Turnitin
降AI改写
早检测系统
早降重系统
Turnitin-UK版
万方检测-期刊版
维普编辑部版
Grammarly检测
Paperpass检测
checkpass检测
PaperYY检测
Temporal system call specialization for attack surface reduction
Attack surface reduction through the removal of unnecessary application features and code
is a promising technique for improving security without incurring any additional overhead …
is a promising technique for improving security without incurring any additional overhead …
Jenny: Securing syscalls for {PKU-based} memory isolation systems
Effective syscall filtering is a key component for withstanding the numerous exploitation
techniques and privilege escalation attacks we face today. For example, modern browsers …
techniques and privilege escalation attacks we face today. For example, modern browsers …
Sysfilter: Automated system call filtering for commodity software
Modern OSes provide a rich set of services to applications, primarily accessible via the
system call API, to support the ever growing functionality of contemporary software …
system call API, to support the ever growing functionality of contemporary software …
Full-stack vulnerability analysis of the cloud-native platform
Cloud-native systems have recently emerged as one of the most popular platforms for
application development, providing lightweight virtualization, simplified DevOps procedures …
application development, providing lightweight virtualization, simplified DevOps procedures …
Automatic policy generation for {Inter-Service} access control of microservices
Cloud applications today are often composed of many microservices. To prevent a
microservice from being abused by other (compromised) microservices, inter-service access …
microservice from being abused by other (compromised) microservices, inter-service access …
Programmable system call security with ebpf
System call filtering is a widely used security mechanism for protecting a shared OS kernel
against untrusted user applications. However, existing system call filtering techniques either …
against untrusted user applications. However, existing system call filtering techniques either …
Gramine-tdx: A lightweight os kernel for confidential vms
While Confidential Virtual Machines (CVMs) have emerged as a prominent way for
hardware-assisted confidential computing, their primary usage is not suitable for small …
hardware-assisted confidential computing, their primary usage is not suitable for small …
C2c: Fine-grained configuration-driven system call filtering
Configuration options allow users to customize application features according to the desired
requirements. While the code that corresponds to disabled features is never executed, it still …
requirements. While the code that corresponds to disabled features is never executed, it still …
SoK: A comprehensive analysis and evaluation of docker container attack and defense mechanisms
Container-based applications are increasingly favored for their efficiency in software
development, deployment, and operation across various platforms. However, the growing …
development, deployment, and operation across various platforms. However, the growing …
Slimium: debloating the chromium browser with feature subsetting
Today, a web browser plays a crucial role in offering a broad spectrum of web experiences.
The most popular browser, Chromium, has become an extremely complex application to …
The most popular browser, Chromium, has become an extremely complex application to …