{ERIM}: Secure, Efficient In-process Isolation with Protection Keys ({{{{{MPK}}}}})
A Vahldiek-Oberwagner, E Elnikety… - 28th USENIX Security …, 2019 - usenix.org
Isolating sensitive state and data can increase the security and robustness of many
applications. Examples include protecting cryptographic keys against exploits like …
applications. Examples include protecting cryptographic keys against exploits like …
Faastlane: Accelerating {Function-as-a-Service} Workflows
In FaaS workflows, a set of functions implement application logic by interacting and
exchanging data among themselves. Contemporary FaaS platforms execute each function …
exchanging data among themselves. Contemporary FaaS platforms execute each function …
Hodor:{Intra-Process} isolation for {High-Throughput} data plane libraries
As network, I/O, accelerator, and NVM devices capable of a million operations per second
make their way into data centers, the software stack managing such devices has been …
make their way into data centers, the software stack managing such devices has been …
PKRU-Safe: Automatically locking down the heap between safe and unsafe languages
After more than twenty-five years of research, memory safety violations remain one of the
major causes of security vulnerabilities in real-world software. Memory-safe languages, like …
major causes of security vulnerabilities in real-world software. Memory-safe languages, like …
libmpk: Software abstraction for intel memory protection keys (intel {MPK})
Intel Memory Protection Keys (MPK) is a new hardware primitive to support thread-local
permission control on groups of pages without requiring modification of page tables …
permission control on groups of pages without requiring modification of page tables …
[PDF][PDF] Preventing Kernel Hacks with HAKCs.
Commodity operating system kernels remain monolithic for practical and historical reasons.
All kernel code shares a single address space, executes with elevated processor privileges …
All kernel code shares a single address space, executes with elevated processor privileges …
You shall not (by) pass! practical, secure, and fast pku-based sandboxing
A Voulimeneas, J Vinck, R Mechelinck… - Proceedings of the …, 2022 - dl.acm.org
Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows
programs to assign virtual memory pages to protection domains, and to change domain …
programs to assign virtual memory pages to protection domains, and to change domain …
Donky: Domain Keys–Efficient {In-Process} Isolation for {RISC-V} and x86
D Schrammel, S Weiser, S Steinegger… - 29th USENIX Security …, 2020 - usenix.org
Efficient and secure in-process isolation is in great demand, as evidenced in the shift
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …
[PDF][PDF] Securing Real-Time Microcontroller Systems through Customized Memory View Switching.
Real-time microcontrollers have been widely adopted in cyber-physical systems that require
both real-time and security guarantees. Unfortunately, security is sometimes traded for real …
both real-time and security guarantees. Unfortunately, security is sometimes traded for real …
Dangsan: Scalable use-after-free detection
Use-after-free vulnerabilities due to dangling pointers are an important and growing threat to
systems security. While various solutions exist to address this problem, none of them is …
systems security. While various solutions exist to address this problem, none of them is …