The CHERI capability model: Revisiting RISC in an age of risk

J Woodruff, RNM Watson, D Chisnall… - ACM SIGARCH …, 2014 - dl.acm.org
Motivated by contemporary security challenges, we reevaluate and refine capability-based
addressing for the RISC era. We present CHERI, a hybrid capability model that extends the …

Principles and implementation techniques of software-based fault isolation

G Tan - Foundations and Trends® in Privacy and Security, 2017 - nowpublishers.com
When protecting a computer system, it is often necessary to isolate an untrusted component
into a separate protection domain and provide only controlled interaction between the …

{RedLeaf}: isolation and communication in a safe operating system

V Narayanan, T Huang, D Detweiler, D Appel… - … USENIX Symposium on …, 2020 - usenix.org
RedLeaf is a new operating system developed from scratch in Rust to explore the impact of
language safety on operating system organization. In contrast to commodity systems …

[PDF][PDF] Enforcing Kernel Security Invariants with Data Flow Integrity.

C Song, B Lee, K Lu, W Harris, T Kim, W Lee - NDSS, 2016 - researchgate.net
The operation system kernel is the foundation of the whole system and is often the de facto
trusted computing base for many higher level security mechanisms. Unfortunately, kernel …

Exploitation techniques for data-oriented attacks with existing and potential defense approaches

L Cheng, S Ahmed, H Liljestrand, T Nyman… - ACM Transactions on …, 2021 - dl.acm.org
Data-oriented attacks manipulate non-control data to alter a program's benign behavior
without violating its control-flow integrity. It has been shown that such attacks can cause …

Nested kernel: An operating system architecture for intra-kernel privilege separation

N Dautenhahn, T Kasampalis, W Dietz… - Proceedings of the …, 2015 - dl.acm.org
Monolithic operating system designs undermine the security of computing systems by
allowing single exploits anywhere in the kernel to enjoy full supervisor privilege. The nested …

System programming in rust: Beyond safety

A Balasubramanian, MS Baranowski… - Proceedings of the 16th …, 2017 - dl.acm.org
Rust is a new system programming language that offers a practical and safe alternative to C.
Rust is unique in that it enforces safety without runtime overhead, most importantly, without …

Restructuring endpoint congestion control

A Narayan, F Cangialosi, D Raghavan… - Proceedings of the …, 2018 - dl.acm.org
This paper describes the implementation and evaluation of a system to implement complex
congestion control functions by placing them in a separate agent outside the datapath. Each …

{KSplit}: Automating device driver isolation

Y Huang, V Narayanan, D Detweiler, K Huang… - … USENIX Symposium on …, 2022 - usenix.org
Researchers have shown that recent CPU extensions support practical, low-overhead driver
isolation to protect kernels from defects and vulnerabilities in device drivers. With …

Cubicleos: A library os with software componentisation for practical isolation

VA Sartakov, L Vilanova, P Pietzuch - Proceedings of the 26th ACM …, 2021 - dl.acm.org
Library OSs have been proposed to deploy applications isolated inside containers, VMs, or
trusted execution environments. They often follow a highly modular design in which third …