Secure hardware enclaves have been widely used for protecting security-critical
applications in the cloud. However, existing enclave designs fail to meet the requirements of …

RISC-V is a novel open instruction set architecture that supports multiple platforms while
maintaining simplicity and reliability. Despite its novelty, the software support for RISC-V has …

Modern programs are monolithic, combining code of varied provenance without isolation, all
the while running on network-connected devices. A vulnerability in any component may …

The virtues of security, reliability, and extensibility have made state-of-the-art microkernels
prevalent in embedded and safety-critical scenarios. However, they face performance and …

This paper presents UnderBridge, a redesign of traditional microkernel OSes to harmonize
the tension between messaging performance and isolation. UnderBridge moves the OS …

Address translation is a performance bottleneck in data-intensive workloads due to large
datasets and irregular access patterns that lead to frequent high-latency page table walks …

Multiplexing software threads onto hardware threads and serving interrupts, VM-exits, and
system calls require frequent context switches, causing high overheads and significant …

Context switching between kernel mode and user mode often causes prominent overhead,
which slows down applications with frequent system calls (or syscalls), eg, those with high …

A surge in the number, complexity, and automation of targeted security attacks has triggered
a wave of interest in hardware support for isolation. Intel memory protection keys (MPK) …

Protecting system observability records (logs) from compromised OSs has gained significant
traction in recent times, with several note-worthy approaches proposed. Unfortunately, none …