A study of security isolation techniques
Security isolation is a foundation of computing systems that enables resilience to different
forms of attacks. This article seeks to understand existing security isolation techniques by …
forms of attacks. This article seeks to understand existing security isolation techniques by …
Content-based isolation: rethinking isolation policy design on client systems
Modern client platforms, such as iOS, Android, Windows Phone, and Windows 8, have
progressed from a per-user isolation policy, where users are isolated but a user's …
progressed from a per-user isolation policy, where users are isolated but a user's …
{ERIM}: Secure, Efficient In-process Isolation with Protection Keys ({{{{{MPK}}}}})
A Vahldiek-Oberwagner, E Elnikety… - 28th USENIX Security …, 2019 - usenix.org
Isolating sensitive state and data can increase the security and robustness of many
applications. Examples include protecting cryptographic keys against exploits like …
applications. Examples include protecting cryptographic keys against exploits like …
Static analysis for proactive security
M Huth, F Nielson - Computing and Software Science: State of the Art and …, 2019 - Springer
We reflect on current problems and practices in system security, distinguishing between
reactive security–which deals with vulnerabilities as they are being exploited–and proactive …
reactive security–which deals with vulnerabilities as they are being exploited–and proactive …
Evaluating intrusion prevention systems with evasions
Intrusion prevention systems have become a common security measure in the past 20 years.
Their promise is the possibility to prevent known attacks against vulnerable, unpatched …
Their promise is the possibility to prevent known attacks against vulnerable, unpatched …
[PDF][PDF] Embedded management interfaces: Emerging massive insecurity
Lab. Its objective is to assess the state of the art of embedded management interfaces and
develop more secure solutions. This white paper summarizes the result of the first part of our …
develop more secure solutions. This white paper summarizes the result of the first part of our …
A comparison of intrusion-tolerant system architectures
Q Nguyen, A Sood - IEEE Security & Privacy, 2010 - ieeexplore.ieee.org
Comparative Analysis of Intrusion-Tolerant System Architectures Page 1 1 Comparative
Analysis of Intrusion-Tolerant System Architectures Quyen L. Nguyen1 and Arun Sood1,2 …
Analysis of Intrusion-Tolerant System Architectures Quyen L. Nguyen1 and Arun Sood1,2 …
Flexos: Making os isolation flexible
H Lefeuvre, VA Bădoiu, Ş Teodorescu… - Proceedings of the …, 2021 - dl.acm.org
OS design is traditionally heavily intertwined with protection mechanisms. OSes statically
commit to one or a combination of (1) hardware isolation,(2) runtime checking, and (3) …
commit to one or a combination of (1) hardware isolation,(2) runtime checking, and (3) …
The Flask security architecture: System support for diverse security policies
Operating systems must be flexible in their support for security policies, providing sufficient
mechanisms for supporting the wide variety of real-world security policies. Such flexibility …
mechanisms for supporting the wide variety of real-world security policies. Such flexibility …
Attacker control and impact for confidentiality and integrity
Language-based information flow methods offer a principled way to enforce strong security
properties, but enforcing noninterference is too inflexible for realistic applications. Security …
properties, but enforcing noninterference is too inflexible for realistic applications. Security …