WebAssembly is revolutionizing the approach to develo** modern applications. Although
this technology was born to create portable and performant modules in web browsers …

WebAssembly (abbreviated as Wasm) was initially introduced for the Web and quickly
extended its reach into various domains beyond the Web. To create Wasm applications …

This paper presents Half&Half, a novel software defense against branch-based side-
channel attacks. Half&Half isolates the effects of different protection domains on the …

Software-based fault isolation (SFI) is a longstanding technique that allows isolation of one
or more processes from each other with minimal or no use of hardware protection …

Compilers face an intrinsic tradeoff between compilation speed and code quality. The
tradeoff is particularly stark in a dynamic setting where JIT compilation time contributes to …

Decomposing large systems into smaller components with limited privileges has long been
recognized as an effective means to minimize the impact of exploits. Despite historical roots …

Browsers, Library OSes, and system emulators rely on sandboxes and in-process isolation
to emulate system resources and securely isolate untrusted components. All access to …

Efficient cloud computing relies on in-process isolation to optimize performance by running
workloads within a single process. Without heavy-weight process isolation, memory safety …

A surge in the number, complexity, and automation of targeted security attacks has triggered
a wave of interest in hardware support for isolation. Intel memory protection keys (MPK) …

Undefined behavior in C often causes devastating security vulnerabilities. One practical
mitigation is compartmentalization, which allows developers to structure large programs into …