English
Related papers

Related papers: Programmable System Call Security with eBPF

200 papers

In this work we present the Secure Machine, SeM for short, a CPU architecture extension for secure computing. SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts…

Cryptography and Security · Computer Science 2018-03-13 Ofir Shwartz , Yitzhak Birk

As an emerging application paradigm, serverless computing attracts attention from more and more attackers. Unfortunately, security tools for conventional applications cannot be easily ported to serverless, and existing serverless security…

Cryptography and Security · Computer Science 2020-11-11 Deepak Sirone Jegan , Liang Wang , Siddhant Bhagat , Thomas Ristenpart , Michael Swift

As malware continues to become more complex and harder to detect, Malware Analysis needs to continue to evolve to stay one step ahead. One promising key area approach focuses on using system calls and API Calls, the core communication…

Cryptography and Security · Computer Science 2025-06-03 Bishwajit Prasad Gond , Durga Prasad Mohapatra

As large language models (LLMs) move from research to production, understanding how inference engines behave in real time has become both essential and elusive. Unlike general-purpose engines such as ONNX Runtime, today's LLM inference…

Software Engineering · Computer Science 2026-01-30 Bohua Zou , Debayan Roy , Dhimankumar Yogesh Airao , Weihao Xu , Binqi Sun , Yutao Liu , Haibo Chen

HPC systems traditionally allow their users unrestricted use of their internal network. While this network is normally controlled enough to guarantee privacy without the need for encryption, it does not provide a method to authenticate peer…

Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary…

Cryptography and Security · Computer Science 2023-03-27 Pascal Nasahl , Salmin Sultana , Hans Liljestrand , Karanvir Grewal , Michael LeMay , David M. Durham , David Schrammel , Stefan Mangard

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By…

Cryptography and Security · Computer Science 2016-09-14 Daoyuan Wu , Debin Gao , Yingjiu Li , Robert H. Deng

This paper introduces BeaCon, a novel tool for the automated generation of adjustable container security policies. Unlike prior approaches, BeaCon leverages dynamic analysis to simulate realistic environments, uncovering container execution…

Cryptography and Security · Computer Science 2025-12-02 Haney Kang , Eduard Marin , Myoungsung You , Diego Perino , Seungwon Shin , Jinwoo Kim

System call filtering is widely used to secure programs in multi-tenant environments, and to sandbox applications in modern desktop software deployment and package management systems. Filtering rules are hard to write and maintain manually,…

Cryptography and Security · Computer Science 2024-10-24 Gaspard Thévenon , Kevin Nguetchouang , Kahina Lazri , Alain Tchana , Pierre Olivier

Linux Seccomp is widely used by the program developers and the system maintainers to secure the operating systems, which can block unused syscalls for different applications and containers to shrink the attack surface of the operating…

Cryptography and Security · Computer Science 2025-10-07 Dongyang Zhan , Zhaofeng Yu , Xiangzhan Yu , Hongli Zhang , Lin Ye

We propose in this paper the Security Policy Language (SePL), which is a formal language for capturing and integrating distributed security policies. The syntax of SePL includes several operators for the integration of policies and it is…

Cryptography and Security · Computer Science 2020-05-12 Mohamed Mejri , Hamdi Yahyaoui

In this paper we introduce Timeloops a novel technique for automatically learning system call filtering policies for containerized microservices applications. At run-time, Timeloops automatically learns which system calls a program should…

Cryptography and Security · Computer Science 2022-09-27 Meghna Pancholi , Andreas D. Kellas , Vasileios P. Kemerlis , Simha Sethumadhavan

The purpose of this study is to evaluate the possibility of implementing an attack on ALPC connection in the Windows operating system through the kernel without closing the connection covertly from programs and the operating system and to…

Cryptography and Security · Computer Science 2024-01-04 Anastasiia Kropova , Igor Korkin

Extended Berkeley Packet Filter (eBPF) programs are kernel extensions used for networking, observability, and security enforcement in the Linux kernel. The in-kernel eBPF verifier checks low-level memory safety and termination on eBPF…

Cryptography and Security · Computer Science 2026-05-26 Vishnu Asutosh Dasu , Monika Santra , Md Rafi Ur Rashid , Ashish Kumar , Saeid Tizpaz-Niari , Gang Tan

Modern autopilot systems are prone to sensor attacks that can jeopardize flight safety. To mitigate this risk, we proposed a modular solution: the secure safety filter, which extends the well-established control barrier function (CBF)-based…

We present efficient and practical algorithms for a large, distributed system of processors to achieve reliable computations in a secure manner. Specifically, we address the problem of computing a general function of several private inputs…

Cryptography and Security · Computer Science 2021-01-29 Donald Rozinak Beaver

This paper introduces a run-time mechanism for preventing leakage of secure information in distributed systems. We consider a general concurrency language model, where concurrent objects interact by asynchronous method calls and futures.…

Programming Languages · Computer Science 2020-02-26 Farzane Karami , Olaf Owe , Gerardo Schneider

Information and Communication Technologies (ICT) infrastructures are becoming increasingly complex day by day, facing numerous challenges to support the latest networking paradigms. Security is undeniably a critical component for the…

Cryptography and Security · Computer Science 2024-10-29 Talaya Farasat , JongWon Kim , Joachim Posegga

Recent proliferation of embedded systems has generated a bold new paradigm, known as open embedded systems. While traditional embedded systems provide only closed base applications (natively-installed software) to users, open embedded…

Distributed, Parallel, and Cluster Computing · Computer Science 2010-06-30 Hiroaki Inoue

Trusted execution environments like Intel SGX provide \emph{enclaves}, which offer strong security guarantees for applications. Running entire applications inside enclaves is possible, but this approach leads to a large trusted computing…

Cryptography and Security · Computer Science 2023-12-21 Peterson Yuhala , Pascal Felber , Hugo Guiroux , Jean-Pierre Lozi , Alain Tchana , Valerio Schiavoni , Gaël Thomas