In this paper, we present an approach for realizing a safe execution environment (SEE) that enables users to "try out" new software (or configuration changes to existing software) without the fear of damaging the system in any manner. A key property of our SEE is that it faithfully reproduces the behavior of applications, as if they were running natively on the underlying host operating system. This is accomplished via one-way isolation: processes running within the SEE are given read-access to the environment provided by the host OS, but their write operations are prevented from escaping outside the SEE. As a result, SEE processes cannot impact the behavior of host OS processes, or the integrity of data on the host OS. Our SEE su...
Process-based separation has long been the prevalent model for providing security and isolation to p...
We describe, build, and evaluate Lockdown, a system that significantly increases the level of securi...
Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in t...
In this paper, we present an approach for realizing a safe execution environment (SEE) that enables ...
In this paper, we address the problem of safely and conveniently performing ‘‘trial’’ experiments in...
ii Protecting running applications is a hard problem. Many applications are written in a low-level l...
Software has an important role in many systems, in particular in critical systems where the correct ...
AbstractWe introduce a method, Lightweight Privilege Separation, enabling safe execution of unreliab...
Abstract—The standard loader (ld.so) is a common target of attacks. The loader is a trusted componen...
The size and complexity of modern applications are the underlying causes of numerous security vulner...
Abstract—We consider the problem of how to provide an execution environment where the application’s ...
We consider the problem of how to provide an execution environment where the application's secrets a...
A majority of critical server vulnerabilities in 2003 and 2004 were memory based [1]. Today’s advanc...
Programming has changed; programming languages have not. Modern software embraced reusable software ...
Nowadays systems that download updates from the net or let the user download third-party code for ex...
Process-based separation has long been the prevalent model for providing security and isolation to p...
We describe, build, and evaluate Lockdown, a system that significantly increases the level of securi...
Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in t...
In this paper, we present an approach for realizing a safe execution environment (SEE) that enables ...
In this paper, we address the problem of safely and conveniently performing ‘‘trial’’ experiments in...
ii Protecting running applications is a hard problem. Many applications are written in a low-level l...
Software has an important role in many systems, in particular in critical systems where the correct ...
AbstractWe introduce a method, Lightweight Privilege Separation, enabling safe execution of unreliab...
Abstract—The standard loader (ld.so) is a common target of attacks. The loader is a trusted componen...
The size and complexity of modern applications are the underlying causes of numerous security vulner...
Abstract—We consider the problem of how to provide an execution environment where the application’s ...
We consider the problem of how to provide an execution environment where the application's secrets a...
A majority of critical server vulnerabilities in 2003 and 2004 were memory based [1]. Today’s advanc...
Programming has changed; programming languages have not. Modern software embraced reusable software ...
Nowadays systems that download updates from the net or let the user download third-party code for ex...
Process-based separation has long been the prevalent model for providing security and isolation to p...
We describe, build, and evaluate Lockdown, a system that significantly increases the level of securi...
Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in t...