English
Related papers

Related papers: Programmable System Call Security with eBPF

200 papers

In computer security, designing a robust intrusion detection system is one of the most fundamental and important problems. In this paper, we propose a system-call language-modeling approach for designing anomaly-based host intrusion…

Cryptography and Security · Computer Science 2016-11-08 Gyuwan Kim , Hayoon Yi , Jangho Lee , Yunheung Paek , Sungroh Yoon

Segment Routing is a modern variant of source routing that is being gradually deployed by network operators. Large ISPs use it for traffic engineering and fast reroute purposes. Its IPv6 dataplane, named SRv6, goes beyond the initial MPLS…

Networking and Internet Architecture · Computer Science 2018-10-25 Mathieu Xhonneux , Olivier Bonaventure

Designing and implementing secure software is inarguably more important than ever. However, despite years of research into privilege separating programs, it remains difficult to actually do so and such efforts can take years of…

Cryptography and Security · Computer Science 2022-01-25 Ioannis Agadakos , Manuel Egele , William Robertson

System Management Mode (SMM) is the highest-privileged operating mode of x86 and x86-64 processors. Through SMM exploitation, attackers can tamper with the Unified Extensible Firmware Interface (UEFI) firmware, disabling the security…

Cryptography and Security · Computer Science 2024-05-10 Kazuki Matsuo , Satoshi Tanda , Kuniyasu Suzaki , Yuhei Kawakoya , Tatsuya Mori

A security policy specifies a security property as the maximal information flow. A distributed system composed of interacting processes implicitly defines an intransitive security policy by repudiating direct information flow between…

Cryptography and Security · Computer Science 2013-10-15 Jean Quilbeuf , Georgeta Igna , Denis Bytschkow , Harald Ruess

The Voice over Internet Protocol (VoIP) is becoming a more available and popular way of communicating for Internet users. This also applies to Peer-to-Peer (P2P) systems and merging these two have already proven to be successful (e.g.…

Security-Enhanced Linux (SELinux) is a Linux kernel module that allows for a role-based access control (RBAC) mechanism. It provides a fine-grained security framework enabling system administrators to define security policies at the system…

Cryptography and Security · Computer Science 2023-12-11 Divyam Pahuja , Alvin Tang , Klim Tsoutsman

Interactive theorem proving software is typically designed around a trusted proof-checking kernel, the sole system component capable of authenticating theorems. Untrusted automation procedures reside outside of the kernel, and drive it to…

Cryptography and Security · Computer Science 2022-05-09 Dominic P. Mulligan , Nick Spinale

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure…

Distributed, Parallel, and Cluster Computing · Computer Science 2011-11-10 Zach Miller , Dan Bradley , Todd Tannenbaum , Igor Sfiligoi

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for…

Microcontroller systems are integral to our daily lives, powering mission-critical applications such as vehicles, medical devices, and industrial control systems. Therefore, it is essential to investigate and outline the challenges…

Cryptography and Security · Computer Science 2025-11-03 Zheyuan Ma , Gaoxiang Liu , Alex Eastman , Kai Kaufman , Md Armanuzzaman , Xi Tan , Katherine Jesse , Robert Walls , Ziming Zhao

Conversational recommender systems have emerged as a potent solution for efficiently eliciting user preferences. These systems interactively present queries associated with "key terms" to users and leverage user feedback to estimate user…

Machine Learning · Computer Science 2024-08-13 Zhuohua Li , Maoli Liu , John C. S. Lui

Inaccuracies in conventional dependency-tracking methods frequently undermine the security and integrity of modern software supply chains. This paper introduces a kernel-level framework leveraging extended Berkeley Packet Filter (eBPF) to…

Cryptography and Security · Computer Science 2025-03-05 Naveen Srinivasan , Nathan Naveen , Neil Naveen

Effpi is a framework for writing strongly-typed message-passing programs in Scala, where the compiler enforces the conformance of process implementations to specified protocol types. A compiler plugin is provided to verify properties of…

Programming Languages · Computer Science 2026-04-09 Benjamin Robinson , Nobuko Yoshida

By placing computation resources within a one-hop wireless topology, the recent edge computing paradigm is a key enabler of real-time Internet of Things (IoT) applications. In the context of IoT scenarios where the same information from a…

Networking and Internet Architecture · Computer Science 2018-05-09 Sabur Baidya , Yan Chen , Marco Levorato

Research evidence in Cyber-Physical Systems (CPS) shows that the introduced tight coupling of information technology with physical sensing and actuation leads to more vulnerability and security weaknesses. But, the traditional security…

Cryptography and Security · Computer Science 2018-01-23 Amr Alanwar , Bernhard Etzlinger , Henrique Ferraz , Joao Hespanha , Mani Srivastava

The current zero trust model adopted in System-on-Chip (SoC) design is vulnerable to various malicious entities, and modern SoC designs must incorporate various security policies to protect sensitive assets from unauthorized access. These…

Cryptography and Security · Computer Science 2023-08-08 Sudipta Paria , Swarup Bhunia

New trusted computing primitives such as Intel SGX have shown the feasibility of running user-level applications in enclaves on a commodity trusted processor without trusting a large OS. However, the OS can still compromise the integrity of…

Cryptography and Security · Computer Science 2019-09-23 Shweta Shinde , Shengyi Wang , Pinghai Yuan , Aquinas Hobor , Abhik Roychoudhury , Prateek Saxena

This paper presents the $\underline{\textbf{saf}}$e sub$\underline{\textbf{flo}}$w (Saflo) eBPF-based multipath TCP (MPTCP) scheduler, designed to mitigate traffic analysis attacks in cellular networks. Traffic analysis attacks, which…

Networking and Internet Architecture · Computer Science 2025-02-07 Sangwoo Lee , Liuyi Jin , Radu Stoleru

Secure Multi-Party Computation (MPC) is an important enabling technology for data privacy in modern distributed applications. Currently, proof methods for low-level MPC protocols are primarily manual and thus tedious and error-prone, and…

Cryptography and Security · Computer Science 2024-07-24 Christian Skalka , Joseph P. Near