The common perception in both academic literature and industry today is that virtual
machines offer better security, whereas containers offer better performance. However, a …

Trusted execution environments (TEEs) see rising use in devices from embedded sensors to
cloud servers and encompass a range of cost, power constraints, and security threat model …

Important decisions about people are increasingly made by algorithms: Votes are counted;
voter rolls are purged; financial aid decisions are made; taxpayers are chosen for audits; air …

Software security defenses are routinely broken by the persistence of both security
researchers and attackers. Hardware solutions based on tagging are emerging as a …

As network, I/O, accelerator, and NVM devices capable of a million operations per second
make their way into data centers, the software stack managing such devices has been …

Run-time attacks against programs written in memory-unsafe programming languages (eg,
C and C++) remain a prominent threat against computer systems. The prevalence of …

Control flow integrity (CFI) has been proposed as an approach to defend against control-
hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets …

Architecture specifications notionally define the fundamental interface between hardware
and software: the envelope of allowed behaviour for processor implementations, and the …

Efficient and secure in-process isolation is in great demand, as evidenced in the shift
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …

Memory corruption attacks continue to be a major vector of attack for compromising modern
systems. Numerous defenses have been proposed against memory corruption attacks, but …