English
Related papers

Related papers: Making 'syscall' a Privilege not a Right

200 papers

With the development of Internet of Things (IoT), it is gaining a lot of attention. It is important to secure the embedded systems with low overhead. The Linux Seccomp is widely used by developers to secure the kernels by blocking the…

Cryptography and Security · Computer Science 2025-10-07 Dongyang Zhan , Zhaofeng Yu , Xiangzhan Yu , Hongli Zhang , Lin Ye , Likun Liu

Linux Seccomp is widely used by the program developers and the system maintainers to secure the operating systems, which can block unused syscalls for different applications and containers to shrink the attack surface of the operating…

Cryptography and Security · Computer Science 2025-10-07 Dongyang Zhan , Zhaofeng Yu , Xiangzhan Yu , Hongli Zhang , Lin Ye

System call filtering is a widely used security mechanism for protecting a shared OS kernel against untrusted user applications. However, existing system call filtering techniques either are too expensive due to the context switch overhead…

With the improvements in computing technologies, edge devices in the Internet-of-Things have become more complex. The enabler technology for these complex systems are powerful application core processors with operating system support, such…

Cryptography and Security · Computer Science 2023-01-13 Robert Schilling , Pascal Nasahl , Martin Unterguggenberger , Stefan Mangard

Do Linux distribution package managers need the privileged operations they request to actually happen? Apparently not, at least for building container images for HPC applications. We use this observation to implement a root emulation mode…

Distributed, Parallel, and Cluster Computing · Computer Science 2024-05-13 Reid Priedhorsky , Michael Jennings , Megan Phinney

Operating systems rely on system calls to allow the controlled communication of isolated processes with the kernel and other processes. Every system call includes a processor mode switch from the unprivileged user mode to the privileged…

Cryptography and Security · Computer Science 2022-02-01 Luis Gerhorst , Benedict Herzog , Stefan Reif , Wolfgang Schröder-Preikschat , Timo Hönig

Since its debut, SGX has been used in many applications, e.g., secure data processing. However, previous systems usually assume a trusted enclave and ignore the security issues caused by an untrusted enclave. For instance, a vulnerable (or…

Cryptography and Security · Computer Science 2020-10-26 Yuan Chen , Jiaqi Li , Guorui Xu , Yajin Zhou , Zhi Wang , Cong Wang , Kui Ren

Growing code bases of modern applications have led to a steady increase in the number of vulnerabilities. Control-Flow Integrity (CFI) is one promising mitigation that is more and more widely deployed and prevents numerous exploits. CFI…

Cryptography and Security · Computer Science 2022-03-01 Claudio Canella , Sebastian Dorn , Daniel Gruss , Michael Schwarz

Hardware support for trusted execution in modern CPUs enables tenants to shield their data processing workloads in otherwise untrusted cloud environments. Runtime systems for the trusted execution must rely on an interface to the untrusted…

Operating Systems · Computer Science 2020-01-22 Christian Priebe , Divya Muthukumaran , Joshua Lind , Huanzhou Zhu , Shujie Cui , Vasily A. Sartakov , Peter Pietzuch

Protected user-level libraries have been proposed as a way to allow mutually distrusting applications to safely share kernel-bypass services. In this paper, we identify and solve several previously unaddressed obstacles to realizing this…

Operating Systems · Computer Science 2025-09-04 Alan Beadle , Michael L. Scott , John Criswell

Ransomware core capability, unauthorized encryption, demands controls that identify and block malicious cryptographic activity without disrupting legitimate use. We present a probabilistic, risk-based access control architecture that…

Cryptography and Security · Computer Science 2026-03-24 Kenan Begovic , Abdulaziz Al-Ali , Qutaibah Malluhi

Restricting the system calls available to applications reduces the attack surface of the kernel and limits the functionality available to compromised applications. Recent approaches automatically identify the system calls required by…

Cryptography and Security · Computer Science 2023-09-28 Vidya Lakshmi Rajagopalan , Konstantinos Kleftogiorgos , Enes Göktaş , Jun Xu , Georgios Portokalidis

Exceptions are a commodity hardware functionality which is central to multi-tasking OSes as well as event-driven user applications. Normally, the OS assists the user application by lifting the semantics of exceptions received from hardware…

Cryptography and Security · Computer Science 2021-10-14 Jinhua Cui , Jason Zhijingcheng Yu , Shweta Shinde , Prateek Saxena , Zhiping Cai

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By…

Cryptography and Security · Computer Science 2018-01-16 Daoyuan Wu , Yao Cheng , Debin Gao , Yingjiu Li , Robert H. Deng

Software vulnerabilities in applications undermine the security of applications. By blocking unused functionality, the impact of potential exploits can be reduced. While seccomp provides a solution for filtering syscalls, it requires manual…

Cryptography and Security · Computer Science 2020-12-07 Claudio Canella , Mario Werner , Daniel Gruss , Michael Schwarz

Speculative execution which is used pervasively in modern CPUs can leave side effects in the processor caches and other structures even when the speculated instructions do not commit and their direct effect is not visible. The recent…

Cryptography and Security · Computer Science 2018-06-19 Khaled N. Khasawneh , Esmaeil Mohammadian Koruyeh , Chengyu Song , Dmitry Evtyushkin , Dmitry Ponomarev , Nael Abu-Ghazaleh

Commodity applications contain more and more combinations of interacting components (user, application, library, and system) and exhibit increasingly diverse tradeoffs between isolation, performance, and programmability. We argue that the…

Cryptography and Security · Computer Science 2021-08-11 Bumjin Im , Fangfei Yang , Chia-Che Tsai , Michael LeMay , Anjo Vahldiek-Oberwagner , Nathan Dautenhahn

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By…

Cryptography and Security · Computer Science 2016-09-14 Daoyuan Wu , Debin Gao , Yingjiu Li , Robert H. Deng

Spectre attacks exploit microprocessor speculative execution to read and transmit forbidden data outside the attacker's trust domain and sandbox. Recent hardware schemes allow potentially-unsafe speculative accesses but prevent the secret's…

Hardware Architecture · Computer Science 2023-06-14 Conor Green , Cole Nelson , Mithuna Thottethodi , T. N. Vijaykumar

AI agents increasingly run untrusted code on developer machines: shell commands generated by language models, third-party scripts retrieved at runtime, and tool plugins of unknown provenance. Existing isolation mechanisms impose tradeoffs…

Cryptography and Security · Computer Science 2026-05-27 Cong Wang , Yusheng Zheng
‹ Prev 1 2 3 10 Next ›