Commodity operating system kernels remain monolithic for practical and historical reasons.
All kernel code shares a single address space, executes with elevated processor privileges …

Memory-safety violations are the primary cause of security and reliability issues in software
systems written in unsafe languages. Given the limited adoption of decades-long research in …

Memory safety is a key security property that stops memory corruption vulnerabilities.
Different types of memory safety enforcement solutions have been proposed and adopted by …

Data-oriented attacks manipulate non-control data to alter a program's benign behavior
without violating its control-flow integrity. It has been shown that such attacks can cause …

Memory corruption attacks against unsafe programming languages like C/C++ have been a
major threat to computer systems for multiple decades. Various sanitizers and runtime …

The recent Spectre attacks have demonstrated the fundamental insecurity of current
computer microarchitecture. The attacks use features like pipelining, out-of-order and …

Rust was invented to help developers build highly safe systems. It comes with a variety of
programming constructs that put emphasis on safety and control of memory layout. Rust …

Microkernels have been extensively studied over decades. However, IPC (Inter-Process
Communication) is still a major factor of runtime overhead, where fine-grained isolation …

Library OSs have been proposed to deploy applications isolated inside containers, VMs, or
trusted execution environments. They often follow a highly modular design in which third …

We introduce Hardware-assisted Fault Isolation (HFI), a simple extension to existing
processors to support secure, flexible, and efficient in-process isolation. HFI addresses the …