English
Related papers

Related papers: Pomegranate: A Lightweight Compartmentalization Ar…

200 papers

The endless stream of vulnerabilities urgently calls for principled mitigation to confine the effect of exploitation. However, the monolithic architecture of commodity OS kernels, like the Linux kernel, allows an attacker to compromise the…

Cryptography and Security · Computer Science 2024-09-17 Yinggang Guo , Zicheng Wang , Weiheng Bai , Qingkai Zeng , Kangjie Lu

Monolithic operating systems, where all kernel functionality resides in a single, shared address space, are the foundation of most mainstream computer systems. However, a single flaw, even in a non-essential part of the kernel (e.g., device…

Cryptography and Security · Computer Science 2024-04-16 Soo Yee Lim , Sidhartha Agrawal , Xueyuan Han , David Eyers , Dan O'Keeffe , Thomas Pasquier

Application compartmentalization and privilege separation are our primary weapons against ever-increasing security threats and privacy concerns on connected devices. Despite significant progress, it is still challenging to privilege…

Cryptography and Security · Computer Science 2023-06-27 Zahra Tarkhani , Anil Madhavapeddy

We present pomegranate, an open source machine learning package for probabilistic modeling in Python. Probabilistic modeling encompasses a wide range of methods that explicitly describe uncertainty using probability distributions. Three…

Artificial Intelligence · Computer Science 2018-03-01 Jacob Schreiber

Protecting commodity operating systems and applications against malware and targeted attacks has proven to be difficult. In recent years, virtualization has received attention from security researchers who utilize it to harden existing…

Cryptography and Security · Computer Science 2014-05-26 Francesco Gadaleta , Raoul Strackx , Nick Nikiforakis , Frank Piessens , Wouter Joosen

Isolating sensitive state and data can increase the security and robustness of many applications. Examples include protecting cryptographic keys against exploits like OpenSSL's Heartbleed bug or protecting a language runtime from native…

Cryptography and Security · Computer Science 2019-06-05 Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno O. Duarte , Michael Sammler , Peter Druschel , Deepak Garg

Compartmentalization is a form of defensive software design in which an application is broken down into isolated but communicating components. Retrofitting compartmentalization into existing applications is often thought to be expensive…

Cryptography and Security · Computer Science 2023-09-22 John Alistair Kressel , Hugo Lefeuvre , Pierre Olivier

In monolithic operating systems, the kernel is the piece of code that executes with the highest privileges and has control over all the software running on a host. A successful attack against an operating system's kernel means a total and…

Operating Systems · Computer Science 2014-05-23 Francesco Gadaleta , Nick Nikiforakis , Yves Younan , Wouter Joosen

Over the last years, security kernels have played a promising role in reshaping the landscape of platform security on today's ubiquitous embedded devices. Security kernels, such as separation kernels, enable constructing high-assurance…

Cryptography and Security · Computer Science 2020-05-07 Hamed Nemati

The security of applications hinges on the trustworthiness of the operating system, as applications rely on the OS to protect code and data. As a result, multiple protections for safeguarding the integrity of kernel code and data are being…

Cryptography and Security · Computer Science 2019-05-16 Salessawi Ferede Yitbarek , Todd Austin

Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we…

Cryptography and Security · Computer Science 2017-04-18 Yannis Juglaret , Catalin Hritcu , Arthur Azevedo de Amorim , Boris Eng , Benjamin C. Pierce

Existing high-end embedded systems face frequent security attacks. Software compartmentalization is one technique to limit the attacks' effects to the compromised compartment and not the entire system. Unfortunately, the existing…

Container technologies, like Docker, are becoming increasingly popular. Containers provide exceptional developer experience because containers offer lightweight isolation and ease of software distribution. Containers are also widely used in…

Distributed, Parallel, and Cluster Computing · Computer Science 2018-03-01 Pablo Chico de Guzman , Felipe Gorostiaga , Cesar Sanchez

In-process compartmentalization and access control have been actively explored to provide in-place and efficient isolation of in-process security domains. Many works have proposed compartmentalization schemes that leverage hardware…

Cryptography and Security · Computer Science 2023-09-21 Kha Dinh Duy , Kyuwon Cho , Taehyun Noh , Hojoon Lee

Virtualization, a technique once used to multiplex the resources of high-priced mainframe hardware, is seeing a resurgence in applicability with the increasing computing power of commodity computers. By inserting a layer of software between…

Operating Systems · Computer Science 2007-05-23 Nadir Kiyanclar

Malicious peripherals designed to attack their host computers are a growing problem. Inexpensive and powerful peripherals that attach to plug-and-play buses have made such attacks easy to mount. Making matters worse, commodity operating…

Operating Systems · Computer Science 2016-08-19 Sebastian Angel , Riad S. Wahby , Max Howald , Joshua B. Leners , Michael Spilo , Zhen Sun , Andrew J. Blumberg , Michael Walfish

One single error can result in a total compromise of all security in today's large, monolithic software. Partitioning of software can help simplify code-review and verification, whereas isolated execution of software-components limits the…

Cryptography and Security · Computer Science 2017-06-16 Alexander Senier , Martin Beck , Thorsten Strufe

Software compartmentalization breaks down an application into compartments isolated from each other: an attacker taking over a compartment will be confined to it, limiting the damage they can cause to the rest of the application. Despite…

Cryptography and Security · Computer Science 2026-03-11 Jia Hu , Youcheng Sun , Pierre Olivier

Recent developments in the commercial open source community have catalysed the use of Linux containers for scalable deployment of web-based applications to the cloud. Scientific software can be containerized with dependencies, configuration…

Software Engineering · Computer Science 2015-09-30 Robert Nagler , David Bruhwiler , Paul Moeller , Stephen Webb

Application containers, such as Docker containers, have recently gained popularity as a solution for agile and seamless deployment of applications. These light-weight virtualization environments run applications that are packed together…

Cryptography and Security · Computer Science 2016-02-29 Vaibhav Rastogi , Drew Davidson , Lorenzo De Carli , Somesh Jha , Patrick McDaniel
‹ Prev 1 2 3 10 Next ›