CHERI: A hybrid capability-system architecture for scalable software compartmentalization
RNM Watson, J Woodruff, PG Neumann… - … IEEE Symposium on …, 2015 - ieeexplore.ieee.org
CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating
system to support fine-grained, capability-based memory protection to mitigate memory …
system to support fine-grained, capability-based memory protection to mitigate memory …
Security and privacy for augmented reality systems
Security and privacy for augmented reality systems Page 1 review articles 88 communicAtionS
of the Acm | APRil 2014 | vOl. 57 | NO. 4 Pho t oi ll u S tra tion b yb arr yd o wnard augmented …
of the Acm | APRil 2014 | vOl. 57 | NO. 4 Pho t oi ll u S tra tion b yb arr yd o wnard augmented …
Principles and implementation techniques of software-based fault isolation
G Tan - Foundations and Trends® in Privacy and Security, 2017 - nowpublishers.com
When protecting a computer system, it is often necessary to isolate an untrusted component
into a separate protection domain and provide only controlled interaction between the …
into a separate protection domain and provide only controlled interaction between the …
JavaScript: the first 20 years
A Wirfs-Brock, B Eich - Proceedings of the ACM on Programming …, 2020 - dl.acm.org
How a sidekick scripting language for Java, created at Netscape in a ten-day hack, ships first
as a de facto Web standard and eventually becomes the world's most widely used …
as a de facto Web standard and eventually becomes the world's most widely used …
{RedLeaf}: isolation and communication in a safe operating system
RedLeaf is a new operating system developed from scratch in Rust to explore the impact of
language safety on operating system organization. In contrast to commodity systems …
language safety on operating system organization. In contrast to commodity systems …
User-driven access control: Rethinking permission granting in modern operating systems
Modern client platforms, such as iOS, Android, Windows Phone, Windows 8, and web
browsers, run each application in an isolated environment with limited privileges. A pressing …
browsers, run each application in an isolated environment with limited privileges. A pressing …
Tahoe: the least-authority filesystem
Z Wilcox-O'Hearn, B Warner - Proceedings of the 4th ACM international …, 2008 - dl.acm.org
Tahoe is a system for secure, distributed storage. It uses capabilities for access control,
cryptography for confidentiality and integrity, and erasure coding for fault-tolerance. It has …
cryptography for confidentiality and integrity, and erasure coding for fault-tolerance. It has …
{Light-Weight} Contexts: An {OS} Abstraction for Safety and Performance
We introduce a new OS abstraction—light-weight contexts (lwCs)—that provides
independent units of protection, privilege, and execution state within a process. A process …
independent units of protection, privilege, and execution state within a process. A process …
Cloud data protection for the masses
Offering strong data protection to cloud users while enabling rich applications is a
challenging task. Researchers explore a new cloud platform architecture called Data …
challenging task. Researchers explore a new cloud platform architecture called Data …
ConScript: Specifying and enforcing fine-grained security policies for Javascript in the browser
LA Meyerovich, B Livshits - 2010 IEEE Symposium on Security …, 2010 - ieeexplore.ieee.org
Much of the power of modern Web comes from the ability of a Web page to combine content
and JavaScript code from disparate servers on the same page. While the ability to create …
and JavaScript code from disparate servers on the same page. While the ability to create …