Although modern computer systems process increasing amounts of sensitive, private, and valuable information, most of today’s operating systems (OSs) fail to protect confidential data against unauthorized disclosure over covert channels. Securing the large code bases of these OSs and checking the secured code for the absence of covert channels would come at enormous costs. Microkernels significantly reduce the necessarily trusted code. However, cost-efficient, provable confidential-data protection in microkernel-based systems is still challenging. This thesis makes two central contributions to the provable protection of confidential data against disclosure over covert channels: • A budget-enforcing, fixed-priority scheduler that provab...
This thesis proposes a formal methodology for defining, specifying, and reasoning about micro-polici...
International audienceTiming side-channels are an identified threat for security critical software. ...
Recent developments on hardware-based trusted execution environments, such as the Software Guard Ext...
Although modern computer systems process increasing amounts of sensitive, private, and valuable info...
Microarchitectural timing channels exploit resource contentions on a shared hardware platform to cau...
Microarchitectural timing channels enable unwanted information flow across security boundaries, viol...
This paper presents timing compartments, a hardware architecture abstraction that eliminates m...
Content file updated by author on 15 January 2015.Timing channels pose a real security risk, but met...
none5siMicroarchitectural timing channels use variations in the timing of events, resulting from com...
Shared microarchitectural state is a target for side-channel attacks that leverage timing measuremen...
This paper reviews the concepts and mechanisms used to improve security in general purpose operating...
Most of today's widely used operating systems are based on a monolithic design and have a very large...
International audienceNumerous timing side-channels attacks have been proposed in the recent years, ...
This electronic version was submitted by the student author. The certified thesis is available in th...
International audienceCache-based attacks are a class of side-channel attacks that are particularly ...
This thesis proposes a formal methodology for defining, specifying, and reasoning about micro-polici...
International audienceTiming side-channels are an identified threat for security critical software. ...
Recent developments on hardware-based trusted execution environments, such as the Software Guard Ext...
Although modern computer systems process increasing amounts of sensitive, private, and valuable info...
Microarchitectural timing channels exploit resource contentions on a shared hardware platform to cau...
Microarchitectural timing channels enable unwanted information flow across security boundaries, viol...
This paper presents timing compartments, a hardware architecture abstraction that eliminates m...
Content file updated by author on 15 January 2015.Timing channels pose a real security risk, but met...
none5siMicroarchitectural timing channels use variations in the timing of events, resulting from com...
Shared microarchitectural state is a target for side-channel attacks that leverage timing measuremen...
This paper reviews the concepts and mechanisms used to improve security in general purpose operating...
Most of today's widely used operating systems are based on a monolithic design and have a very large...
International audienceNumerous timing side-channels attacks have been proposed in the recent years, ...
This electronic version was submitted by the student author. The certified thesis is available in th...
International audienceCache-based attacks are a class of side-channel attacks that are particularly ...
This thesis proposes a formal methodology for defining, specifying, and reasoning about micro-polici...
International audienceTiming side-channels are an identified threat for security critical software. ...
Recent developments on hardware-based trusted execution environments, such as the Software Guard Ext...