English
Related papers

Related papers: Secure System Virtualization: End-to-End Verificat…

200 papers

Transient execution side-channel attacks, such as Spectre, have been shown to break almost all isolation primitives. We introduce a new security property we call relaxed microarchitectural isolation (RMI) that allows sensitive programs that…

Cryptography and Security · Computer Science 2025-02-10 Jules Drean , Miguel Gomez-Garcia , Fisher Jepsen , Thomas Bourgeat , Srinivas Devadas

Protected user-level libraries have been proposed as a way to allow mutually distrusting applications to safely share kernel-bypass services. In this paper, we identify and solve several previously unaddressed obstacles to realizing this…

Operating Systems · Computer Science 2025-09-04 Alan Beadle , Michael L. Scott , John Criswell

At present, the mostly used and developed mechanism is hardware virtualization which provides a common platform to run multiple operating systems and applications in independent partitions. More precisely, it is all about resource…

Hardware Architecture · Computer Science 2009-09-02 Kamanashis Biswas , Md. Ashraful Islam

Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is…

Cryptography and Security · Computer Science 2024-10-25 Wenhao Wang , Linke Song , Benshan Mei , Shuang Liu , Shijun Zhao , Shoumeng Yan , XiaoFeng Wang , Dan Meng , Rui Hou

This paper presents a system called NetKernel that decouples the network stack from the guest virtual machine and offers it as an independent module. NetKernel represents a new paradigm where network stack can be managed as part of the…

Networking and Internet Architecture · Computer Science 2019-03-20 Zhixiong Niu , Hong Xu , Peng Cheng , Yongqiang Xiong , Tao Wang , Dongsu Han , Keith Winstein

The efficacy of address space layout randomization has been formally demonstrated in a shared-memory model by Abadi et al., contingent on specific assumptions about victim programs. However, modern operating systems, implementing layout…

Cryptography and Security · Computer Science 2025-04-14 Davide Davoli , Martin Avanzini , Tamara Rezk

Attestation means providing evidence that a remote target system is worthy of trust for some sensitive interaction. Although attestation is already used in network access control, security management, and trusted execution environments, it…

Cryptography and Security · Computer Science 2026-03-09 Will Thomas , Logan Schmalz , Adam Petz , Perry Alexander , Joshua D. Guttman , Paul D. Rowe , James Carter

The efficacy of address space layout randomization has been formally demonstrated in a shared-memory model by Abadi et al., contingent on specific assumptions about victim programs. However, modern operating systems, implementing layout…

Cryptography and Security · Computer Science 2025-04-14 Davide Davoli , Martin Avanzini , Tamara Rezk

We present a new and practical framework for security verification of secure architectures. Specifically, we break the verification task into external verification and internal verification. External verification considers the external…

Cryptography and Security · Computer Science 2018-07-06 Jakub Szefer , Tianwei Zhang , Ruby B. Lee

Virtualization technology and cloud computing have brought a paradigm shift in the way we utilize, deploy and manage computer resources. They allow fast deployment of multiple operating system as containers on physical ma- chines which can…

Distributed, Parallel, and Cluster Computing · Computer Science 2012-10-30 Omer Khalid , Arsalaan Sheikh , Brice Copy

Cloud stacks must isolate application components, while permitting efficient data sharing between components deployed on the same physical host. Traditionally, the MMU enforces isolation and permits sharing at page granularity. MMU…

Operating Systems · Computer Science 2022-06-27 Vasily A. Sartakov , Lluís Vilanova , David Eyers , Takahiro Shinagawa , Peter Pietzuch

Isolating sensitive state and data can increase the security and robustness of many applications. Examples include protecting cryptographic keys against exploits like OpenSSL's Heartbleed bug or protecting a language runtime from native…

Cryptography and Security · Computer Science 2019-06-05 Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno O. Duarte , Michael Sammler , Peter Druschel , Deepak Garg

Assurance of information flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for separation kernels, ARINC 653 has been complied with by mainstream separation kernels.…

Software Engineering · Computer Science 2015-10-20 Yongwang Zhao , David Sann , Fuyuan Zhang , Yang Liu

Efficient cloud computing relies on in-process isolation to optimize performance by running workloads within a single process. Without heavy-weight process isolation, memory safety errors pose a significant security threat by allowing an…

Cryptography and Security · Computer Science 2025-08-05 Martin Unterguggenberger , Lukas Lamster , David Schrammel , Martin Schwarzl , Stefan Mangard

As large-scale quantum computers become a reality, they will likely exist as centralized cloud resources accessible to a broad user base. Securely delegating private quantum computations to untrusted servers is therefore a foundational…

Quantum Physics · Physics 2025-09-29 Sanidhya Gupta , Ankur Raina

Application size and complexity are the underlying cause of numerous security vulnerabilities in code. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of…

Cryptography and Security · Computer Science 2017-06-12 Ahmad Atamli-Reineh , Andrew Martin

Various techniques have been used in recent years for verifying quantum computers, that is, for determining whether a quantum computer/system satisfies a given formal specification of correctness. Barrier certificates are a recent novel…

Quantum Physics · Physics 2023-10-02 Marco Lewis , Paolo Zuliani , Sadegh Soudjani

Motivation: In a predictive modeling setting, if sufficient details of the system behavior are known, one can build and use a simulation for making predictions. When sufficient system details are not known, one typically turns to machine…

Machine Learning · Statistics 2019-08-14 Timo M. Deist , Andrew Patti , Zhaoqi Wang , David Krane , Taylor Sorenson , David Craft

This paper presents C8s, a confidential computing architecture for Kubernetes that provides cryptographically rooted confidentiality, integrity, and verifiability guarantees for Kubernetes clusters from infrastructure operators. These…

Cryptography and Security · Computer Science 2026-05-01 Amean Asad , Patrick McClurg , João Andrade

Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees the genuineness of the code executed against powerful attackers and threats,…

Cryptography and Security · Computer Science 2022-09-26 Jämes Ménétrey , Christian Göttel , Anum Khurshid , Marcelo Pasin , Pascal Felber , Valerio Schiavoni , Shahid Raza