Papers
Topics
Authors
Recent
Assistant
AI Research Assistant
Well-researched responses based on relevant abstracts and paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses.
Gemini 2.5 Flash
Gemini 2.5 Flash 134 tok/s
Gemini 2.5 Pro 41 tok/s Pro
GPT-5 Medium 26 tok/s Pro
GPT-5 High 23 tok/s Pro
GPT-4o 59 tok/s Pro
Kimi K2 212 tok/s Pro
GPT OSS 120B 430 tok/s Pro
Claude Sonnet 4.5 37 tok/s Pro
2000 character limit reached

Securing Monolithic Kernels using Compartmentalization (2404.08716v1)

Published 12 Apr 2024 in cs.CR and cs.OS

Abstract: Monolithic operating systems, where all kernel functionality resides in a single, shared address space, are the foundation of most mainstream computer systems. However, a single flaw, even in a non-essential part of the kernel (e.g., device drivers), can cause the entire operating system to fall under an attacker's control. Kernel hardening techniques might prevent certain types of vulnerabilities, but they fail to address a fundamental weakness: the lack of intra-kernel security that safely isolates different parts of the kernel. We survey kernel compartmentalization techniques that define and enforce intra-kernel boundaries and propose a taxonomy that allows the community to compare and discuss future work. We also identify factors that complicate comparisons among compartmentalized systems, suggest new ways to compare future approaches with existing work meaningfully, and discuss emerging research directions.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (179)
  1. 2020 Linux Kernel History Report. (Accessed 12th April 2024). https://project.linuxfoundation.org/hubfs/Reports/2020_kernel_history_report_082720.pdf?hsLang=en
  2. ab - Apache HTTP server benchmarking tool. online. (Accessed 12th April 2024). http://httpd.apache.org/docs/2.4/programs/ab.html.
  3. AMD Secure Encrypted Virtualization. (Accessed 12th April 2024). https://developer.amd.com/sev/
  4. AnTuTu Benchmark. online. (Accessed 12th April 2024). https://www.antutu.com.
  5. ARMv8.5-A Pointer Authentication. (Accessed 12th April 2024). shorturl.at/GHM69
  6. Arm® Architecture Reference Manual Supplement Morello for A-profile Architecture. online (accessed 12th April 2024). (Accessed 12th April 2024). https://developer.arm.com/documentation/ddi0606/aj/?lang=en.
  7. CHERI Linux. online. (Accessed 12th April 2024). https://github.com/cheri-linux.
  8. CVE-2010-3904. online. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3904.
  9. CVE-2013-6282. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6282
  10. CVE-2014-9585. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585
  11. CVE-2015-1593. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593
  12. CVE-2016-10044. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10044
  13. CVE-2018-15471. online. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15471.
  14. CVE-2018-7273. online. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273.
  15. CVE-2018-7755. online. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755.
  16. CVE-2019-10639. online. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10639.
  17. CVE-2019-11190. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11190
  18. CVE-2020-12654. online. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12654.
  19. CVE-2020-8835. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8835
  20. CVE-2021-31440. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31440
  21. CVE-2021-33200. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33200
  22. CVE-2021-3490. (Accessed 12th April 2024). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3490
  23. Geekbench. online. (Accessed 12th April 2024). https://www.geekbench.com/.
  24. Intel Multi-Key Total Memory Encryption (MK TME). (Accessed 12th April 2024). https://software.intel.com/sites/default/files/managed/a5/16/Total-Memory-Encryption-Multi-Key-Spec.pdf
  25. iPerf - The ultimate speed test tool for TCP, UDP and SCTP. online. (Accessed 12th April 2024). https://iperf.fr/.
  26. Kernel Self Protection Project. (Accessed 12th April 2024). https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project.
  27. Linux KVM. (Accessed 12th April 2024). https://www.linux-kvm.org/
  28. Next steps for Rust in the kernel. (Accessed 12th April 2024). https://lwn.net/Articles/908347/.
  29. PKS/PMEM: Add Stray Write Protection [LWN.Net]. (Accessed 12th April 2024). https://lwn.net/Articles/887532/
  30. Redox. online. (Accessed 12th April 2024). https://www.redox-os.org/.
  31. A Technical Look at Intel’s Control-flow Enforcement Technology(CET). (Accessed 12th April 2024). shorturl.at/EKMN6
  32. Xen Driver Domain. (Accessed 12th April 2024). https://wiki.xenproject.org/wiki/Driver_Domain
  33. Starr Andersen and Vincent Abella. 2004. Data Execution Prevention. Changes to Functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory Protection Technologies. (2004).
  34. ARM. ARMv8.5-A Memory Tagging Extension. (Accessed 12th April 2024). https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf
  35. SKEE: A Lightweight Secure Kernel-level Execution Environment for ARM. In Network and Distributed System Security Symposium (NDSS’16). Internet Society.
  36. Hypervision across worlds: Real-time kernel protection from the ARM TrustZone secure world. In ACM Conference on Computer and Communications Security (CCS’14). 90–102.
  37. Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM Conference on Computer and Communications Security. 375–388.
  38. Less is more: quantifying the security benefits of debloating web applications. In Security Symposium (USENIX Sec’19). USENIX, 1697–1714.
  39. CAIN: Silently Breaking ASLR in the Cloud. In Workshop on Offensive Technologies (WOOT’15). USENIX.
  40. The multikernel: a new OS architecture for scalable multicore systems. In Symposium on Operating Systems Principles (SOSP’09). ACM, 29–44.
  41. Leveraging kernel security mechanisms to improve container security: a survey. In International Conference on Availability, Reliability and Security (ARES’19). ACM.
  42. Dune: Safe user-level access to privileged CPU features. In Symposium on Operating Systems Design and Implementation (OSDI 12). USENIX, 335–348.
  43. User-level interprocess communication for shared memory multiprocessors. ACM Transactions on Computer Systems (TOCS) 9, 2 (1991).
  44. J. K. Biba. 1977. Integrity Considerations for Secure Computer Systems. (1977).
  45. Smashing the Stack Protector for Fun and Profit. In International Conference on ICT Systems Security and Privacy Protection. Springer/IFIP.
  46. Wedge: Splitting applications into reduced-privilege compartments. In Symposium on Networked Systems Design and Implementation (NSDI’08). USENIX.
  47. Daniel P Bovet and Marco Cesati. 2005. Understanding the Linux Kernel: from I/O ports to process management. O’Reilly Media, Inc.
  48. David Brumley and Dawn Song. 2004. Privtrans: Automatically partitioning programs for privilege separation. In Security Symposium. USENIX.
  49. SoK: Shining light on shadow stacks. In Symposium on Security and Privacy (S&P’19). IEEE, 985–999.
  50. A systematic evaluation of transient execution attacks and defenses. In Security Symposium (USENIX Sec’19). USENIX, 249–266.
  51. The rise of eBPF for non-intrusive performance monitoring. In Network Operations and Management Symposium (NOMS’20). IEEE/IFIP.
  52. Fast byte-granularity software fault isolation. In Symposium on Operating Systems Principles (SOSP’09). ACM.
  53. Linux Kernel Vulnerabilities: State-of-the-Art Defenses and Open Problems. In Asia-Pacific Workshop on Systems. ACM.
  54. Shreds: Fine-grained execution units with private memory. In Symposium on Security and Privacy (S&P’16). IEEE, 56–71.
  55. Tzi-cker Chiueh and Fu-Hau Hsu. 2001. RAD: A compile-time solution to buffer overflow attacks. In International Conference on Distributed Computing Systems (ICDCS’01). IEEE.
  56. An empirical study of operating systems errors. In Proceedings of the eighteenth ACM Symposium on Operating Systems Principles. 73–88.
  57. Jonathan Corbet. 2022. Generalized address-space isolation. online. (2022). https://lwn.net/Articles/886494/.
  58. Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. Cryptology ePrint Archive (2016).
  59. KCoFI: Complete control-flow integrity for commodity operating system kernels. In Symposium on Security and Privacy (S&P’14). IEEE, 292–307.
  60. Memory Safety for Low-Level Software/Hardware Interactions. In Security Symposium (USENIX Sec’09). USENIX.
  61. Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems. In Symposium on Operating Systems Principles (SOSP’07). ACM, Association for Computing Machinery.
  62. A virtual instruction set interface for operating system kernels. In Workshop on the Interaction between Operating Systems and Computer Architecture.
  63. The benefits and costs of writing a POSIX kernel in a high-level language. In Symposium on Operating Systems Design and Implementation (OSDI’18). USENIX.
  64. CVE Details. Vulnerabilities in the Linux kernel 2019. (Accessed 12th April 2024). Accessed January 2020.
  65. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’15). ACM.
  66. ROPdefender: A detection tool to defend against return-oriented programming attacks. In Symposium on Information, Computer and Communications Security (ASIACCS’11). ACM.
  67. Leveraging legacy code to deploy desktop applications on the web.. In OSDI, Vol. 8. 339–354.
  68. Kevin Elphinstone and Gernot Heiser. 2013. From L3 to SeL4 What Have We Learnt in 20 Years of L4 Microkernels?. In Symposium on Operating Systems Principles (SOSP’13). ACM, 133–150.
  69. Exokernel: An operating system architecture for application-level resource management. ACM SIGOPS Operating Systems Review 29, 5 (1995), 251–266.
  70. XFI: Software guards for system address spaces. In Symposium on Operating Systems Design and Implementation (OSDI’06). USENIX.
  71. Jump over ASLR: Attacking branch predictors to bypass ASLR. In International Symposium on Microarchitecture (MICRO). IEEE/ACM.
  72. Automatic Exploitation of Fully Randomized Executables. Technical Report. MIT CSAIL.
  73. The design and implementation of Microdrivers. ACM SIGARCH Computer Architecture News (2008).
  74. Terra: A virtual machine-based platform for trusted computing. In Proceedings of the nineteenth ACM Symposium on Operating Systems Principles. 193–206.
  75. The SawMill multiserver approach. In European workshop: beyond the PC: new challenges for the operating system. ACM.
  76. K-Miner: Uncovering Memory Corruption in Linux.. In Network and Distributed System Security Symposium (NDSS’18). Internet Society.
  77. Masoud Ghaffarinia and Kevin W Hamlen. 2019. Binary control-flow trimming. In Conference on Computer and Communications Security (CCS’19). ACM, 1009–1022.
  78. Enhanced operating system security through efficient and fine-grained address space randomization. In Security Symposium (USENIX Sec’12). USENIX.
  79. ASLR on the Line: Practical Cache Attacks on the MMU. In Network and Distributed System Security Symposium (NDSS’17), Vol. 17. Internet Society.
  80. IskiOS: Lightweight Defense Against Kernel-Level Code-Reuse Attacks. (2019). http://arxiv.org/abs/1903.04654
  81. Clean application compartmentalization with SOAAP. In Conference on Computer and Communications Security (CCS’15). ACM.
  82. MINIX 3: A highly reliable, self-repairing operating system. ACM SIGOPS Operating Systems Review 40, 3 (2006).
  83. Michael Hind. 2001. Pointer analysis: Haven’t we solved this problem yet?. In Workshop on Program Analysis for Software Tools and Engineering. ACM.
  84. Inktag: Secure applications on an untrusted operating system. In Proceedings of the eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems. 265–278.
  85. ARM Holdings. 2009. ARM Security Technology: Building a Secure System using TrustZone Technology. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/. (2009).
  86. Data-oriented programming: On the expressiveness of non-control data attacks. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 969–986.
  87. KSplit: Automating Device Driver Isolation. In Symposium on Operating Systems Design and Implementation (OSDI’22). USENIX, 613–631.
  88. Practical timing side channel attacks against kernel space ASLR. In Symposium on Security and Privacy (S&P’13). IEEE.
  89. Intel. Intel® 64 and IA-32 Architectures Software Developer Manuals. (Accessed 12th April 2024). https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html
  90. TxBox: Building secure, efficient sandboxes with system transactions. In 2011 IEEE Symposium on Security and Privacy. IEEE, 329–344.
  91. Razzer: Finding kernel race bugs through fuzzing. In Symposium on Security and Privacy (S&P’19). IEEE, 754–768.
  92. Kernel Extension Verification is Untenable. In Workshop on Hot Topics in Operating Systems (HotOS’23). ACM, 150–157.
  93. Rick Jones. Netperf. online. (Accessed 12th April 2024). https://github.com/HewlettPackard/netperf.
  94. Syrup: User-defined scheduling across the stack. In Symposium on Operating Systems Principles (SOSP’21). ACM.
  95. SGX-Log: Securing System Logs With SGX. In ASIA Conference on Computer and Communications Security (ASIACCS’17). ACM.
  96. Nohype: virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th Annual International Symposium on Computer Architecture. 350–361.
  97. M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles. In Security Symposium (USENIX Sec’21). USENIX, 285–302.
  98. Douglas Kilpatrick. 2003. Privman: A Library for Partitioning Applications.. In USENIX Annual Technical Conference, FREENIX Track. 273–284.
  99. HFL: Hybrid Fuzzing on the Linux Kernel.. In Network and Distributed System Security Symposium (NDSS’20). Internet Society.
  100. Taesoo Kim and Nickolai Zeldovich. 2013. Practical and effective sandboxing for non-root users. In USENIX Annual Technical Conference (USENIX ATC’13).
  101. Steve Klabnik and Carol Nichols. 2023. The Rust programming language. No Starch Press.
  102. Gerwin Klein. 2009. Operating system verification—an overview. Sadhana 34, 1 (2009).
  103. seL4: Formal verification of an OS kernel. In Symposium on Operating Systems Principles (SOSP’09). ACM.
  104. No need to hide: Protecting safe regions on commodity hardware. In European Conference on Computer Systems (EuroSys’17). ACM, 437–452.
  105. Unikraft: Fast, Specialized Unikernels the Easy Way. In European Conference on Computer Systems (EuroSys’21). ACM, 376–394.
  106. A Linux in unikernel clothing. In Proceedings of the Fifteenth European Conference on Computer Systems.
  107. Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs. In European Workshop on System Security. 1–6.
  108. Code-Pointer Integrity. Association for Computing Machinery and Morgan & Claypool, 81–116. https://doi.org/10.1145/3129743.3129748
  109. Loop-oriented programming: a new code reuse attack to bypass modern defenses. In 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE.
  110. Making context-sensitive points-to analysis with heap cloning practical for the real world. ACM SIGPLAN Notices 42, 6 (2007), 278–289.
  111. FlexOS: making OS isolation flexible. In Workshop on Hot Topics in Operating Systems (HotOS).
  112. Secloak: Arm trustzone-based mobile peripheral control. In Annual International Conference on Mobile Systems, Applications, and Services (MobiSys’18). ACM, 1–13.
  113. An incremental path towards a safer OS kernel. In Workshop on Hot Topics in Operating Systems (HotOS’21). ACM.
  114. MiniBox: A Two-Way Sandbox for x86 Native Code. In 2014 USENIX annual technical conference (USENIX ATC 14). 409–420.
  115. PAC it up: Towards pointer integrity using ARM pointer authentication. In 28th USENIX Security Symposium (USENIX Security 19). 177–194.
  116. Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing. In SIGCOMM Workshop on eBPF and Kernel Extensions. ACM.
  117. Glamdring: Automatic application partitioning for Intel SGX. In Annual Technical Conference (ATC’17). USENIX, 285–298.
  118. PtrSplit: Supporting general pointers in automatic program partitioning. In Conference on Computer and Communications Security (CCS’17). ACM, 2359–2371.
  119. Program-Mandering: Quantitative Privilege Separation. In Conference on Computer and Communications Security (CCS’19). ACM.
  120. Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation. In Conference on Computer and Communications Security (CCS’15). ACM.
  121. DR. CHECKER: A soundy analysis for Linux kernel drivers. In Security Symposium (USENIX Sec’17). USENIX.
  122. Anil Madhavapeddy and David J Scott. 2014. Unikernels: the rise of the virtual library operating system. Commun. ACM 57, 1 (2014).
  123. Software fault isolation with API integrity and multi-principal modules. In Symposium on Operating Systems Principles (SOSP’11). ACM.
  124. TrustVisor: Efficient TCB reduction and attestation. In 2010 IEEE Symposium on Security and Privacy. IEEE, 143–158.
  125. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008. 315–328.
  126. Preventing Kernel Hacks with HAKC. In Network and Distributed System Security Symposium (NDSS’22). Internet Society.
  127. lmbench: Portable Tools for Performance Analysis. In Annual Technical Conference (ATC’96). USENIX, 279–294.
  128. Mitre. Linux Kernel Vulnerability Trends Over Time. online (accessed 12th April 2024). (Accessed 12th April 2024). https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33.
  129. David Mosberger and Tai Jin. 1998. httperf—a tool for measuring web server performance. ACM SIGMETRICS Performance Evaluation Review 26, 3 (1998), 31–37.
  130. Swivel: Hardening WebAssembly against Spectre. In Security Symposium (USENIX Sec’21). USENIX.
  131. LXDs: Towards isolation of kernel subsystems. In Annual Technical Conference (ATC’19). USENIX.
  132. Lightweight kernel isolation with virtualization and VM functions. In International Conference on Virtual Execution Environments. ACM.
  133. Hyperkernel: Push-button verification of an OS kernel. In Symposium on Operating Systems Principles (SOSP’17). ACM, 252–269.
  134. Ruslan Nikolaev and Godmar Back. 2013. VirtuOS: an operating system with kernel virtualization. In Symposium on Operating Systems Principles (SOSP’13). ACM.
  135. Intel MPX Explained: A Cross-Layer Analysis of the Intel MPX System Stack. ACM Measurement and Analysis of Computing Systems. (2018).
  136. OpenBenchmarking. LAME MP3 Encoding. online. (Accessed 12th April 2024). https://openbenchmarking.org/test/pts/encode-mp3.
  137. Custos: Practical tamper-evident auditing of operating systems using trusted execution. In Symposium on Network and Distributed System Security (NDSS’02). Internet Society.
  138. Faults in Linux: Ten years later. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’11). ACM.
  139. Transparent {{\{{ROP}}\}} exploit mitigation using indirect branch tracing. In Security Symposium (USENIX Sec’13). USENIX, 447–462.
  140. Sandro Pinto and Nuno Santos. 2019. Demystifying ARM TrustZone: A comprehensive survey. ACM Computing Surveys (CSUR) 51, 6 (2019), 1–36.
  141. Xen 3.0 and the art of virtualization. In Linux symposium, Vol. 2.
  142. xMP: selective memory protection for kernel and user space. In Symposium on Security and Privacy (S&P’20). IEEE, 563–577.
  143. Qualcomm. Vellamo Mobile Benchmark Suite. online. (Accessed 12th April 2024). https://www.qualcomm.com/news/onq/2012/09/20/vellamo-mobile-benchmark-suite.
  144. An Analysis of Performance Evolution of Linux’s Core Operations. In Symposium on Operating Systems Principles (SOSP’19). ACM.
  145. Matthew J Renzelmann and Michael M Swift. 2009. Decaf: Moving Device Drivers to a Modern Language. In Annual Technical Conference (ATC’09). USENIX.
  146. Jonathan Salwan. ROPgadget Tool. online. (Accessed 12th April 2024). https://github.com/JonathanSalwan/ROPgadget.
  147. CAP-VMs: Capability-Based Isolation and Sharing in the Cloud. In Symposium on Operating Systems Design and Implementation (OSDI 22). USENIX, 597–612.
  148. CubicleOS: A Library OS with Software Componentisation for Practical Isolation. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’21). ACM.
  149. kAFL: Hardware-assisted feedback fuzzing for OS kernels. In Security Symposium (USENIX Sec’17). USENIX, 167–182.
  150. Security analysis of processor instruction set architecture for enforcing control-flow integrity. In International Workshop on Hardware and Architectural Support for Security and Privacy (HASP’19). ACM, 1–11.
  151. A study of security isolation techniques. ACM Computing Surveys (CSUR) 49, 3 (2016), 1–37.
  152. Christopher Small and Margo Seltzer. 1998. MiSFIT: Constructing safe extensible systems. IEEE concurrency 6, 3 (1998), 34–41.
  153. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Symposium on Security and Privacy (S&P’13). IEEE.
  154. Enforcing Kernel Security Invariants with Data Flow Integrity. In Network and Distributed System Security Symposium (NDSS’16). Internet Society.
  155. Agamotto: Accelerating kernel driver fuzzing with lightweight virtual machine checkpoints. In Security Symposium (USENIX Sec’20). USENIX, 2541–2557.
  156. Udo Steinberg and Bernhard Kauer. 2010. NOVA: A microhypervisor-based secure virtualization architecture. In Proceedings of the 5th European conference on Computer systems. 209–222.
  157. Bypassing data execution prevention on Microsoft Windows XP SP2. In International Conference on Availability, Reliability and Security (ARES’07). IEEE.
  158. Yulei Sui and Jingling Xue. 2016. SVF: interprocedural static value-flow analysis in LLVM. In International Conference on Compiler Construction (CC’16). ACM, 265–266.
  159. Recovering Device Drivers. In Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation - Volume 6 (OSDI’04). USENIX Association, USA.
  160. Improving the reliability of commodity operating systems. In Symposium on Operating Systems Principles (SOSP’03). ACM.
  161. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th symposium on Operating systems design and implementation. 279–292.
  162. Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers. In International Conference on Compiler Construction. Springer.
  163. Jeff Vander Stoep. 2016. Protecting Android with more Linux kernel defenses. (2016). https://android-developers.googleblog.com/2016/07/protecting-android-with-more-linux.html.
  164. Fast packet processing with eBPF and XDP: Concepts, code, challenges, and applications. Computing Surveys (CSUR) 53, 1 (2020).
  165. Stackguard: Simple stack smash protection for gcc. In GCC Developers Summit.
  166. Efficient Software-Based Fault Isolation. In Symposium on Operating Systems Principles (SOSP’93). ACM.
  167. Rt-tee: Real-time system availability for cyber-physical systems using arm trustzone. In Symposium on Security and Privacy (S&P’22). IEEE, 352–369.
  168. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In Symposium on Security and Privacy (S&P’15). IEEE.
  169. An Introduction to CHERI. (Accessed 12th April 2024).
  170. David Wheeler. SLOCCount. online. (Accessed 12th April 2024). https://dwheeler.com/sloccount/.
  171. Unikernels as processes. In Symposium on Cloud Computing (SoCC’18). ACM.
  172. Mondrian Memory Protection. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’02). ACM.
  173. Mondrix: Memory isolation for Linux using Mondriaan memory protection. In Symposium on Operating Systems Principles (SOSP’05). ACM.
  174. The CHERI capability model: Revisiting RISC in an age of risk. In International Symposium on Computer Architecture (ISCA’14). ACM/IEEE.
  175. Native client: A sandbox for portable, untrusted x86 native code. Commun. ACM 53, 1 (2010), 91–99.
  176. Mingwei Zhang and R. Sekar. 2013. Control Flow Integrity for COTS Binaries. In Secuirty Symposium (USENIX Sec’13). USENIX.
  177. SafeDrive: Safe and Recoverable Extensions Using Language-Based Techniques. In Symposium on Operating Systems Design and Implementation (OSDI’06). USENIX.
  178. Silhouette: Efficient Protected Shadow Stacks for Embedded Systems. In Security Symposium (USENIX Sec’20). USENIX.
  179. Systemizing Interprocedural Static Analysis of Large-scale Systems Code with Graspan. ACM Transactions on Computer Systems (TOCS) 38, 1-2 (2021), 1–39.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
Lightbulb Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets

This paper has been mentioned in 1 tweet and received 9 likes.

Upgrade to Pro to view all of the tweets about this paper:

Start a free 7-day Pro trial

Don't miss out on important new AI/ML research

See which papers are being discussed right now on X, Reddit, and more:

Explore Trending Papers

“Emergent Mind helps me see which AI papers have caught fire online.”

Philip

Philip

Creator, AI Explained on YouTube