As network, I/O, accelerator, and NVM devices capable of a million operations per second make their way into data centers, the software stack managing such devices has been shifting from implementations within the operating system kernel to more specialized kernel-bypass approaches. While the in-kernel approach guarantees both safety and fairness, it imposes too much overhead on microsecond-scale tasks. Kernel-bypass approaches improve throughput substantially but sacrifice safety and complicate resource management: if applications are mutually untrusting, then either each application must have exclusive access to its own device or else the device itself must implement resource management. This paper shows how to attain both safety and p...
The need to secure software systems is more important than ever. However, while a lot of work exists...
Virtual memory is a classic computer science abstraction and is ubiquitous in all scales of computin...
Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user space. ...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
The conventional wisdom is that aggressive networking requirements, such as high packet rates for sm...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
Abstract A single address space operating system is an excellent environment for the im-plementation...
Intel Memory Protection Keys (MPK) is a new hardware primitive to support thread-local permission co...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
In many instances of virtual machine deployments today, virtual machine instances are created to sup...
Monolithic operating system designs undermine the security of computing systems by allowing single e...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attac...
Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating...
The need to secure software systems is more important than ever. However, while a lot of work exists...
Virtual memory is a classic computer science abstraction and is ubiquitous in all scales of computin...
Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user space. ...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
The conventional wisdom is that aggressive networking requirements, such as high packet rates for sm...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
Abstract A single address space operating system is an excellent environment for the im-plementation...
Intel Memory Protection Keys (MPK) is a new hardware primitive to support thread-local permission co...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
In many instances of virtual machine deployments today, virtual machine instances are created to sup...
Monolithic operating system designs undermine the security of computing systems by allowing single e...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attac...
Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating...
The need to secure software systems is more important than ever. However, while a lot of work exists...
Virtual memory is a classic computer science abstraction and is ubiquitous in all scales of computin...
Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user space. ...