WebAssembly is revolutionizing the approach to develo** modern applications. Although
this technology was born to create portable and performant modules in web browsers …

We describe Swivel, a new compiler framework for hardening WebAssembly (Wasm)
against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in …

The recent development of Trusted Execution Environment has brought unprecedented
opportunities for confidential computing within cloud-based systems. Among various popular …

We introduce Hardware-assisted Fault Isolation (HFI), a simple extension to existing
processors to support secure, flexible, and efficient in-process isolation. HFI addresses the …

WebAssembly (Wasm) smart contracts have shown growing popularity across blockchains
(eg, EOSIO) recently. Similar to Ethereum smart contracts, Wasm smart contracts suffer from …

The promise of software sandboxing is flexible, fast and portable isolation; capturing the
benefits of hardwarebased memory protection without requiring operating system …

This paper presents Half&Half, a novel software defense against branch-based side-
channel attacks. Half&Half isolates the effects of different protection domains on the …

The ability to safely extend OS kernel functionality is a longstanding goal in OS design, with
the widespread use of the eBPF framework in Linux and Windows demonstrating the …

WebAssembly, abbreviated as Wasm, has emerged as a new paradigm in cloud-native
developments owing to its promising properties. Native execution speed and fast startup …

Software-based fault isolation (SFI) is a longstanding technique that allows isolation of one
or more processes from each other with minimal or no use of hardware protection …