Abstract Intel's Software Guard Extensions (SGX) is a set of extensions to the Intel
architecture that aims to provide integrity and privacy guarantees to security-sensitive …

Sanctum offers the same promise as Intel's Software Guard Extensions (SGX), namely
strong provable isolation of software modules running concurrently and sharing resources …

This paper analyzes the vulnerability space arising in Trusted Execution Environments
(TEEs) when interfacing a trusted enclave application with untrusted, potentially malicious …

In recent years, the deployment of many application-level countermeasures against memory
errors and the increasing number of vulnerabilities discovered in the kernel has fostered a …

Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge
coverage to guide the fuzzing process, which has shown great potential in finding …

RedLeaf is a new operating system developed from scratch in Rust to explore the impact of
language safety on operating system organization. In contrast to commodity systems …

While kernel drivers have long been know to poses huge security risks, due to their
privileged access and lower code quality, bug-finding tools for drivers are still greatly lacking …

The operation system kernel is the foundation of the whole system and is often the de facto
trusted computing base for many higher level security mechanisms. Unfortunately, kernel …

This paper studies an emerging class of software bugs called optimization-unstable code:
code that is unexpectedly discarded by compiler optimizations due to undefined behavior in …

Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user
space. In response, several kernel-hardening approaches have been proposed to enforce a …