The CHERI capability model: Revisiting RISC in an age of risk
Motivated by contemporary security challenges, we reevaluate and refine capability-based
addressing for the RISC era. We present CHERI, a hybrid capability model that extends the …
addressing for the RISC era. We present CHERI, a hybrid capability model that extends the …
Principles and implementation techniques of software-based fault isolation
G Tan - Foundations and Trends® in Privacy and Security, 2017 - nowpublishers.com
When protecting a computer system, it is often necessary to isolate an untrusted component
into a separate protection domain and provide only controlled interaction between the …
into a separate protection domain and provide only controlled interaction between the …
{RedLeaf}: isolation and communication in a safe operating system
RedLeaf is a new operating system developed from scratch in Rust to explore the impact of
language safety on operating system organization. In contrast to commodity systems …
language safety on operating system organization. In contrast to commodity systems …
[PDF][PDF] Enforcing Kernel Security Invariants with Data Flow Integrity.
The operation system kernel is the foundation of the whole system and is often the de facto
trusted computing base for many higher level security mechanisms. Unfortunately, kernel …
trusted computing base for many higher level security mechanisms. Unfortunately, kernel …
Exploitation techniques for data-oriented attacks with existing and potential defense approaches
Data-oriented attacks manipulate non-control data to alter a program's benign behavior
without violating its control-flow integrity. It has been shown that such attacks can cause …
without violating its control-flow integrity. It has been shown that such attacks can cause …
Nested kernel: An operating system architecture for intra-kernel privilege separation
Monolithic operating system designs undermine the security of computing systems by
allowing single exploits anywhere in the kernel to enjoy full supervisor privilege. The nested …
allowing single exploits anywhere in the kernel to enjoy full supervisor privilege. The nested …
System programming in rust: Beyond safety
A Balasubramanian, MS Baranowski… - Proceedings of the 16th …, 2017 - dl.acm.org
Rust is a new system programming language that offers a practical and safe alternative to C.
Rust is unique in that it enforces safety without runtime overhead, most importantly, without …
Rust is unique in that it enforces safety without runtime overhead, most importantly, without …
Restructuring endpoint congestion control
This paper describes the implementation and evaluation of a system to implement complex
congestion control functions by placing them in a separate agent outside the datapath. Each …
congestion control functions by placing them in a separate agent outside the datapath. Each …
{KSplit}: Automating device driver isolation
Researchers have shown that recent CPU extensions support practical, low-overhead driver
isolation to protect kernels from defects and vulnerabilities in device drivers. With …
isolation to protect kernels from defects and vulnerabilities in device drivers. With …
Cubicleos: A library os with software componentisation for practical isolation
Library OSs have been proposed to deploy applications isolated inside containers, VMs, or
trusted execution environments. They often follow a highly modular design in which third …
trusted execution environments. They often follow a highly modular design in which third …