Large language models (LLMs) have witnessed a meteoric rise in popularity among the
general public users over the past few months, facilitating diverse downstream tasks with …

Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows
programs to assign virtual memory pages to protection domains, and to change domain …

In this paper we revisit the Spectre v1 vulnerability and software-only countermeasures.
Specifically, we systematically investigate the performance penalty and security properties of …

Hardware memory domain primitives, such as Intel MPK and ARM Memory Domain, have
been used for efficient in-process memory isolation. However, they can only provide a …

In-process compartmentalization and access control have been actively explored to provide
in-place and efficient isolation of in-process security domains. Many works have proposed …

Intra-process memory isolation is a well-known technique to enforce least privilege within a
process. In this paper, we propose a generic and efficient intra-process memory isolation …

Decomposing large systems into smaller components with limited privileges has long been
recognized as an effective means to minimize the impact of exploits. Despite historical roots …

Well-known defenses exist to detect and mitigate common faults and memory safety
vulnerabilities in software. Yet, many of these mitigations do not address the challenge of …

Rust is a popular memory-safe systems programming language. In order to interact with
hardware or call into non-Rust libraries, Rust provides unsafe language features that shift …

Inter-process isolation has been deployed in operating systems for decades, but secure intra-
process isolation remains an active research topic. Achieving secure intra-process isolation …