PKRU-Safe: Automatically locking down the heap between safe and unsafe languages
After more than twenty-five years of research, memory safety violations remain one of the
major causes of security vulnerabilities in real-world software. Memory-safe languages, like …
major causes of security vulnerabilities in real-world software. Memory-safe languages, like …
Principles and implementation techniques of software-based fault isolation
G Tan - Foundations and Trends® in Privacy and Security, 2017 - nowpublishers.com
When protecting a computer system, it is often necessary to isolate an untrusted component
into a separate protection domain and provide only controlled interaction between the …
into a separate protection domain and provide only controlled interaction between the …
You shall not (by) pass! practical, secure, and fast pku-based sandboxing
A Voulimeneas, J Vinck, R Mechelinck… - Proceedings of the …, 2022 - dl.acm.org
Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows
programs to assign virtual memory pages to protection domains, and to change domain …
programs to assign virtual memory pages to protection domains, and to change domain …
Flightplan: Dataplane disaggregation and placement for p4 programs
Today's dataplane programming approach maps a whole P4 program to a single dataplane
target, limiting a P4 program's performance and functionality to what a single target can offer …
target, limiting a P4 program's performance and functionality to what a single target can offer …
Retrofitting fine grain isolation in the Firefox renderer
Firefox and other major browsers rely on dozens of third-party libraries to render audio,
video, images, and other content. These libraries are a frequent source of vulnerabilities. To …
video, images, and other content. These libraries are a frequent source of vulnerabilities. To …
Dynpta: Combining static and dynamic analysis for practical selective data protection
As control flow hijacking attacks become more challenging due to the deployment of various
exploit mitigation technologies, the leakage of sensitive process data through the …
exploit mitigation technologies, the leakage of sensitive process data through the …
Too afraid to drive: systematic discovery of semantic dos vulnerability in autonomous driving planning under physical-world attacks
In high-level Autonomous Driving (AD) systems, behavioral planning is in charge of making
high-level driving decisions such as cruising and stopping, and thus highly securitycritical. In …
high-level driving decisions such as cruising and stopping, and thus highly securitycritical. In …
{KSplit}: Automating device driver isolation
Researchers have shown that recent CPU extensions support practical, low-overhead driver
isolation to protect kernels from defects and vulnerabilities in device drivers. With …
isolation to protect kernels from defects and vulnerabilities in device drivers. With …
Abslearn: a gnn-based framework for aliasing and buffer-size information retrieval
Inferring aliasing and buffer-size information is important to understanding a C program's
memory layout, which is critical to program analysis and security-related tasks. However …
memory layout, which is critical to program analysis and security-related tasks. However …
Practical program modularization with type-based dependence analysis
K Lu - 2023 IEEE Symposium on Security and Privacy (SP), 2023 - ieeexplore.ieee.org
Today's software programs are bloating and have become extremely complex. As there is
typically no internal isolation among modules in a program, a vulnerability can be exploited …
typically no internal isolation among modules in a program, a vulnerability can be exploited …