Ptrsplit: Supporting general pointers in automatic program partitioning
Partitioning a security-sensitive application into least-privileged components and putting
each into a separate protection domain have long been a goal of security practitioners and …
each into a separate protection domain have long been a goal of security practitioners and …
Program-mandering: Quantitative privilege separation
Privilege separation is an effective technique to improve software security. However, past
partitioning systems do not allow programmers to make quantitative tradeoffs between …
partitioning systems do not allow programmers to make quantitative tradeoffs between …
Practical program modularization with type-based dependence analysis
K Lu - 2023 IEEE Symposium on Security and Privacy (SP), 2023 - ieeexplore.ieee.org
Today's software programs are bloating and have become extremely complex. As there is
typically no internal isolation among modules in a program, a vulnerability can be exploited …
typically no internal isolation among modules in a program, a vulnerability can be exploited …
Privtrans: Automatically partitioning programs for privilege separation
Privilege separation partitions a single program into two parts: a privileged program called
the monitor and an unprivileged program called the slave. All trust and privileges are …
the monitor and an unprivileged program called the slave. All trust and privileges are …
Oscar: A practical {Page-Permissions-Based} scheme for thwarting dangling pointers
Using memory after it has been freed opens programs up to both data and control-flow
exploits. Recent work on temporal memory safety has focused on using explicit lock-and-key …
exploits. Recent work on temporal memory safety has focused on using explicit lock-and-key …
Protecting C programs from attacks via invalid pointer dereferences
SH Yong, S Horwitz - Proceedings of the 9th European software …, 2003 - dl.acm.org
Writes via unchecked pointer dereferences rank high among vulnerabilities most often
exploited by malicious code. The most common attacks use an unchecked string copy to …
exploited by malicious code. The most common attacks use an unchecked string copy to …
Sysxchg: Refining privilege with adaptive system call filters
We present the design, implementation, and evaluation of SysXCHG: a system call (syscall)
filtering enforcement mechanism that enables programs to run in accordance with the …
filtering enforcement mechanism that enables programs to run in accordance with the …
Automatically partition software into least privilege components using dynamic data dependency analysis
The principle of least privilege requires that software components should be granted only
necessary privileges, so that compromising one component does not lead to compromising …
necessary privileges, so that compromising one component does not lead to compromising …
Securecells: A secure compartmentalized architecture
A Bhattacharyya, F Hofhammer, Y Li… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Modern programs are monolithic, combining code of varied provenance without isolation, all
the while running on network-connected devices. A vulnerability in any component may …
the while running on network-connected devices. A vulnerability in any component may …
Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security
Referencing outside the bounds of an array or buffer is a common source of bugs and
security vulnerabilities in today's software. We can enforce spatial safety and eliminate these …
security vulnerabilities in today's software. We can enforce spatial safety and eliminate these …