Security measures are designed, operated and maintained by different roles along
product and production system lifecycles. Defense-in-Depth as a paradigm builds
upon the assumption that breaches are unavoidable. The paper at hand provides
an analysis of roles, corresponding Human Factors and their relevance for data
theft and sabotage attacks. The resulting taxonomy is reflected by an example
related to Additive Manufacturing. The results assist in both designing and redesigning
Industrial Control System as part of an entire production system so that Defense-in-Depth
with regard to Human Factors is built in by design.
author:
- first_name: Jens
full_name: Pottebaum, Jens
id: '405'
last_name: Pottebaum
orcid: http://orcid.org/0000-0001-8778-2989
- first_name: Jost
full_name: Rossel, Jost
id: '58331'
last_name: Rossel
orcid: 0000-0002-3182-4059
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
- first_name: René
full_name: Fahr, René
id: '111'
last_name: Fahr
- first_name: Patricia
full_name: Arias Cabarcos, Patricia
id: '92804'
last_name: Arias Cabarcos
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Iris
full_name: Gräßler, Iris
id: '47565'
last_name: Gräßler
orcid: 0000-0001-5765-971X
citation:
ama: 'Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control
Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.
In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).
IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048'
apa: Pottebaum, J., Rossel, J., Somorovsky, J., Acar, Y., Fahr, R., Arias Cabarcos,
P., Bodden, E., & Gräßler, I. (2023). Re-Envisioning Industrial Control Systems
Security by Considering Human Factors as a Core Element of Defense-in-Depth. 2023
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW),
379–385. https://doi.org/10.1109/eurospw59978.2023.00048
bibtex: '@inproceedings{Pottebaum_Rossel_Somorovsky_Acar_Fahr_Arias Cabarcos_Bodden_Gräßler_2023,
title={Re-Envisioning Industrial Control Systems Security by Considering Human
Factors as a Core Element of Defense-in-Depth}, DOI={10.1109/eurospw59978.2023.00048},
booktitle={2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)},
publisher={IEEE}, author={Pottebaum, Jens and Rossel, Jost and Somorovsky, Juraj
and Acar, Yasemin and Fahr, René and Arias Cabarcos, Patricia and Bodden, Eric
and Gräßler, Iris}, year={2023}, pages={379–385} }'
chicago: Pottebaum, Jens, Jost Rossel, Juraj Somorovsky, Yasemin Acar, René Fahr,
Patricia Arias Cabarcos, Eric Bodden, and Iris Gräßler. “Re-Envisioning Industrial
Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.”
In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW),
379–85. IEEE, 2023. https://doi.org/10.1109/eurospw59978.2023.00048.
ieee: 'J. Pottebaum et al., “Re-Envisioning Industrial Control Systems Security
by Considering Human Factors as a Core Element of Defense-in-Depth,” in 2023
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW),
Delft, Netherlands, 2023, pp. 379–385, doi: 10.1109/eurospw59978.2023.00048.'
mla: Pottebaum, Jens, et al. “Re-Envisioning Industrial Control Systems Security
by Considering Human Factors as a Core Element of Defense-in-Depth.” 2023 IEEE
European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE,
2023, pp. 379–85, doi:10.1109/eurospw59978.2023.00048.
short: 'J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos,
E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy
Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.'
conference:
end_date: 2023-07-07
location: Delft, Netherlands
name: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
start_date: 2023-07-03
date_created: 2023-08-15T12:21:05Z
date_updated: 2025-07-16T11:06:47Z
ddc:
- '000'
department:
- _id: '34'
- _id: '152'
- _id: '76'
- _id: '632'
- _id: '858'
doi: 10.1109/eurospw59978.2023.00048
file:
- access_level: closed
content_type: application/pdf
creator: jrossel
date_created: 2024-09-05T13:00:09Z
date_updated: 2024-09-05T13:00:09Z
file_id: '56077'
file_name: Re_envisioning_Industrial_Control_Systems_security.pdf
file_size: 197727
relation: main_file
file_date_updated: 2024-09-05T13:00:09Z
has_accepted_license: '1'
keyword:
- Defense-in-Depth
- Human Factors
- Production Engineering
- Product Design
- Systems Engineering
language:
- iso: eng
main_file_link:
- url: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10190647
page: 379-385
publication: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
publication_status: published
publisher: IEEE
quality_controlled: '1'
status: public
title: Re-Envisioning Industrial Control Systems Security by Considering Human Factors
as a Core Element of Defense-in-Depth
type: conference
user_id: '58331'
year: '2023'
...
---
_id: '48012'
abstract:
- lang: eng
text: '3D printing is a well-established technology with rapidly increasing usage
scenarios both in the industry and consumer context. The growing popularity of
3D printing has also attracted security researchers, who have analyzed possibilities
for weakening 3D models or stealing intellectual property from 3D models. We extend
these important aspects and provide the first comprehensive security analysis
of 3D printing data formats. We performed our systematic study on the example
of the 3D Manufacturing Format (3MF), which offers a large variety of features
that could lead to critical attacks. Based on 3MF’s features, we systematized
three attack goals: Data Exfiltration (dex), Denial of Service, and UI Spoofing
(uis). We achieve these goals by exploiting the complexity of 3MF, which is based
on the Open Packaging Conventions (OPC) format and uses XML to define 3D models.
In total, our analysis led to 352 tests. To create and run these tests automatically,
we implemented an open-source tool named 3MF Analyzer (tool), which helped us
evaluate 20 applications.'
author:
- first_name: Jost
full_name: Rossel, Jost
id: '58331'
last_name: Rossel
orcid: 0000-0002-3182-4059
- first_name: Vladislav
full_name: Mladenov, Vladislav
last_name: Mladenov
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Rossel J, Mladenov V, Somorovsky J. Security Analysis of the 3MF Data Format.
In: Proceedings of the 26th International Symposium on Research in Attacks,
Intrusions and Defenses. ACM; 2023. doi:10.1145/3607199.3607216'
apa: Rossel, J., Mladenov, V., & Somorovsky, J. (2023). Security Analysis of
the 3MF Data Format. Proceedings of the 26th International Symposium on Research
in Attacks, Intrusions and Defenses. 26th International Symposium on Research
in Attacks, Intrusions and Defenses, Hongkong. https://doi.org/10.1145/3607199.3607216
bibtex: '@inproceedings{Rossel_Mladenov_Somorovsky_2023, title={Security Analysis
of the 3MF Data Format}, DOI={10.1145/3607199.3607216},
booktitle={Proceedings of the 26th International Symposium on Research in Attacks,
Intrusions and Defenses}, publisher={ACM}, author={Rossel, Jost and Mladenov,
Vladislav and Somorovsky, Juraj}, year={2023} }'
chicago: Rossel, Jost, Vladislav Mladenov, and Juraj Somorovsky. “Security Analysis
of the 3MF Data Format.” In Proceedings of the 26th International Symposium
on Research in Attacks, Intrusions and Defenses. ACM, 2023. https://doi.org/10.1145/3607199.3607216.
ieee: 'J. Rossel, V. Mladenov, and J. Somorovsky, “Security Analysis of the 3MF
Data Format,” presented at the 26th International Symposium on Research in Attacks,
Intrusions and Defenses, Hongkong, 2023, doi: 10.1145/3607199.3607216.'
mla: Rossel, Jost, et al. “Security Analysis of the 3MF Data Format.” Proceedings
of the 26th International Symposium on Research in Attacks, Intrusions and Defenses,
ACM, 2023, doi:10.1145/3607199.3607216.
short: 'J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International
Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.'
conference:
end_date: 2023-10-18
location: Hongkong
name: 26th International Symposium on Research in Attacks, Intrusions and Defenses
start_date: 2023-10-16
date_created: 2023-10-11T13:42:09Z
date_updated: 2025-07-16T11:06:49Z
ddc:
- '000'
department:
- _id: '632'
doi: 10.1145/3607199.3607216
file:
- access_level: open_access
content_type: application/pdf
creator: jrossel
date_created: 2023-10-16T03:48:08Z
date_updated: 2024-09-05T11:14:40Z
file_id: '48065'
file_name: Security_Analysis_of_the_3mf_Data_Format.pdf
file_size: 1054999
relation: main_file
file_date_updated: 2024-09-05T11:14:40Z
has_accepted_license: '1'
keyword:
- Data Format Security
- 3D Manufacturing Format
- 3D Printing
- Additive Manufacturing
language:
- iso: eng
main_file_link:
- url: https://dl.acm.org/doi/abs/10.1145/3607199.3607216
oa: '1'
publication: Proceedings of the 26th International Symposium on Research in Attacks,
Intrusions and Defenses
publication_status: published
publisher: ACM
quality_controlled: '1'
status: public
title: Security Analysis of the 3MF Data Format
type: conference
user_id: '58331'
year: '2023'
...