DMSA: A Decentralized Microservice Architecture for Edge Networks
Y Chen, C Lu, Y Huang, C Wu, F Guo, H Lu… - arXiv preprint arXiv …, 2025 - arxiv.org
The dispersed node locations and complex topologies of edge networks, combined with
intricate dynamic microservice dependencies, render traditional centralized microservice …
intricate dynamic microservice dependencies, render traditional centralized microservice …
{SafeFetch}: Practical {Double-Fetch} Protection with {Kernel-Fetch} Caching
V Duta, MJ Aloserij, C Giuffrida - 33rd USENIX Security Symposium …, 2024 - usenix.org
Double-fetch bugs (or vulnerabilities) stem from in-kernel system call execution fetching the
same user data twice without proper data (re) sanitization, enabling TOCTTOU attacks and …
same user data twice without proper data (re) sanitization, enabling TOCTTOU attacks and …
LightZone: Lightweight Hardware-Assisted In-Process Isolation for ARM64
In-process isolation enforces the principle of least privilege for processes. With such
isolation, even if one part of the process is compromised, other parts within the same …
isolation, even if one part of the process is compromised, other parts within the same …
Making'syscall'a Privilege not a Right
Browsers, Library OSes, and system emulators rely on sandboxes and in-process isolation
to emulate system resources and securely isolate untrusted components. All access to …
to emulate system resources and securely isolate untrusted components. All access to …
BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS
The endless stream of vulnerabilities urgently calls for principled mitigation to confine the
effect of exploitation. However, the monolithic architecture of commodity OS kernels, like the …
effect of exploitation. However, the monolithic architecture of commodity OS kernels, like the …
SoK: A Systems Perspective on Compound AI Threats and Countermeasures
Large language models (LLMs) used across enterprises often use proprietary models and
operate on sensitive inputs and data. The wide range of attack vectors identified in prior …
operate on sensitive inputs and data. The wide range of attack vectors identified in prior …
When eBPF Meets Machine Learning: On-the-fly OS Kernel Compartmentalization
Compartmentalization effectively prevents initial corruption from turning into a successful
attack. This paper presents O2C, a pioneering system designed to enforce OS kernel …
attack. This paper presents O2C, a pioneering system designed to enforce OS kernel …
DASICS: Enhancing Memory Protection with Dynamic Compartmentalization
Y Jin, Y Xu, C Yang, H Wang, T Huang, T Lu… - arXiv preprint arXiv …, 2023 - arxiv.org
In the existing software development ecosystem, security issues introduced by third-party
code cannot be overlooked. Among these security concerns, memory access vulnerabilities …
code cannot be overlooked. Among these security concerns, memory access vulnerabilities …
Secure Interface Design Leveraging Hardware/Software Support
A Bhattacharyya - 2024 - infoscience.epfl.ch
Computer systems rely heavily on abstraction to manage the exponential growth of
complexity across hardware and software. Due to practical considerations of compatibility …
complexity across hardware and software. Due to practical considerations of compatibility …
[PDF][PDF] SpecMPK: Efficient In-Process Isolation with Speculative and Secure Permission Update Instruction
In today's digital landscape, software applications are susceptible to various threats arising
from vulnerabilities in unsafe programming languages (C, C++) and speculative out-of-order …
from vulnerabilities in unsafe programming languages (C, C++) and speculative out-of-order …