You shall not (by) pass! practical, secure, and fast pku-based sandboxing
A Voulimeneas, J Vinck, R Mechelinck… - Proceedings of the …, 2022 - dl.acm.org
Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows
programs to assign virtual memory pages to protection domains, and to change domain …
programs to assign virtual memory pages to protection domains, and to change domain …
{EPK}: Scalable and Efficient Memory Protection Keys
As a hardware mechanism for facilitating intra-process memory isolation, Intel Memory
Protection Keys (MPK) has been leveraged to efficiently improve the isolation, security, or …
Protection Keys (MPK) has been leveraged to efficiently improve the isolation, security, or …
Going beyond the limits of sfi: Flexible and secure hardware-assisted in-process isolation with hfi
We introduce Hardware-assisted Fault Isolation (HFI), a simple extension to existing
processors to support secure, flexible, and efficient in-process isolation. HFI addresses the …
processors to support secure, flexible, and efficient in-process isolation. HFI addresses the …
μSwitch: Fast Kernel Context Isolation with Implicit Context Switches
Isolating application components is crucial to limit the exposure of sensitive data and code to
vulnerabilities in the untrusted components. Process-based isolation is the de facto isolation …
vulnerabilities in the untrusted components. Process-based isolation is the de facto isolation …
Put your memory in order: Efficient domain-based memory isolation for wasm applications
Memory corruption vulnerabilities can have more serious consequences in WebAssembly
than in native applications. Therefore, we present\tool, the first WebAssembly runtime with …
than in native applications. Therefore, we present\tool, the first WebAssembly runtime with …
Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures
In-process compartmentalization and access control have been actively explored to provide
in-place and efficient isolation of in-process security domains. Many works have proposed …
in-place and efficient isolation of in-process security domains. Many works have proposed …
A framework for software diversification with {ISA} heterogeneity
Software diversification is one of the most effective ways to defeat memory corruption based
attacks. Traditional software diversification such as code randomization techniques …
attacks. Traditional software diversification such as code randomization techniques …
Memory protection keys: Facts, key extension perspectives, and discussions
Memory Protection Keys (MPK) offers per-thread memory protection with an affordable
overhead, prompting many new studies. With protection key extension, MPK provides more …
overhead, prompting many new studies. With protection key extension, MPK provides more …
Rewind & Discard: Improving software resilience using isolated domains
Well-known defenses exist to detect and mitigate common faults and memory safety
vulnerabilities in software. Yet, many of these mitigations do not address the challenge of …
vulnerabilities in software. Yet, many of these mitigations do not address the challenge of …
Dynacut: A framework for dynamic and adaptive program customization
Software is becoming increasingly complex and feature-rich, yet only part of any given
codebase is frequently used. Existing software customization and debloating approaches …
codebase is frequently used. Existing software customization and debloating approaches …