{ERIM}: Secure, Efficient In-process Isolation with Protection Keys ({{{{{MPK}}}}})
A Vahldiek-Oberwagner, E Elnikety… - 28th USENIX Security …, 2019 - usenix.org
Isolating sensitive state and data can increase the security and robustness of many
applications. Examples include protecting cryptographic keys against exploits like …
applications. Examples include protecting cryptographic keys against exploits like …
Hodor:{Intra-Process} isolation for {High-Throughput} data plane libraries
As network, I/O, accelerator, and NVM devices capable of a million operations per second
make their way into data centers, the software stack managing such devices has been …
make their way into data centers, the software stack managing such devices has been …
[PDF][PDF] Preventing Kernel Hacks with HAKCs.
Commodity operating system kernels remain monolithic for practical and historical reasons.
All kernel code shares a single address space, executes with elevated processor privileges …
All kernel code shares a single address space, executes with elevated processor privileges …
{vTZ}: Virtualizing {ARM}{TrustZone}
ARM TrustZone, a security extension that provides a secure world, a trusted execution
environment (TEE), to run security-sensitive code, has been widely adopted in mobile …
environment (TEE), to run security-sensitive code, has been widely adopted in mobile …
HDFI: Hardware-assisted data-flow isolation
Memory corruption vulnerabilities are the root cause of many modern attacks. Existing
defense mechanisms are inadequate; in general, the software-based approaches are not …
defense mechanisms are inadequate; in general, the software-based approaches are not …
[PDF][PDF] Enforcing Kernel Security Invariants with Data Flow Integrity.
The operation system kernel is the foundation of the whole system and is often the de facto
trusted computing base for many higher level security mechanisms. Unfortunately, kernel …
trusted computing base for many higher level security mechanisms. Unfortunately, kernel …
[HTML][HTML] A survey on the (in) security of trusted execution environments
As the number of security and privacy attacks continue to grow around the world, there is an
ever increasing need to protect our personal devices. As a matter of fact, more and more …
ever increasing need to protect our personal devices. As a matter of fact, more and more …
xmp: Selective memory protection for kernel and user space
S Proskurin, M Momeu, S Ghavamnia… - … IEEE Symposium on …, 2020 - ieeexplore.ieee.org
Attackers leverage memory corruption vulnerabilities to establish primitives for reading from
or writing to the address space of a vulnerable process. These primitives form the foundation …
or writing to the address space of a vulnerable process. These primitives form the foundation …
{ACES}: Automatic compartments for embedded systems
AA Clements, NS Almakhdhub, S Bagchi… - 27th USENIX Security …, 2018 - usenix.org
Securing the rapidly expanding Internet of Things (IoT) is critical. Many of these “things” are
vulnerable bare-metal embedded systems where the application executes directly on …
vulnerable bare-metal embedded systems where the application executes directly on …
Programmable {In-Network} security for context-aware {BYOD} policies
Bring Your Own Device (BYOD) has become the new norm for enterprise networks, but
BYOD security remains a top concern. Context-aware security, which enforces access …
BYOD security remains a top concern. Context-aware security, which enforces access …