Current CPU architectures provide only weak support for software seg-mentation, a key underpinning for software security techniques such as sandboxing, managed languages, and static analysis. Because hardware memory segmentation is relevant mainly in the program abstraction its support has been deemphasized in modern operating systems, yet mod-ern hardware requires operating system support to use its segmentation features. This paper argues that by implementing a capability model, it is possible to safely support creation, distribution and use of segments purely in user space. Hardware support for user-mode segmentation would enable efficient sandboxing within processes, enforcement of com-piler structure, managed languages, and formal veri...
This dissertation explores the use of capability security hardware and software in real-time and lat...
Personal computer owners often want to be able to run security-critical programs on the same machine...
System security is an increasingly important design criterion for many embedded systems. These syste...
International audienceThe FPGA world recently experienced significant changes with the introduction ...
Extensible systems allow services to be configured and deployed for the specific needs of individual...
The technological evolution towards extensible software systems and component-based software develop...
Computers today are ubiquitous and closely integrated into our everyday lives. But computers are fic...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
As modern 64-bit x86 processors no longer support the segmentation capabilities of their 32-bit pred...
The need to secure software systems is more important than ever. However, while a lot of work exists...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
This paper focuses on an efficient user-level method for the deployment of application-specific exte...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
Increasingly, cyber attacks (e.g., kernel rootkits) target the inner rings of a computer system, and...
Modern applications comprise multiple components, such as browser plug-ins, often of unknown provena...
This dissertation explores the use of capability security hardware and software in real-time and lat...
Personal computer owners often want to be able to run security-critical programs on the same machine...
System security is an increasingly important design criterion for many embedded systems. These syste...
International audienceThe FPGA world recently experienced significant changes with the introduction ...
Extensible systems allow services to be configured and deployed for the specific needs of individual...
The technological evolution towards extensible software systems and component-based software develop...
Computers today are ubiquitous and closely integrated into our everyday lives. But computers are fic...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
As modern 64-bit x86 processors no longer support the segmentation capabilities of their 32-bit pred...
The need to secure software systems is more important than ever. However, while a lot of work exists...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
This paper focuses on an efficient user-level method for the deployment of application-specific exte...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
Increasingly, cyber attacks (e.g., kernel rootkits) target the inner rings of a computer system, and...
Modern applications comprise multiple components, such as browser plug-ins, often of unknown provena...
This dissertation explores the use of capability security hardware and software in real-time and lat...
Personal computer owners often want to be able to run security-critical programs on the same machine...
System security is an increasingly important design criterion for many embedded systems. These syste...