Keystone: An open framework for architecting trusted execution environments
Trusted execution environments (TEEs) see rising use in devices from embedded sensors to
cloud servers and encompass a range of cost, power constraints, and security threat model …
cloud servers and encompass a range of cost, power constraints, and security threat model …
The ideal versus the real: Revisiting the history of virtual machines and containers
A Randal - ACM Computing Surveys (CSUR), 2020 - dl.acm.org
The common perception in both academic literature and industry today is that virtual
machines offer better security, whereas containers offer better performance. However, a …
machines offer better security, whereas containers offer better performance. However, a …
Accountable algorithms
JA Kroll - 2015 - search.proquest.com
Important decisions about people are increasingly made by algorithms: Votes are counted;
voter rolls are purged; financial aid decisions are made; taxpayers are chosen for audits; air …
voter rolls are purged; financial aid decisions are made; taxpayers are chosen for audits; air …
Control jujutsu: On the weaknesses of fine-grained control flow integrity
Control flow integrity (CFI) has been proposed as an approach to defend against control-
hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets …
hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets …
Hodor:{Intra-Process} isolation for {High-Throughput} data plane libraries
As network, I/O, accelerator, and NVM devices capable of a million operations per second
make their way into data centers, the software stack managing such devices has been …
make their way into data centers, the software stack managing such devices has been …
Sok: Runtime integrity
This paper provides a systematic exploration of Control Flow Integrity (CFI) and Control Flow
Attestation (CFA) mechanisms, examining their differences and relationships. It addresses …
Attestation (CFA) mechanisms, examining their differences and relationships. It addresses …
{PAC} it up: Towards pointer integrity using {ARM} pointer authentication
Run-time attacks against programs written in memory-unsafe programming languages (eg,
C and C++) remain a prominent threat against computer systems. The prevalence of …
C and C++) remain a prominent threat against computer systems. The prevalence of …
ISA Semantics for ARMv8-a, RISC-v, and CHERI-MIPS
Architecture specifications notionally define the fundamental interface between hardware
and software: the envelope of allowed behaviour for processor implementations, and the …
and software: the envelope of allowed behaviour for processor implementations, and the …
Missing the point (er): On the effectiveness of code pointer integrity
I Evans, S Fingeret, J Gonzalez… - … IEEE Symposium on …, 2015 - ieeexplore.ieee.org
Memory corruption attacks continue to be a major vector of attack for compromising modern
systems. Numerous defenses have been proposed against memory corruption attacks, but …
systems. Numerous defenses have been proposed against memory corruption attacks, but …
Donky: Domain Keys–Efficient {In-Process} Isolation for {RISC-V} and x86
D Schrammel, S Weiser, S Steinegger… - 29th USENIX Security …, 2020 - usenix.org
Efficient and secure in-process isolation is in great demand, as evidenced in the shift
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …