A key goal of security architectures is to separate I/O transfers of security-sensitive applications from untrusted commodity OSes and other applications, with high assurance. These architectures provide I/O kernels that assure the confidentiality and authenticity of the transmitted I/O data owned by a security sensitive application, even when commodity OSes and other applications are compromised. These kernels help eliminate security-sensitive application exposure to drivers they do not need. This is a major security advantage because drivers contribute over half of code size in commodity OS kernels.However, existing I/O kernels can only enforce I/O separation on limited hardware configurations ofcommodity platforms, if they rely on existi...
Personal computer owners often want to be able to run security-critical programs on the same machine...
We consider the problem of how to provide an execution environment where the application's secrets a...
International audienceComputer systems software and hardware architec-tures have become increasingly...
<p> Today large software systems (i.e., giants) thrive in commodity markets, but are untrustwort...
Abstract—To be trustworthy, security-sensitive applications must be formally verified and hence smal...
Device drivers on commodity operating systems execute with kernel privilege and have unfettered acce...
Device drivers on commodity operating systems execute with kernel privilege and have unfettered acce...
Due to historical reasons, today's computer systems treat I/O devices as second-class citizens, supp...
Abstract- Prevalent and popular virtualization technologies have concentrated on consolidating serve...
Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
A separation-kernel-based operating system (OS) has been designed for use in secure embedded systems...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
Personal computer owners often want to be able to run security-critical programs on the same machine...
We consider the problem of how to provide an execution environment where the application's secrets a...
International audienceComputer systems software and hardware architec-tures have become increasingly...
<p> Today large software systems (i.e., giants) thrive in commodity markets, but are untrustwort...
Abstract—To be trustworthy, security-sensitive applications must be formally verified and hence smal...
Device drivers on commodity operating systems execute with kernel privilege and have unfettered acce...
Device drivers on commodity operating systems execute with kernel privilege and have unfettered acce...
Due to historical reasons, today's computer systems treat I/O devices as second-class citizens, supp...
Abstract- Prevalent and popular virtualization technologies have concentrated on consolidating serve...
Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
A separation-kernel-based operating system (OS) has been designed for use in secure embedded systems...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
Personal computer owners often want to be able to run security-critical programs on the same machine...
We consider the problem of how to provide an execution environment where the application's secrets a...
International audienceComputer systems software and hardware architec-tures have become increasingly...