Because large, complex systems inevitably contain se-curity vulnerabilities, it is important to mitigate their impact. One of the most effective methods for doing so is privilege separation, the separation of an application into modules such that the compromise of one module grants the attacker only the limited privileges possessed by that module. However, the traditional hardware ad-dress space mechanism used to isolate processes exhibits high communication overhead between modules, mak-ing it impractical for fine-grained privilege separation. Software-based fault isolation (SFI) largely eliminates communication overhead, but provides less effective iso-lation and imposes substantial complexity and runtime overhead. Hard Object, a hybrid h...
As modern 64-bit x86 processors no longer support the segmentation capabilities of their 32-bit pred...
Reference protection mechanisms are commonly used to isolate and to provide protection for component...
International audienceToubkal is a new hardware architecture which provides secure, efficient and fl...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
Extensible applications rely upon user-supplied, untrusted modules to extend their func-tionality. T...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable i...
Modern computing systems that enable increasingly smart and complex applications permeate our daily ...
Our society increasingly depends on computing devices. Customers rely on laptops and mobile devices ...
Today's complex software systems are neither secure nor reliable. The rudimentary software protectio...
The amount of trust that can be placed in commodity computing platforms is limited by the likelihood...
Abstract—We consider the problem of how to provide an execution environment where the application’s ...
Having strong built-in security features has become a paramount requirement in any system. There is ...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
We consider the problem of how to provide an execution environment where the application's secrets a...
As modern 64-bit x86 processors no longer support the segmentation capabilities of their 32-bit pred...
Reference protection mechanisms are commonly used to isolate and to provide protection for component...
International audienceToubkal is a new hardware architecture which provides secure, efficient and fl...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
Extensible applications rely upon user-supplied, untrusted modules to extend their func-tionality. T...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable i...
Modern computing systems that enable increasingly smart and complex applications permeate our daily ...
Our society increasingly depends on computing devices. Customers rely on laptops and mobile devices ...
Today's complex software systems are neither secure nor reliable. The rudimentary software protectio...
The amount of trust that can be placed in commodity computing platforms is limited by the likelihood...
Abstract—We consider the problem of how to provide an execution environment where the application’s ...
Having strong built-in security features has become a paramount requirement in any system. There is ...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
We consider the problem of how to provide an execution environment where the application's secrets a...
As modern 64-bit x86 processors no longer support the segmentation capabilities of their 32-bit pred...
Reference protection mechanisms are commonly used to isolate and to provide protection for component...
International audienceToubkal is a new hardware architecture which provides secure, efficient and fl...