Tag: Tagged architecture guide

S Jero, N Burow, B Ward, R Skowyra, R Khazan… - ACM Computing …, 2022 - dl.acm.org
Software security defenses are routinely broken by the persistence of both security
researchers and attackers. Hardware solutions based on tagging are emerging as a …

[PDF][PDF] Cross-Language Attacks.

S Mergendahl, N Burow, H Okhravi - NDSS, 2022 - ndss-symposium.org
Memory corruption attacks against unsafe programming languages like C/C++ have been a
major threat to computer systems for multiple decades. Various sanitizers and runtime …

WaVe: a verifiably secure WebAssembly sandboxing runtime

E Johnson, E Laufer, Z Zhao, D Gohman… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
The promise of software sandboxing is flexible, fast and portable isolation; capturing the
benefits of hardwarebased memory protection without requiring operating system …

Cornucopia: Temporal safety for CHERI heaps

NW Filardo, BF Gutstein, J Woodruff… - … IEEE Symposium on …, 2020 - ieeexplore.ieee.org
Use-after-free violations of temporal memory safety continue to plague software systems,
underpinning many high-impact exploits. The CHERI capability system shows great promise …

CheriABI: Enforcing valid pointer provenance and minimizing pointer privilege in the POSIX C run-time environment

B Davis, RNM Watson, A Richardson… - Proceedings of the …, 2019 - dl.acm.org
The CHERI architecture allows pointers to be implemented as capabilities (rather than
integer virtual addresses) in a manner that is compatible with, and strengthens, the …

Capability hardware enhanced RISC instructions: CHERI instruction-set architecture (version 7)

RNM Watson, PG Neumann, J Woodruff, M Roe… - 2019 - cl.cam.ac.uk
This technical report describes CHERI ISAv7, the seventh version of the Capability
Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA) being …

Journey beyond full abstraction: Exploring robust property preservation for secure compilation

C Abate, R Blanco, D Garg, C Hritcu… - 2019 IEEE 32nd …, 2019 - ieeexplore.ieee.org
Good programming languages provide helpful abstractions for writing secure code, but the
security properties of the source language are generally not preserved when compiling a …

An in-depth study of java deserialization remote-code execution exploits and vulnerabilities

I Sayar, A Bartel, E Bodden, Y Le Traon - ACM Transactions on Software …, 2023 - dl.acm.org
Nowadays, an increasing number of applications use deserialization. This technique, based
on rebuilding the instance of objects from serialized byte streams, can be dangerous since it …

An introduction to CHERI

RNM Watson, SW Moore, P Sewell, PG Neumann - 2019 - cl.cam.ac.uk
Abstract CHERI (Capability Hardware Enhanced RISC Instructions) extends conventional
processor Instruction-Set Architectures (ISAs) with architectural capabilities to enable fine …

Efficient and provable local capability revocation using uninitialized capabilities

AL Georges, A Guéneau, T Van Strydonck… - Proceedings of the …, 2021 - dl.acm.org
Capability machines are a special form of CPUs that offer fine-grained privilege separation
using a form of authority-carrying values known as capabilities. The CHERI capability …