English
Related papers

Related papers: Pitfalls in VM Implementation on CHERI: Lessons fr…

200 papers

Modern enterprises increasingly take advantage of cloud infrastructures. Yet, outsourcing code and data into the cloud requires enterprises to trust cloud providers not to meddle with their data. To reduce the level of trust towards cloud…

Cryptography and Security · Computer Science 2021-05-31 Mathias Morbitzer , Sergej Proskurin , Martin Radev , Marko Dorfhuber , Erick Quintanar Salas

The CHERI architecture equips conventional RISC ISAs with significant architectural extensions that provide a hardware-enforced mechanism for memory protection and software compartmentalisation. Architectural capabilities replace…

Hardware Architecture · Computer Science 2025-02-10 Louis-Emile Ploix , Alasdair Armstrong , Tom Melham , Ray Lin , Haolong Wang , Anastasia Courtney

This paper explores how the current paradigm of vulnerability management might adapt to include machine learning systems through a thought experiment: what if flaws in machine learning (ML) were assigned Common Vulnerabilities and Exposures…

Cryptography and Security · Computer Science 2021-01-27 Jonathan M. Spring , April Galyardt , Allen D. Householder , Nathan VanHoudnos

Hardware-based Trusted Execution Environments (TEEs) are becoming increasingly prevalent in cloud computing, forming the basis for confidential computing. However, the security goals of TEEs sometimes conflict with existing cloud…

Cryptography and Security · Computer Science 2022-06-01 Yoshimichi Nakatsuka , Ercan Ozturk , Alex Shamis , Andrew Paverd , Peter Pietzuch

In this paper, we present PoisonCap: scalable temporal safety with strict use-after-free protection and initialisation safety for CHERI systems. Efficient memory safety is an increasing priority for programming languages, operating systems,…

Memory corruption attacks have been prevalent in software for a long time. Some mitigation strategies against these attacks do exist, but they are not as far-reaching or as efficient as the CHERI architecture. CHERI uses capabilities to…

Cryptography and Security · Computer Science 2026-01-28 Dariy Guzairov , Alex Potanin , Stephen Kell , Alwen Tiu

Confidential Virtual Machines (CVMs) are a type of VMbased Trusted Execution Environments (TEEs) designed to enhance the security of cloud-based VMs, safeguarding them even from malicious hypervisors. Although CVMs have been widely adopted…

Cryptography and Security · Computer Science 2024-09-25 Shixuan Zhao , Mengyuan Li , Mengjia Yan , Zhiqiang Lin

Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention. Various mitigations have been proposed for C/C++, ranging from language dialects to instrumentation.…

Cryptography and Security · Computer Science 2023-05-12 Konrad Hohentanner , Philipp Zieris , Julian Horsch

In recent years, high interest in using Virtual Machines (VMs) in data centers and Cloud computing has significantly increased the demand for high-performance data storage systems. Recent studies suggest using SSDs as a caching layer for…

Hardware Architecture · Computer Science 2018-05-04 Saba Ahmadian , Onur Mutlu , Hossein Asadi

Cloud computing has become indispensable in today's computer landscape. The flexibility it offers for customers as well as for providers has become a crucial factor for large parts of the computer industry. Virtualization is the key…

Cryptography and Security · Computer Science 2017-07-27 Felicitas Hetzelt , Robert Buhren

In this paper, we address the problem of automatic repair of software vulnerabilities with deep learning. The major problem with data-driven vulnerability repair is that the few existing datasets of known confirmed vulnerabilities consist…

Software Engineering · Computer Science 2022-02-03 Zimin Chen , Steve Kommrusch , Martin Monperrus

Cloud stacks must isolate application components, while permitting efficient data sharing between components deployed on the same physical host. Traditionally, the MMU enforces isolation and permits sharing at page granularity. MMU…

Operating Systems · Computer Science 2022-06-27 Vasily A. Sartakov , Lluís Vilanova , David Eyers , Takahiro Shinagawa , Peter Pietzuch

Execution-replay (ER) is well known in the literature but has been restricted to special system architectures for many years. Improved hardware resources and the maturity of virtual machine technology promise to make ER useful for a broader…

Distributed, Parallel, and Cluster Computing · Computer Science 2007-05-23 Oliver Oppitz

While memory corruption bugs stemming from the use of unsafe programming languages are an old and well-researched problem, the resulting vulnerabilities still dominate real-world exploitation today. Various mitigations have been proposed to…

Cryptography and Security · Computer Science 2021-08-20 Emanuel Q. Vintila , Philipp Zieris , Julian Horsch

Compartmentalization is a form of defensive software design in which an application is broken down into isolated but communicating components. Retrofitting compartmentalization into existing applications is often thought to be expensive…

Cryptography and Security · Computer Science 2023-09-22 John Alistair Kressel , Hugo Lefeuvre , Pierre Olivier

The increasing complexity of autonomous systems has driven a shift to integrated heterogeneous SoCs with real-time and safety demands. Ensuring deterministic WCETs and low-latency for critical tasks requires minimizing interference on…

Hardware Architecture · Computer Science 2025-04-09 Christopher Reinwardt , Robert Balas , Alessandro Ottaviano , Angelo Garofalo , Luca Benini

Confidential Virtual Machines (CVMs) are increasingly adopted to protect sensitive workloads from privileged adversaries such as the hypervisor. While they provide strong isolation guarantees, existing CVM architectures lack first-class…

Cryptography and Security · Computer Science 2026-05-07 Sina Abdollahi , Amir Al Sadi , David Kotz , Marios Kogias , Hamed Haddadi

CFI is a computer security technique that detects runtime attacks by monitoring a program's branching behavior. This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures. The goal…

Cryptography and Security · Computer Science 2017-08-01 Ruan de Clercq , Ingrid Verbauwhede

The unprecedented growth in data demand from emerging applications has turned virtual memory (VM) into a major performance bottleneck. Researchers explore new hardware/OS co-designs to optimize VM across diverse applications and systems. To…

Cloud virtualization technology, ingrained with physical resource sharing, prompts cybersecurity threats on users' virtual machines (VM)s due to the presence of inevitable vulnerabilities on the offsite servers. Contrary to the existing…

Cryptography and Security · Computer Science 2023-08-21 Deepika Saxena , Ishu Gupta , Rishabh Gupta , Ashutosh Kumar Singh , Xiaoqing Wen