Add to ORKGIntra-process memory isolation can improve security by enforcing least-privilege at a finer granularity than traditional operating system controls without the context-switch overhead associated with inter-process communication. Because the process has traditionally been a fundamental security boundary, assigning different levels of trust to components within a process is a fundamental change in secure systems design. However, so far there has been little research on the challenges of securely implementing intra-process isolation on top of existing operating system abstractions. We find that frequently-used assumptions in secure system design do not precisely hold under realistic conditions, and that these discrepancies lead to exploitable v...
We present in this paper the security features of Think, an ob ject-oriented architecture dedicated ...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
Sanctum offers the same promise as SGX, namely strong provable isolation of software modules running...
Many attacks on modern software begin when the application processes untrusted data. Often attackers...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
Today’s operating systems are large, complex, and plagued with vulnerabilities that allow perpetrato...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
The most common cyber-attack vector is exploit of software vulnerability. Despite much efforts towar...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
Monolithic kernels have been the traditional design choice of many modern operating systems for prac...
Operating system kernels isolate applications from other malicious software via protected memory cr...
Modern operating systems are often the target of attacks that exploit vulnerabilities to escalate th...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
Modern applications often involve processing of sensitive information. However, the lack of privileg...
We present in this paper the security features of Think, an ob ject-oriented architecture dedicated ...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
Sanctum offers the same promise as SGX, namely strong provable isolation of software modules running...
Many attacks on modern software begin when the application processes untrusted data. Often attackers...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
Today’s operating systems are large, complex, and plagued with vulnerabilities that allow perpetrato...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
The most common cyber-attack vector is exploit of software vulnerability. Despite much efforts towar...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
Monolithic kernels have been the traditional design choice of many modern operating systems for prac...
Operating system kernels isolate applications from other malicious software via protected memory cr...
Modern operating systems are often the target of attacks that exploit vulnerabilities to escalate th...
Consumer devices are increasingly being used to perform security and privacy critical tasks. The sof...
Modern applications often involve processing of sensitive information. However, the lack of privileg...
We present in this paper the security features of Think, an ob ject-oriented architecture dedicated ...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
Sanctum offers the same promise as SGX, namely strong provable isolation of software modules running...