SECOMP: Formally Secure Compilation of Compartmentalized C Programs
Undefined behavior in C often causes devastating security vulnerabilities. One practical
mitigation is compartmentalization, which allows developers to structure large programs into …
mitigation is compartmentalization, which allows developers to structure large programs into …
Olive-like Networking: A Uniformity Driven Robust Topology Generation Scheme for IoT System
With the scale of the Internet of Things (IoT) system growing constantly, node failures
frequently occur due to device malfunctions or cyberattacks. Existing robust network …
frequently occur due to device malfunctions or cyberattacks. Existing robust network …
Mon CH\ERI< 3 Adapting Capability Hardware Enhanced RISC with Conditional Capabilities
M Gülmez, H Englund, JT Mühlberg… - arXiv preprint arXiv …, 2024 - arxiv.org
Up to 10% of memory-safety vulnerabilities in languages like C and C++ stem from
uninitialized variables. This work addresses the prevalence and lack of adequate software …
uninitialized variables. This work addresses the prevalence and lack of adequate software …
SoK: Software Compartmentalization
Decomposing large systems into smaller components with limited privileges has long been
recognized as an effective means to minimize the impact of exploits. Despite historical roots …
recognized as an effective means to minimize the impact of exploits. Despite historical roots …
[PDF][PDF] A CHERI C Memory Model for Verified Temporal Safety
Memory safety concerns continue to be a major source of security vulnerabilities. The
CHERI architecture, as instantiated in prototype CHERI-RISC-V cores, the Arm Morello …
CHERI architecture, as instantiated in prototype CHERI-RISC-V cores, the Arm Morello …
CHERI: Hardware-Enabled C/C++ Memory Protection at Scale
RNM Watson, D Chisnall, J Clarke… - IEEE Security & …, 2024 - ieeexplore.ieee.org
The memory-safe Capability Hardware Enhanced RISC Instructions (CHERI) C and C++
languages build on architectural capabilities in the CHERI protection model. With the …
languages build on architectural capabilities in the CHERI protection model. With the …
VeriCHERI: Exhaustive Formal Security Verification of CHERI at the RTL
Protecting data in memory from attackers continues to be a concern in computing systems.
CHERI is a promising approach to achieve such protection, by providing and enforcing fine …
CHERI is a promising approach to achieve such protection, by providing and enforcing fine …
μBPF: Using eBPF for Microcontroller Compartmentalization
S Kubica, M Kogias - Proceedings of the ACM SIGCOMM 2024 …, 2024 - dl.acm.org
Although eBPF (Extended Berkeley Packet Filter) started as a virtualization technology used
in the Linux kernel to allow for executing user code inside the kernel in a safe way, it is a …
in the Linux kernel to allow for executing user code inside the kernel in a safe way, it is a …
[图书][B] Functional Programming for Securing Cloud and Embedded Environment
A Sarkar - 2024 - research.chalmers.se
The ubiquity of digital systems across all aspects of modern society, while beneficial, has
simultaneously exposed a lucrative attack surface for potential adversaries and attackers …
simultaneously exposed a lucrative attack surface for potential adversaries and attackers …
IEEE Security & Privacy Magazine
The memory-safe CHERI C and C++ languages build on architectural capabilities in the
CHERI protection model. With the development of two industrial CHERI-enabled processors …
CHERI protection model. With the development of two industrial CHERI-enabled processors …