WebAssembly is revolutionizing the approach to develo** modern applications. Although
this technology was born to create portable and performant modules in web browsers …

WebAssembly (abbreviated as Wasm) was initially introduced for the Web and quickly
extended its reach into various domains beyond the Web. To create Wasm applications …

This paper presents Half&Half, a novel software defense against branch-based side-
channel attacks. Half&Half isolates the effects of different protection domains on the …

Decomposing large systems into smaller components with limited privileges has long been
recognized as an effective means to minimize the impact of exploits. Despite historical roots …

Compilers face an intrinsic tradeoff between compilation speed and code quality. The
tradeoff is particularly stark in a dynamic setting where JIT compilation time contributes to …

Efficient cloud computing relies on in-process isolation to optimize performance by running
workloads within a single process. Without heavy-weight process isolation, memory safety …

A surge in the number, complexity, and automation of targeted security attacks has triggered
a wave of interest in hardware support for isolation. Intel memory protection keys (MPK) …

Modern GPU applications, such as machine learning (ML) frameworks, can only partially
utilize beefy GPUs, leading to GPU underutilization in cloud environments. Sharing GPUs …

WebAssembly runtimes embed compilers to compile WebAssembly code into machine code
for execution. These compilers use various compiler rules to define how to optimize and …

Undefined behavior in C often causes devastating security vulnerabilities. One practical
mitigation is compartmentalization, which allows developers to structure large programs into …