{ERIM}: Secure, Efficient In-process Isolation with Protection Keys ({{{{{MPK}}}}})
A Vahldiek-Oberwagner, E Elnikety… - 28th USENIX Security …, 2019 - usenix.org
Isolating sensitive state and data can increase the security and robustness of many
applications. Examples include protecting cryptographic keys against exploits like …
applications. Examples include protecting cryptographic keys against exploits like …
Faastlane: Accelerating {Function-as-a-Service} Workflows
In FaaS workflows, a set of functions implement application logic by interacting and
exchanging data among themselves. Contemporary FaaS platforms execute each function …
exchanging data among themselves. Contemporary FaaS platforms execute each function …
PKRU-Safe: Automatically locking down the heap between safe and unsafe languages
After more than twenty-five years of research, memory safety violations remain one of the
major causes of security vulnerabilities in real-world software. Memory-safe languages, like …
major causes of security vulnerabilities in real-world software. Memory-safe languages, like …
[PDF][PDF] Preventing Kernel Hacks with HAKCs.
Commodity operating system kernels remain monolithic for practical and historical reasons.
All kernel code shares a single address space, executes with elevated processor privileges …
All kernel code shares a single address space, executes with elevated processor privileges …
Edge security: Challenges and issues
Edge computing is a paradigm that shifts data processing services to the network edge,
where data are generated. While such an architecture provides faster processing and …
where data are generated. While such an architecture provides faster processing and …
Partial failure resilient memory management system for (cxl-based) distributed shared memory
The efficiency of distributed shared memory (DSM) has been greatly improved by recent
hardware technologies. But, the difficulty of distributed memory management can still be a …
hardware technologies. But, the difficulty of distributed memory management can still be a …
Performance and protection in the ZoFS user-space NVM file system
Non-volatile memory (NVM) can be directly accessed in user space without going through
the kernel. This encourages several recent studies on building user-space NVM file systems …
the kernel. This encourages several recent studies on building user-space NVM file systems …
You shall not (by) pass! practical, secure, and fast pku-based sandboxing
A Voulimeneas, J Vinck, R Mechelinck… - Proceedings of the …, 2022 - dl.acm.org
Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows
programs to assign virtual memory pages to protection domains, and to change domain …
programs to assign virtual memory pages to protection domains, and to change domain …
Donky: Domain Keys–Efficient {In-Process} Isolation for {RISC-V} and x86
D Schrammel, S Weiser, S Steinegger… - 29th USENIX Security …, 2020 - usenix.org
Efficient and secure in-process isolation is in great demand, as evidenced in the shift
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …
Cornflakes: Zero-copy serialization for microsecond-scale networking
D Raghavan, S Ravi, G Yuan, P Thaker… - Proceedings of the 29th …, 2023 - dl.acm.org
Data serialization is critical for many datacenter applications, but the memory copies
required to move application data into packets are costly. Recent zero-copy APIs expose …
required to move application data into packets are costly. Recent zero-copy APIs expose …