For over two-and-a-half decades, dating to the first widespread commercial deployment of the Internet, commodity processor architectures have failed to provide robust and secure foundations for communication and commerce. This is in large part due to the omission of architectural features allowing efficient implementation of the Principle of Least Privilege, which dictates that software runs only with the rights it requires to operate [19, 20]. Without this support, the impact of inevitable vulnerabilities is multiplied as successful attackers gain easy access to unnecessary rights – and often, all rights – in software systems
Computing systems are complex machines comprised of many disparate components working together to fu...
A computer system's security can be compromised in many ways—a denial-of-service attack can make a s...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
Security principles, like least privilege, are among the resources in the security body of knowledge...
Security principles, like least privilege, are among the resources in the body of knowledge for secu...
Supporting security principles, like least privilege, in a software architecture is difficult due to...
Though system security would benefit if programmers routinely followed the principle of least privil...
Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management...
A ccess control mechanisms are intended to pro-tect programs and data from corruption, yet stillallo...
I, Andrea Bittau, confirm that the work presented in this thesis is my own. Where information has be...
International audienceThe rising number of attacks targeting processors at micro-architecture level ...
This thesis presents the design, implementation, and evaluation of a novel capability operating syst...
Security principles are often neglected by software architects, due to the lack of precise definitio...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
Secure development processes integrate security-related concerns into the software development life-...
Computing systems are complex machines comprised of many disparate components working together to fu...
A computer system's security can be compromised in many ways—a denial-of-service attack can make a s...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
Security principles, like least privilege, are among the resources in the security body of knowledge...
Security principles, like least privilege, are among the resources in the body of knowledge for secu...
Supporting security principles, like least privilege, in a software architecture is difficult due to...
Though system security would benefit if programmers routinely followed the principle of least privil...
Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management...
A ccess control mechanisms are intended to pro-tect programs and data from corruption, yet stillallo...
I, Andrea Bittau, confirm that the work presented in this thesis is my own. Where information has be...
International audienceThe rising number of attacks targeting processors at micro-architecture level ...
This thesis presents the design, implementation, and evaluation of a novel capability operating syst...
Security principles are often neglected by software architects, due to the lack of precise definitio...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
Secure development processes integrate security-related concerns into the software development life-...
Computing systems are complex machines comprised of many disparate components working together to fu...
A computer system's security can be compromised in many ways—a denial-of-service attack can make a s...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...