We consider the problem of how to provide an execution environment where the application's secrets are safe even in the presence of malicious system software layers. We propose Iso-X- A flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software. Isolation in Iso-X is achieved by creating and dynamically managing compartments (isolated software modules) to host critical fragments of code and associated data. Iso-X provides fine-grained isolation at the memory-page level, flexible allocation of memory, and a low-complexity, hardware-only trusted computing base. Iso-X requires minimal additional ...
International audienceA variety of applications are executing on a large untrusted computing base, w...
Computer systems often provide hardware support for isolation mechanisms such as privilege levels, v...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
Abstract—We consider the problem of how to provide an execution environment where the application’s ...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
Many embedded systems have relatively strong security requirements because they handle confidential ...
Hardware-assisted security solutions, and the isolation guarantees they provide, constitute the basi...
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable i...
The size and complexity of modern applications are the underlying causes of numerous security vulner...
Hardware support for isolated execution (such as Intel SGX) enables development of applications that...
<p> Today large software systems (i.e., giants) thrive in commodity markets, but are untrustwort...
Computer systems often provide hardware support for isolation mechanisms like privilege levels, virt...
Heterogeneous CPU-FPGA systems have been shown to achieve significant performance gains in domain-sp...
Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every ...
Building applications that ensure confidentiality of sensitive data is a non-trivial task. Such appl...
International audienceA variety of applications are executing on a large untrusted computing base, w...
Computer systems often provide hardware support for isolation mechanisms such as privilege levels, v...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
Abstract—We consider the problem of how to provide an execution environment where the application’s ...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
Many embedded systems have relatively strong security requirements because they handle confidential ...
Hardware-assisted security solutions, and the isolation guarantees they provide, constitute the basi...
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable i...
The size and complexity of modern applications are the underlying causes of numerous security vulner...
Hardware support for isolated execution (such as Intel SGX) enables development of applications that...
<p> Today large software systems (i.e., giants) thrive in commodity markets, but are untrustwort...
Computer systems often provide hardware support for isolation mechanisms like privilege levels, virt...
Heterogeneous CPU-FPGA systems have been shown to achieve significant performance gains in domain-sp...
Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every ...
Building applications that ensure confidentiality of sensitive data is a non-trivial task. Such appl...
International audienceA variety of applications are executing on a large untrusted computing base, w...
Computer systems often provide hardware support for isolation mechanisms such as privilege levels, v...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...