Add to ORKGExecuting untrusted code while preserving security requiresenforcement of memory and control-flow safety policies:untrusted code must be prevented from modifying memory orexecuting code except as explicitly allowed. Software-basedfault isolation (SFI) or \"sandboxing\" enforces thosepolicies by rewriting the untrusted code at the level ofindividual instructions. However, the original sandboxingtechnique of Wahbe et al. is applicable only to RISCarchitectures, and other previous work is either insecure,or has been not described in enough detail to giveconfidence in its security properties. We present a noveltechnique that allows sandboxing to be easily applied to aCISC architecture like the IA-32. The technique can beverified to have bee...
Abstract—Interface-confinement is a common mechanism that secures untrusted code by executing it ins...
Modern-day imperative programming languages such as C++, C# and Java offer protection facilities suc...
Existing approaches to providing security for untrusted JavaScript include isolation of capabilities...
Executing untrusted code while preserving security requires that thecode be prevented from modifying...
Part 6: Software SecurityInternational audienceDynamically-linked libraries are widely adopted in ap...
The applications we use today are developed as a combination of first-party code and code borrowed f...
Abstract—The standard loader (ld.so) is a common target of attacks. The loader is a trusted componen...
International audienceSoftware Fault Isolation (SFI) consists in transforming un-trusted code so tha...
Flaws in the standard libraries of secure sandboxes represent a major security threat to billions of...
Abstract. Applications written in low-level languages without type or memory safety are prone to mem...
Binary code from untrusted sources remains one of the primary vehicles for malicious software attack...
Binary code from untrusted sources remains one of the primary vehicles for malicious software attack...
ManuscriptWe have designed and implemented ARMor, a system that uses software fault isolation (SFI) ...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Secure compilers generate compiled code that withstands many target-level attacks such as alteration...
Abstract—Interface-confinement is a common mechanism that secures untrusted code by executing it ins...
Modern-day imperative programming languages such as C++, C# and Java offer protection facilities suc...
Existing approaches to providing security for untrusted JavaScript include isolation of capabilities...
Executing untrusted code while preserving security requires that thecode be prevented from modifying...
Part 6: Software SecurityInternational audienceDynamically-linked libraries are widely adopted in ap...
The applications we use today are developed as a combination of first-party code and code borrowed f...
Abstract—The standard loader (ld.so) is a common target of attacks. The loader is a trusted componen...
International audienceSoftware Fault Isolation (SFI) consists in transforming un-trusted code so tha...
Flaws in the standard libraries of secure sandboxes represent a major security threat to billions of...
Abstract. Applications written in low-level languages without type or memory safety are prone to mem...
Binary code from untrusted sources remains one of the primary vehicles for malicious software attack...
Binary code from untrusted sources remains one of the primary vehicles for malicious software attack...
ManuscriptWe have designed and implemented ARMor, a system that uses software fault isolation (SFI) ...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Secure compilers generate compiled code that withstands many target-level attacks such as alteration...
Abstract—Interface-confinement is a common mechanism that secures untrusted code by executing it ins...
Modern-day imperative programming languages such as C++, C# and Java offer protection facilities suc...
Existing approaches to providing security for untrusted JavaScript include isolation of capabilities...