This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege separation within commodity operating systems by "nesting" a small memory management protection domain inside a monolithic kernel's single-address space: all the while allowing both domains to operate at the same hardware privilege level. This dissertation also demonstrates a microarchitectural return-integrity protection domain that efficiently asserts dynamic "return-to-sender" semantics for all operating system return control-flow operations. Employing these protection domains, we provide mitigations to large classes of kernel attacks such as code injection and return-oriented programming and deploy information protection policies that ar...
Modern applications often involve processing of sensitive information. However, the lack of privileg...
With reference to an embedded system featuring no support for memory management, we present a model ...
The subject of the thesis is the design and implementation of an operating system kernel for the Cam...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
The security of a computer system hinges on the trustworthiness of the operating system and the hard...
Operating system kernels isolate applications from other malicious software via protected memory cr...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Today’s operating systems are large, complex, and plagued with vulnerabilities that allow perpetrato...
The need to secure software systems is more important than ever. However, while a lot of work exists...
Malware often injects and executes new code to infect hypervisors, OSs and applications on a wide ra...
International audienceThis paper presents our work concerning flexibility and protection in operating...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
Scalable distributed systems, systems whose processing power remains proportional to the number of c...
Monolithic kernels have been the traditional design choice of many modern operating systems for prac...
As the foundation of the trusted computing base, the operating system kernel is a valuable target f...
Modern applications often involve processing of sensitive information. However, the lack of privileg...
With reference to an embedded system featuring no support for memory management, we present a model ...
The subject of the thesis is the design and implementation of an operating system kernel for the Cam...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
The security of a computer system hinges on the trustworthiness of the operating system and the hard...
Operating system kernels isolate applications from other malicious software via protected memory cr...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Today’s operating systems are large, complex, and plagued with vulnerabilities that allow perpetrato...
The need to secure software systems is more important than ever. However, while a lot of work exists...
Malware often injects and executes new code to infect hypervisors, OSs and applications on a wide ra...
International audienceThis paper presents our work concerning flexibility and protection in operating...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
Scalable distributed systems, systems whose processing power remains proportional to the number of c...
Monolithic kernels have been the traditional design choice of many modern operating systems for prac...
As the foundation of the trusted computing base, the operating system kernel is a valuable target f...
Modern applications often involve processing of sensitive information. However, the lack of privileg...
With reference to an embedded system featuring no support for memory management, we present a model ...
The subject of the thesis is the design and implementation of an operating system kernel for the Cam...