StkTokens: Enforcing well-bracketed control flow and stack encapsulation using linear capabilities
L Skorstengaard, D Devriese, L Birkedal - Proceedings of the ACM on …, 2019 - dl.acm.org
We propose and study StkTokens: a new calling convention that provably enforces well-
bracketed control flow and local state encapsulation on a capability machine. The calling …
bracketed control flow and local state encapsulation on a capability machine. The calling …
Le temps des cerises: efficient temporal stack safety on capability machines using directed capabilities
Capability machines are a type of CPUs that support fine-grained privilege separation using
capabilities, machine words that include forms of authority. Formal models of capability …
capabilities, machine words that include forms of authority. Formal models of capability …
SECOMP: Formally Secure Compilation of Compartmentalized C Programs
Undefined behavior in C often causes devastating security vulnerabilities. One practical
mitigation is compartmentalization, which allows developers to structure large programs into …
mitigation is compartmentalization, which allows developers to structure large programs into …
CheriOS: designing an untrusted single-address-space capability operating system utilising capability hardware and a minimal hypervisor
L Esswood - 2021 - repository.cam.ac.uk
This thesis presents the design, implementation, and evaluation of a novel capability
operating system: CheriOS. The guiding motivation behind CheriOS is to provide strong …
operating system: CheriOS. The guiding motivation behind CheriOS is to provide strong …
CapablePtrs: Securely compiling partial programs using the pointers-as-capabilities principle
Capability machines such as CHERI provide memory capabilities that can be used by
compilers to provide security benefits for compiled code (eg, memory safety). The existing C …
compilers to provide security benefits for compiled code (eg, memory safety). The existing C …
SecurePtrs: Proving secure compilation with data-flow back-translation and turn-taking simulation
Proving secure compilation of partial programs typically requires back-translating an attack
against the compiled program to an attack against the source program. To prove back …
against the compiled program to an attack against the source program. To prove back …
A categorical approach to secure compilation
We introduce a novel approach to secure compilation based on maps of distributive laws.
We demonstrate through four examples that the coherence criterion for maps of distributive …
We demonstrate through four examples that the coherence criterion for maps of distributive …
A CHERI C Memory Model for Verified Temporal Safety
Memory safety concerns continue to be a major source of security vulnerabilities. The
CHERI architecture, as instantiated in prototype CHERI-RISC-V cores, the Arm Morello …
CHERI architecture, as instantiated in prototype CHERI-RISC-V cores, the Arm Morello …
StkTokens: Enforcing well-bracketed control flow and stack encapsulation using linear capabilities
L Skorstengaard, D Devriese… - Journal of Functional …, 2021 - cambridge.org
We propose and study StkTokens: a new calling convention that provably enforces well-
bracketed control flow and local state encapsulation on a capability machine. The calling …
bracketed control flow and local state encapsulation on a capability machine. The calling …
[PDF][PDF] Formal Reasoning about Capability Machines
L Skorstengaard - 2019 - pure.au.dk
Today, computer security is often based on mitigations that make exploitation cumbersome
or unlikely. In other words, mitigation techniques provide no security guarantee, and time …
or unlikely. In other words, mitigation techniques provide no security guarantee, and time …