Efficient and secure in-process isolation is in great demand, as evidenced in the shift
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …

Firefox and other major browsers rely on dozens of third-party libraries to render audio,
video, images, and other content. These libraries are a frequent source of vulnerabilities. To …

Intel's Software Guard Extensions (SGX) introduced new instructions to switch the processor
to enclave mode which protects it from introspection. While the enclave mode strongly …

Least-privilege separation decomposes applications into compartments limited to accessing
only what they need. When compartmentalizing existing software, many approaches neglect …

Software libraries can freely access the program's entire address space, and also inherit its
system-level privileges. This lack of separation regularly leads to security-critical incidents …

There has been interest in mechanisms that enable the secure use of legacy code to
implement trusted code in a Trusted Execution Environment (TEE), such as Intel SGX …

Confidential cloud computing enables cloud tenants to distrust their service provider.
Achieving confidential computing solutions that provide concrete security guarantees …

Dynamic Information Flow Tracking (DIFT) forms the foundation of a wide range of security
and privacy analyses. The main challenges faced by DIFT techniques are performance and …

Compartmentalization decomposes a program into separate parts with mediated
interactions through compartment interfaces---hiding information that would otherwise be …

Firefox and other major browsers rely on dozens of third-party libraries to render audio,
video, images, and other content. These libraries are a frequent source of vulnerabilities. To …