SGX-Bomb: Locking down the processor via Rowhammer attack
Intel Software Guard Extensions (SGX) provides a strongly isolated memory space, known
as an enclave, for a user process, ensuring confidentiality and integrity against software and …
as an enclave, for a user process, ensuring confidentiality and integrity against software and …
Theseus: an experiment in operating system structure and state management
This paper describes an operating system (OS) called Theseus. Theseus is the result of
multi-year experimentation to redesign and improve OS modularity by reducing the states …
multi-year experimentation to redesign and improve OS modularity by reducing the states …
Adaptive android kernel live patching
Android kernel vulnerabilities pose a serious threat to user security and privacy. They allow
attackers to take full control over victim devices, install malicious and unwanted apps, and …
attackers to take full control over victim devices, install malicious and unwanted apps, and …
Runtime software patching: Taxonomy, survey and future directions
Runtime software patching aims to minimize or eliminate service downtime, user
interruptions and potential data losses while deploying a patch. Due to modern software …
interruptions and potential data losses while deploying a patch. Due to modern software …
Mitigating vulnerability windows with hypervisor transplant
The vulnerability window of a hypervisor regarding a given security flaw is the time between
the identification of the flaw and the integration of a correction/patch in the running …
the identification of the flaw and the integration of a correction/patch in the running …
Rewind & Discard: Improving software resilience using isolated domains
Well-known defenses exist to detect and mitigate common faults and memory safety
vulnerabilities in software. Yet, many of these mitigations do not address the challenge of …
vulnerabilities in software. Yet, many of these mitigations do not address the challenge of …
Reboot-oriented IoT: Life cycle management in trusted execution environment for disposable IoT devices
K Suzaki, A Tsukamoto, A Green… - Proceedings of the 36th …, 2020 - dl.acm.org
Many IoT devices are geographically distributed without human administrators, which are
maintained by a remote server to enforce security updates, ideally through machine-to …
maintained by a remote server to enforce security updates, ideally through machine-to …
KShot: Live kernel patching with SMM and SGX
Live kernel patching is an increasingly common trend in operating system distributions,
enabling dynamic updates to include new features or to fix vulnerabilities without having to …
enabling dynamic updates to include new features or to fix vulnerabilities without having to …
Virtual machine preserving host updates for zero day patching in public cloud
M Russinovich, N Govindaraju… - Proceedings of the …, 2021 - dl.acm.org
Host software updates are critical to ensure the security, reliability and compliance of public
clouds. Many updates require a virtualization component restart or operating system reboot …
clouds. Many updates require a virtualization component restart or operating system reboot …
An Empirical Study of Automation in Software Security Patch Management
Several studies have shown that automated support for different activities of the security
patch management process has great potential for reducing delays in installing security …
patch management process has great potential for reducing delays in installing security …