English
Related papers

Related papers: BULKHEAD: Secure, Scalable, and Efficient Kernel C…

200 papers

The monolithic nature of widely used commodity operating systems means that vulnerabilities in one software component potentially compromise the entire kernel. Formally verifying these systems, or redesigning them altogether as…

Cryptography and Security · Computer Science 2026-05-11 Shriram Raja , Zhiyuan Ruan , Richard West

Monolithic operating systems, where all kernel functionality resides in a single, shared address space, are the foundation of most mainstream computer systems. However, a single flaw, even in a non-essential part of the kernel (e.g., device…

Cryptography and Security · Computer Science 2024-04-16 Soo Yee Lim , Sidhartha Agrawal , Xueyuan Han , David Eyers , Dan O'Keeffe , Thomas Pasquier

Over the last years, security kernels have played a promising role in reshaping the landscape of platform security on today's ubiquitous embedded devices. Security kernels, such as separation kernels, enable constructing high-assurance…

Cryptography and Security · Computer Science 2020-05-07 Hamed Nemati

Application compartmentalization and privilege separation are our primary weapons against ever-increasing security threats and privacy concerns on connected devices. Despite significant progress, it is still challenging to privilege…

Cryptography and Security · Computer Science 2023-06-27 Zahra Tarkhani , Anil Madhavapeddy

The kernels of operating systems such as Windows, Linux, and MacOS are vulnerable to control-flow hijacking. Defenses exist, but many require efficient intra-address-space isolation. Execute-only memory, for example, requires read…

Cryptography and Security · Computer Science 2021-08-04 Spyridoula Gravani , Mohammad Hedayati , John Criswell , Michael L. Scott

Memory corruption attacks have been prevalent in software for a long time. Some mitigation strategies against these attacks do exist, but they are not as far-reaching or as efficient as the CHERI architecture. CHERI uses capabilities to…

Cryptography and Security · Computer Science 2026-01-28 Dariy Guzairov , Alex Potanin , Stephen Kell , Alwen Tiu

Existing high-end embedded systems face frequent security attacks. Software compartmentalization is one technique to limit the attacks' effects to the compromised compartment and not the entire system. Unfortunately, the existing…

Isolation is a critical property for shared infrastructure to limit exposure and interference among simultaneous running workloads. Cloud providers use different isolation mechanisms such as full Virtual Machines, microVMs, Linux…

Operating Systems · Computer Science 2025-07-30 Anjali , Michael M. Swift

Protected user-level libraries have been proposed as a way to allow mutually distrusting applications to safely share kernel-bypass services. In this paper, we identify and solve several previously unaddressed obstacles to realizing this…

Operating Systems · Computer Science 2025-09-04 Alan Beadle , Michael L. Scott , John Criswell

Compartmentalization effectively prevents initial corruption from turning into a successful attack. This paper presents O2C, a pioneering system designed to enforce OS kernel compartmentalization on the fly. It not only provides immediate…

Operating Systems · Computer Science 2024-01-12 Zicheng Wang , Tiejin Chen , Qinrun Dai , Yueqi Chen , Hua Wei , Qingkai Zeng

With the alarming rate of security advisories and privacy concerns on connected devices, there is an urgent need for strong isolation guarantees in resource-constrained devices that demand very lightweight solutions. However, the status quo…

Operating Systems · Computer Science 2020-04-13 Zahra Tarkhani , Anil Madhavapeddy

The security of applications hinges on the trustworthiness of the operating system, as applications rely on the OS to protect code and data. As a result, multiple protections for safeguarding the integrity of kernel code and data are being…

Cryptography and Security · Computer Science 2019-05-16 Salessawi Ferede Yitbarek , Todd Austin

The kernel is the most safety- and security-critical component of many computer systems, as the most severe bugs lead to complete system crash or exploit. It is thus desirable to guarantee that a kernel is free from these bugs using formal…

Cryptography and Security · Computer Science 2021-05-25 Olivier Nicole , Matthieu Lemerre , Sébastien Bardin , Xavier Rival

We present, MultiK, a Linux-based framework 1 that reduces the attack surface for operating system kernels by reducing code bloat. MultiK "orchestrates" multiple kernels that are specialized for individual applications in a transparent…

Operating Systems · Computer Science 2019-03-19 Hsuan-Chi Kuo , Akshith Gunasekaran , Yeongjin Jang , Sibin Mohan , Rakesh B. Bobba , David Lie , Jesse Walker

Linux containers currently provide limited isolation guarantees. While containers separate namespaces and partition resources, the patchwork of mechanisms used to ensure separation cannot guarantee consistent security semantics. Even worse,…

Cryptography and Security · Computer Science 2021-02-16 William Findlay , David Barrera , Anil Somayaji

This paper presents Unikernel Linux (UKL), a path toward integrating unikernel optimization techniques in Linux, a general purpose operating system. UKL adds a configuration option to Linux allowing for a single, optimized process to link…

In this paper, we propose PCKID, a novel, robust, kernel function for spectral clustering, specifically designed to handle incomplete data. By combining posterior distributions of Gaussian Mixture Models for incomplete data on different…

Machine Learning · Statistics 2017-02-24 Sigurd Løkse , Filippo Maria Bianchi , Arnt-Børre Salberg , Robert Jenssen

We present BKP, a user-friendly and extensible R package that implements the Beta Kernel Process (BKP) -- a fully nonparametric and computationally efficient framework for modeling spatially varying binomial probabilities. The BKP model…

Computation · Statistics 2025-09-16 Jiangyan Zhao , Kunhai Qing , Jin Xu

Efficient cloud computing relies on in-process isolation to optimize performance by running workloads within a single process. Without heavy-weight process isolation, memory safety errors pose a significant security threat by allowing an…

Cryptography and Security · Computer Science 2025-08-05 Martin Unterguggenberger , Lukas Lamster , David Schrammel , Martin Schwarzl , Stefan Mangard

The efficacy of address space layout randomization has been formally demonstrated in a shared-memory model by Abadi et al., contingent on specific assumptions about victim programs. However, modern operating systems, implementing layout…

Cryptography and Security · Computer Science 2025-04-14 Davide Davoli , Martin Avanzini , Tamara Rezk
‹ Prev 1 2 3 10 Next ›