We present Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and
constrained attacks to leak arbitrary data across address spaces and privilege boundaries …

As network, I/O, accelerator, and NVM devices capable of a million operations per second
make their way into data centers, the software stack managing such devices has been …

Attackers leverage memory corruption vulnerabilities to establish primitives for reading from
or writing to the address space of a vulnerable process. These primitives form the foundation …

Researchers have shown that recent CPU extensions support practical, low-overhead driver
isolation to protect kernels from defects and vulnerabilities in device drivers. With …

Microkernels have been extensively studied over decades. However, IPC (Inter-Process
Communication) is still a major factor of runtime overhead, where fine-grained isolation …

Commodity operating systems execute core kernel subsystems in a single address space
along with hundreds of dynamically loaded extensions and device drivers. Lack of isolation …

As a lightweight, flexible, and high-performance operating system virtualization, containers
are used to speed up the big data platform. However, due to the imperfection of the resource …

Modern enterprises increasingly take advantage of cloud infrastructures. Yet, outsourcing
code and data into the cloud requires enterprises to trust cloud providers not to meddle with …

Transient-execution attacks, such as Meltdown and Spectre, exploit performance
optimizations in modern CPUs to enable unauthorized access to data across protection …

Today's cloud tenants are facing severe security threats such as compromised hypervisors,
which forces a strong adversary model where the hypervisor should be excluded out of the …