Modern applications comprise multiple components, such as browser plug-ins, often of unknown provenance and quality. Statistics show that failure of such components accounts for a high percentage of software faults. Enabling isolation of such fine-grained components is therefore necessary to increase the robustness and resilience of security-critical and safety-critical computer systems. In this paper, we evaluate whether such fine-grained components can be sandboxed through the use of the hardware virtualization support available in modern Intel and AMD processors. We compare the performance and functionality of such an approach to two previous software based approaches. The results demonstrate that hardware isolation minimizes the difficu...
ManuscriptWe have designed and implemented ARMor, a system that uses software fault isolation (SFI) ...
The times when malware was mostly written by curious teenagers are long gone. Nowadays, threats come...
While security has become important in embedded systems, commodity operating systems often fail in e...
Modern applications comprise multiple components, such as browser plug-ins, often of unknown provena...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
Abstract—Network has been widely applied in all aspects of life with time. Spread of malicious progr...
Many software applications extend their functionality by dynamically loading libraries into their al...
While security has become important in embedded systems, commodity operating systems often fail in e...
This research effort examines the idea of applying virtualization hardware to enhance operating syst...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
It is more expensive and time consuming to build modern software without extensive supply chains. Su...
peer-reviewedTrusted Computing is a relatively new approach to computer security in which a system s...
Hardware and software do not operate in isolation. Neither should they be regarded as such when secu...
As systems become larger and more complex, the need to optimise the infrastructure in favour of reli...
Computer security aims at protecting confidentiality, in-tegrity, and availability of sensitive info...
ManuscriptWe have designed and implemented ARMor, a system that uses software fault isolation (SFI) ...
The times when malware was mostly written by curious teenagers are long gone. Nowadays, threats come...
While security has become important in embedded systems, commodity operating systems often fail in e...
Modern applications comprise multiple components, such as browser plug-ins, often of unknown provena...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
Abstract—Network has been widely applied in all aspects of life with time. Spread of malicious progr...
Many software applications extend their functionality by dynamically loading libraries into their al...
While security has become important in embedded systems, commodity operating systems often fail in e...
This research effort examines the idea of applying virtualization hardware to enhance operating syst...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
It is more expensive and time consuming to build modern software without extensive supply chains. Su...
peer-reviewedTrusted Computing is a relatively new approach to computer security in which a system s...
Hardware and software do not operate in isolation. Neither should they be regarded as such when secu...
As systems become larger and more complex, the need to optimise the infrastructure in favour of reli...
Computer security aims at protecting confidentiality, in-tegrity, and availability of sensitive info...
ManuscriptWe have designed and implemented ARMor, a system that uses software fault isolation (SFI) ...
The times when malware was mostly written by curious teenagers are long gone. Nowadays, threats come...
While security has become important in embedded systems, commodity operating systems often fail in e...