English
Related papers

Related papers: Automatically Proving Microkernels Free from Privi…

200 papers

With today's quantum processors venturing into regimes beyond the capabilities of classical devices [1-3], we face the challenge to verify that these devices perform as intended, even when we cannot check their results on classical…

This paper presents an in-kernel, hardware-based control-flow integrity (CFI) protection, called PAL, that utilizes ARM's Pointer Authentication (PA). It provides three important benefits over commercial, state-of-the-art PA-based CFIs like…

Cryptography and Security · Computer Science 2021-12-15 Sungbae Yoo , Jinbum Park , Seolheui Kim , Yeji Kim , Taesoo Kim

In this work we present the Secure Machine, SeM for short, a CPU architecture extension for secure computing. SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts…

Cryptography and Security · Computer Science 2018-03-13 Ofir Shwartz , Yitzhak Birk

Serverless computing is increasingly adopted for AI-driven workloads due to its automatic scaling and pay-as-you-go model. However, its function-based architecture creates significant security risks, including excessive privilege allocation…

Cryptography and Security · Computer Science 2026-03-27 Changhee Shin , Bom Kim , Seungsoo Lee

Confidential computing alleviates the concerns of distrustful customers by removing the cloud provider from their trusted computing base and resolves their disincentive to migrate their workloads to the cloud. This is facilitated by new…

Cryptography and Security · Computer Science 2024-02-26 Anna Galanou , Khushboo Bindlish , Luca Preibsch , Yvonne-Anne Pignolet , Christof Fetzer , Rüdiger Kapitza

Isolating sensitive state and data can increase the security and robustness of many applications. Examples include protecting cryptographic keys against exploits like OpenSSL's Heartbleed bug or protecting a language runtime from native…

Cryptography and Security · Computer Science 2019-06-05 Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno O. Duarte , Michael Sammler , Peter Druschel , Deepak Garg

Verification of microkernels, device drivers, and crypto routines requires analyses at the binary level. In order to automate these analyses, in the last years several binary analysis platforms have been introduced. These platforms share a…

Programming Languages · Computer Science 2019-01-23 Andreas Lindner , Roberto Guanciale , Roberto Metere

Clustering software into peer groups based on its apparent functionality allows for simple, intuitive categorization of software that can, in particular, help identify which software uses comparatively more privilege than is necessary to…

Cryptography and Security · Computer Science 2015-10-27 Suman Jana , Úlfar Erlingsson , Iulia Ion

Openly sharing data with sensitive attributes and privacy restrictions is a challenging task. In this document we present the implementation of pyCANON, a Python library and command line interface (CLI) to check and assess the level of…

Cryptography and Security · Computer Science 2023-05-15 Judith Sáinz-Pardo Díaz , Álvaro López García

The efficacy of address space layout randomization has been formally demonstrated in a shared-memory model by Abadi et al., contingent on specific assumptions about victim programs. However, modern operating systems, implementing layout…

Cryptography and Security · Computer Science 2025-04-14 Davide Davoli , Martin Avanzini , Tamara Rezk

Browsers, Library OSes, and system emulators rely on sandboxes and in-process isolation to emulate system resources and securely isolate untrusted components. All access to system resources like system calls (syscall) need to be securely…

Cryptography and Security · Computer Science 2024-06-12 Fangfei Yang , Anjo Vahldiek-Oberwagner , Chia-Che Tsai , Kelly Kaoudis , Nathan Dautenhahn

Deauthentication is an important component of any authentication system. The widespread use of computing devices in daily life has underscored the need for zero-effort deauthentication schemes. However, the quest for eliminating user effort…

Cryptography and Security · Computer Science 2016-02-16 O. Huhta , P. Shrestha , S. Udar , M. Juuti , N. Saxena , N. Asokan

Assurance of information flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for separation kernels, ARINC 653 has been complied with by mainstream separation kernels.…

Software Engineering · Computer Science 2015-10-20 Yongwang Zhao , David Sann , Fuyuan Zhang , Yang Liu

This paper presents C8s, a confidential computing architecture for Kubernetes that provides cryptographically rooted confidentiality, integrity, and verifiability guarantees for Kubernetes clusters from infrastructure operators. These…

Cryptography and Security · Computer Science 2026-05-01 Amean Asad , Patrick McClurg , João Andrade

The efficacy of address space layout randomization has been formally demonstrated in a shared-memory model by Abadi et al., contingent on specific assumptions about victim programs. However, modern operating systems, implementing layout…

Cryptography and Security · Computer Science 2025-04-14 Davide Davoli , Martin Avanzini , Tamara Rezk

The interfaces exposed by commonly used cryptographic libraries are clumsy, complicated, and assume an understanding of cryptographic algorithms. The challenge is to design high-level abstractions that require minimum knowledge and effort…

Cryptography and Security · Computer Science 2020-12-25 Christopher Kane , Bo Lin , Saksham Chand , Scott D. Stoller , Yanhong A. Liu

Security bugs in the Linux kernel emerge endlessly and have attracted much attention. However, fixing security bugs in the Linux kernel could be incomplete due to human mistakes. Specifically, an incomplete fix fails to repair all the…

Cryptography and Security · Computer Science 2025-11-25 Qiang Liu , Wenlong Zhang , Muhui Jiang , Lei Wu , Yajin Zhou

Large-scale enterprise software systems commonly run as unprivileged service accounts to enforce least privilege, yet still depend on a small set of privileged components -- such as executables with elevated ownership, permissions, or…

Cryptography and Security · Computer Science 2026-05-29 Rajarshi Chowdhury , Akshay Shah

Blockchain technology has emerged as a revolutionary tool in ensuring data integrity and security in digital transactions. However, the current approaches to data verification in blockchain systems, particularly in Ethereum, face challenges…

Cryptography and Security · Computer Science 2024-04-11 Oleksandr Kuznetsov , Alex Rusnak , Anton Yezhov , Dzianis Kanonik , Kateryna Kuznetsova , Stanislav Karashchuk

Trusted Execution Environment, or enclave, promises to protect data confidentiality and execution integrity of an outsourced computation on an untrusted host. Extending the protection to distributed applications that run on physically…

Distributed, Parallel, and Cluster Computing · Computer Science 2019-05-17 Hung Dang , Ee-Chien Chang