Isolation in Rust: What is Missing?
Rust is the first practical programming language that has the potential to provide fine-
grained isolation of untrusted computations at the language level. A combination of zero …
grained isolation of untrusted computations at the language level. A combination of zero …
ConMonitor: Lightweight Container Protection with Virtualization and VM Functions
Containers are widely used in multi-tenant cloud computing for their ease of deployment,
minimal overhead, and fast start-up. However, the intrinsic shared kernel model of …
minimal overhead, and fast start-up. However, the intrinsic shared kernel model of …
Extending Rust with Support for Zero Copy Communication
In contrast to hardware-based isolation solutions, language-based systems support crossing
of isolation boundaries with an overhead of a function call. Moreover, the strong type system …
of isolation boundaries with an overhead of a function call. Moreover, the strong type system …
Evolving Operating System Kernels Towards Secure Kernel-Driver Interfaces
Our work explores the challenge of developing secure kernel-driver interfaces designed to
protect the kernel from isolated kernel extensions. We first analyze a range of possible attack …
protect the kernel from isolated kernel extensions. We first analyze a range of possible attack …
W-Kernel: An OS Kernel Architecture Designed With Isolation and Customizability
S Li, H Sato - Proceedings of the 2023 5th International Conference …, 2023 - dl.acm.org
We propose a new operating system architecture called W-kernel. Traditional commodity
operating systems are monolithic which is easy to design and offers decent performance …
operating systems are monolithic which is easy to design and offers decent performance …
[PDF][PDF] Flexible and Low-Overhead System-Call Aggregation using BPF
L Gerhorst - 2021 - cs.fau.de
General-purpose operating systems (OSes) rely on hardware-based isolation to confine
user processes to their own virtual address space. By doing so, they protect the system from …
user processes to their own virtual address space. By doing so, they protect the system from …