SECOMP: Formally Secure Compilation of Compartmentalized C Programs

J Thibault, R Blanco, D Lee, S Argo… - Proceedings of the …, 2024 - dl.acm.org
Undefined behavior in C often causes devastating security vulnerabilities. One practical
mitigation is compartmentalization, which allows developers to structure large programs into …

Olive-like Networking: A Uniformity Driven Robust Topology Generation Scheme for IoT System

T Qiu, J Sun, N Chen, S Zhang, W Si… - IEEE Transactions on …, 2024 - ieeexplore.ieee.org
With the scale of the Internet of Things (IoT) system growing constantly, node failures
frequently occur due to device malfunctions or cyberattacks. Existing robust network …

Mon CH\ERI< 3 Adapting Capability Hardware Enhanced RISC with Conditional Capabilities

M Gülmez, H Englund, JT Mühlberg… - arXiv preprint arXiv …, 2024 - arxiv.org
Up to 10% of memory-safety vulnerabilities in languages like C and C++ stem from
uninitialized variables. This work addresses the prevalence and lack of adequate software …

SoK: Software Compartmentalization

H Lefeuvre, N Dautenhahn, D Chisnall… - arXiv preprint arXiv …, 2024 - arxiv.org
Decomposing large systems into smaller components with limited privileges has long been
recognized as an effective means to minimize the impact of exploits. Despite historical roots …

[PDF][PDF] A CHERI C Memory Model for Verified Temporal Safety

V Zaliva, K Memarian, B Campbell, R Almeida… - The 14th ACM …, 2024 - zaliva.org
Memory safety concerns continue to be a major source of security vulnerabilities. The
CHERI architecture, as instantiated in prototype CHERI-RISC-V cores, the Arm Morello …

CHERI: Hardware-Enabled C/C++ Memory Protection at Scale

RNM Watson, D Chisnall, J Clarke… - IEEE Security & …, 2024 - ieeexplore.ieee.org
The memory-safe Capability Hardware Enhanced RISC Instructions (CHERI) C and C++
languages build on architectural capabilities in the CHERI protection model. With the …

VeriCHERI: Exhaustive Formal Security Verification of CHERI at the RTL

ALD Antón, J Müller, P Schmitz, T Jauch… - arXiv preprint arXiv …, 2024 - arxiv.org
Protecting data in memory from attackers continues to be a concern in computing systems.
CHERI is a promising approach to achieve such protection, by providing and enforcing fine …

μBPF: Using eBPF for Microcontroller Compartmentalization

S Kubica, M Kogias - Proceedings of the ACM SIGCOMM 2024 …, 2024 - dl.acm.org
Although eBPF (Extended Berkeley Packet Filter) started as a virtualization technology used
in the Linux kernel to allow for executing user code inside the kernel in a safe way, it is a …

[图书][B] Functional Programming for Securing Cloud and Embedded Environment

A Sarkar - 2024 - research.chalmers.se
The ubiquity of digital systems across all aspects of modern society, while beneficial, has
simultaneously exposed a lucrative attack surface for potential adversaries and attackers …

IEEE Security & Privacy Magazine

RNM Watson, D Chisnall, J Clarke, B Davis, N Filardo… - 2024 - repository.cam.ac.uk
The memory-safe CHERI C and C++ languages build on architectural capabilities in the
CHERI protection model. With the development of two industrial CHERI-enabled processors …