English
Related papers

Related papers: Automating Seccomp Filter Generation for Linux App…

200 papers

Linux Seccomp is widely used by the program developers and the system maintainers to secure the operating systems, which can block unused syscalls for different applications and containers to shrink the attack surface of the operating…

Cryptography and Security · Computer Science 2025-10-07 Dongyang Zhan , Zhaofeng Yu , Xiangzhan Yu , Hongli Zhang , Lin Ye

With the development of Internet of Things (IoT), it is gaining a lot of attention. It is important to secure the embedded systems with low overhead. The Linux Seccomp is widely used by developers to secure the kernels by blocking the…

Cryptography and Security · Computer Science 2025-10-07 Dongyang Zhan , Zhaofeng Yu , Xiangzhan Yu , Hongli Zhang , Lin Ye , Likun Liu

Restricting the system calls available to applications reduces the attack surface of the kernel and limits the functionality available to compromised applications. Recent approaches automatically identify the system calls required by…

Cryptography and Security · Computer Science 2023-09-28 Vidya Lakshmi Rajagopalan , Konstantinos Kleftogiorgos , Enes Göktaş , Jun Xu , Georgios Portokalidis

System call filtering is a widely used security mechanism for protecting a shared OS kernel against untrusted user applications. However, existing system call filtering techniques either are too expensive due to the context switch overhead…

Do Linux distribution package managers need the privileged operations they request to actually happen? Apparently not, at least for building container images for HPC applications. We use this observation to implement a root emulation mode…

Distributed, Parallel, and Cluster Computing · Computer Science 2024-05-13 Reid Priedhorsky , Michael Jennings , Megan Phinney

Growing code bases of modern applications have led to a steady increase in the number of vulnerabilities. Control-Flow Integrity (CFI) is one promising mitigation that is more and more widely deployed and prevents numerous exploits. CFI…

Cryptography and Security · Computer Science 2022-03-01 Claudio Canella , Sebastian Dorn , Daniel Gruss , Michael Schwarz

Precise and sound call graph construction is crucial for many software security mechanisms. Unfortunately, traditional static pointer analysis techniques used to generate application call graphs suffer from imprecision. These techniques are…

Software Engineering · Computer Science 2025-11-11 Tapti Palit , Seyedhamed Ghavamnia , Michalis Polychronakis

Honeypots are essential tools in cybersecurity for early detection, threat intelligence gathering, and analysis of attacker's behavior. However, most of them lack the required realism to engage and fool human attackers long-term. Being easy…

Cryptography and Security · Computer Science 2024-09-24 Muris Sladić , Veronica Valeros , Carlos Catania , Sebastian Garcia

AI agents increasingly run untrusted code on developer machines: shell commands generated by language models, third-party scripts retrieved at runtime, and tool plugins of unknown provenance. Existing isolation mechanisms impose tradeoffs…

Cryptography and Security · Computer Science 2026-05-27 Cong Wang , Yusheng Zheng

Browsers, Library OSes, and system emulators rely on sandboxes and in-process isolation to emulate system resources and securely isolate untrusted components. All access to system resources like system calls (syscall) need to be securely…

Cryptography and Security · Computer Science 2024-06-12 Fangfei Yang , Anjo Vahldiek-Oberwagner , Chia-Che Tsai , Kelly Kaoudis , Nathan Dautenhahn

Rootkits are among the most elusive types of malware, capable of bypassing traditional static analysis methods due to their metamorphic behavior. Signature-based detection techniques struggle against these threats, necessitating a shift…

Cryptography and Security · Computer Science 2026-04-28 Paras Ghodeshwar , Sandeep K Shukla , Anand Handa , Nitesh Kumar

Bugs in operating system kernels can affect billions of devices and users all over the world. As a result, a large body of research has been focused on kernel fuzzing, i.e., automatically generating syscall (system call) sequences to detect…

Cryptography and Security · Computer Science 2025-03-17 Chenyuan Yang , Zijie Zhao , Lingming Zhang

In the software design, protecting a computer system from a plethora of software attacks or malware in the wild has been increasingly important. One branch of research to detect the existence of attacks or malware, there has been much work…

Cryptography and Security · Computer Science 2018-03-28 Hayoon Yi , Gyuwan Kim , Jangho Lee , Sunwoo Ahn , Younghan Lee , Sungroh Yoon , Yunheung Paek

We present a parallel profiling tool, GAPP, that identifies serialization bottlenecks in parallel Linux applications arising from load imbalance or contention for shared resources . It works by tracing kernel context switch events using…

Performance · Computer Science 2020-04-14 Reena Nair , Tony Field

Side channel attacks steal secret keys by cleverly leveraging information leakages and can, therefore, break encryption. Thus, detection and mitigation of side channel attacks is a very important problem, but the solutions proposed in the…

Cryptography and Security · Computer Science 2020-10-28 Sharjeel Khan , Girish Mururu , Santosh Pande

This paper introduces BeaCon, a novel tool for the automated generation of adjustable container security policies. Unlike prior approaches, BeaCon leverages dynamic analysis to simulate realistic environments, uncovering container execution…

Cryptography and Security · Computer Science 2025-12-02 Haney Kang , Eduard Marin , Myoungsung You , Diego Perino , Seungwon Shin , Jinwoo Kim

A new technique is proposed for fault-tolerant linear, sesquilinear and bijective (LSB) operations on $M$ integer data streams ($M\geq3$), such as: scaling, additions/subtractions, inner or outer vector products, permutations and…

Distributed, Parallel, and Cluster Computing · Computer Science 2016-05-03 Mohammad Ashraful Anam , Yiannis Andreopoulos

With the proliferation of Android malware, the demand for an effective and efficient malware detection system is on the rise. The existing device-end learning based solutions tend to extract limited syntax features (e.g., permissions and…

Cryptography and Security · Computer Science 2020-11-11 Ruitao Feng , Jing Qiang Lim , Sen Chen , Shang-Wei Lin , Yang Liu

Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at…

Networking and Internet Architecture · Computer Science 2021-07-16 Qiongwen Xu , Michael D. Wong , Tanvi Wagle , Srinivas Narayana , Anirudh Sivaraman

System call filtering is widely used to secure programs in multi-tenant environments, and to sandbox applications in modern desktop software deployment and package management systems. Filtering rules are hard to write and maintain manually,…

Cryptography and Security · Computer Science 2024-10-24 Gaspard Thévenon , Kevin Nguetchouang , Kahina Lazri , Alain Tchana , Pierre Olivier
‹ Prev 1 2 3 10 Next ›