[PDF][PDF] Preventing Kernel Hacks with HAKCs.
Commodity operating system kernels remain monolithic for practical and historical reasons.
All kernel code shares a single address space, executes with elevated processor privileges …
All kernel code shares a single address space, executes with elevated processor privileges …
{RedLeaf}: isolation and communication in a safe operating system
RedLeaf is a new operating system developed from scratch in Rust to explore the impact of
language safety on operating system organization. In contrast to commodity systems …
language safety on operating system organization. In contrast to commodity systems …
Abslearn: a gnn-based framework for aliasing and buffer-size information retrieval
Inferring aliasing and buffer-size information is important to understanding a C program's
memory layout, which is critical to program analysis and security-related tasks. However …
memory layout, which is critical to program analysis and security-related tasks. However …
{KSplit}: Automating device driver isolation
Researchers have shown that recent CPU extensions support practical, low-overhead driver
isolation to protect kernels from defects and vulnerabilities in device drivers. With …
isolation to protect kernels from defects and vulnerabilities in device drivers. With …
Practical program modularization with type-based dependence analysis
K Lu - 2023 IEEE Symposium on Security and Privacy (SP), 2023 - ieeexplore.ieee.org
Today's software programs are bloating and have become extremely complex. As there is
typically no internal isolation among modules in a program, a vulnerability can be exploited …
typically no internal isolation among modules in a program, a vulnerability can be exploited …
A hybrid alias analysis and its application to global variable protection in the linux kernel
Global variables in the Linux kernel have been a common target of memory corruption
attacks to achieve privilege escalation. Several potential defense mechanisms can be …
attacks to achieve privilege escalation. Several potential defense mechanisms can be …
Ec: Embedded systems compartmentalization via intra-kernel isolation
Embedded systems comprise of low-power microcontrollers and constitute computing
systems from IoT nodes to supercomputers. Unfortunately, due to the low power constraint …
systems from IoT nodes to supercomputers. Unfortunately, due to the low power constraint …
On-demand-fork: A microsecond fork for memory-intensive and latency-sensitive applications
Fork has long been the process creation system call for Unix. At its inception, fork was hailed
as an efficient system call due to its use of copy-on-write on memory shared between parent …
as an efficient system call due to its use of copy-on-write on memory shared between parent …
Vdom: Fast and unlimited virtual domains on multiple architectures
Hardware memory domain primitives, such as Intel MPK and ARM Memory Domain, have
been used for efficient in-process memory isolation. However, they can only provide a …
been used for efficient in-process memory isolation. However, they can only provide a …
μscope: A methodology for analyzing least-privilege compartmentalization in large software artifacts
By prioritizing simplicity and portability, least-privilege engineering has been an afterthought
in OS design, resulting in monolithic kernels where any exploit leads to total compromise …
in OS design, resulting in monolithic kernels where any exploit leads to total compromise …