A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Enclave-Aware Compartmentalization and Secure Sharing with Sirius
[article]
2020
arXiv
pre-print
Preserved Fulltext
Other Versions
We introduce Sirius, the first compartmentalization framework that achieves strong isolation and secure sharing in TEE-assisted applications by controlling the dataflows within primary kernel objects ( ...
This lack of information causes an ever-increasing set of attacks on TEE-enabled applications that exploit various insecure interactions with the host OSs, applications, or other enclaves. ...
We implemented a hash table-based registry to make operations (store/set/get/remove) on these data structures more efficient. ...
arXiv:2009.01869v3
fatcat:bgqsmluzdjdkxliiun6ttijqty
The Clouds distributed operating system
1991
Computer
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
The Clouds operating system is built on top of a kernel called Ra. Ra ís a second generation kernel derived from our experience with the first version of the Clouds operating system. ...
Rø is a minimal, flexible kernel that provides a framework for implementing a variety of distributed operating systems. ...
The Design and Implementation of the Clouds Distibuted Operating Systeru 43 ...
doi:10.1109/2.116849
fatcat:bkfhux2msbfc5cn3skt7d33ubq
Grasshopper: An Orthogonally Persistent Operating System
1994
Computing Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Acknowledgments V/e would like to thank Karen Wyrwas, Alex Farkas, Stephen Norris, Fred Brown and David Hulse for comments on earlier versions of this paper. ...
The intemal state of kernel data structures also forms part of the state of a user program. For example, the granting of capabilities to loci must be recorded. ...
It would seem that the implementation of a single partitioning scheme would be more efficient than the use of separate schemes to support each management requirement. ...
dblp:journals/csys/DearleBFHLRV94
fatcat:awiyt5p4jvdsncddksvrgasx34
Analysis of three multilevel security architectures
2007
Proceedings of the 2007 ACM workshop on Computer security architecture - CSAW '07
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
We introduce the Least Privilege architecture, which incorporates security features from the recent "Separation Kernel Protection Profile," and show how it can provide several unique aspects of security ...
This paper provides an analysis of the relative merits of three architectural types -one based on a security kernel, another based on a traditional separation kernel, and a third based on a least-privilege ...
At least one of the partitions is allowed (via PK configuration data) to read and write data in all of the other partitions. ...
doi:10.1145/1314466.1314473
dblp:conf/ccs/LevinIWN07
fatcat:pvyu3olitnc5bp7rfstjauujwq
Parallel programming inPanda
1995
Journal of Supercomputing
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
The problem of sharing data in a distributed environment is discussed, and the performance of appropriate mechanisms provided by the PANDA prototype implementation is assessed. ...
PANDA supplies means for fast user-level threads, and for a transparent and coordinated sharing of objects across a homogeneous network. ...
The simulation shares data at the level of small objects, each protected by a lock. ...
doi:10.1007/bf01245398
fatcat:4pbinhfjjfbvdh6ygzj3gskb3u
kMVX
2019
Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS '19
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Traditional MVX designs cannot be applied to kernels because of their assumptions on the run-time environment. kMVX, on the other hand, can be applied even to commodity kernels. ...
We show our Linux-based prototype provides powerful protection against information leaks at acceptable performance overhead (20-50% in the worst case for popular server applications). ...
The funding agencies are not responsible for any use that may be made of the information it contains. ...
doi:10.1145/3297858.3304054
dblp:conf/asplos/OsterlundKOBBG19
fatcat:dokkcvtczbe4fgwd3ht77myrka
DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors
2018
2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We are grateful to Carl Waldspurger for his valuable feedback on the initial design as well as the final presentation of this paper. ...
the efficient sizes of protection domains for a given workload. ...
This allows the kernel to efficiently copy from warm cache lines, but preserves isolation. ...
doi:10.1109/micro.2018.00083
dblp:conf/micro/KirianskyLADE18
fatcat:dcxkoz3pdzbujorqukwpmeocw4
Shielding Software From Privileged Side-Channel Attacks
2018
USENIX Security Symposium
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Shielding systems such as InkTag, Haven, and Virtual Ghost protect sensitive application data from compromised OS kernels. However, such systems are still vulnerable to side-channel attacks. ...
via side channels. ...
in the processor to steal data and then exfiltrates the stolen data via existing side channels. ...
dblp:conf/uss/DongSCCD18
fatcat:3gvp7yemobcr3ps5v2im7jae5y
Mils Compliant Software Architecture For Satellites
2016
International Conference on High Performance Embedded Architectures and Compilers
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. ...
Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. ...
ACKNOWLEDGMENTS The authors thank the ESA for supporting the study Software Elements for Security Partition Communication Controller through a research fund. ...
doi:10.5281/zenodo.47973
dblp:conf/hipeac/HerpelKMESK16
fatcat:oetxwwhn2raefd5zrsb63fa2ua
A multi-layered approach to security in high assurance systems
2004
37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2004; you can also visit the original URL.
The file type is application/pdf.
Past efforts at designing and implementing ultra high assurance systems for government security and safety have centered on the concept of a monolithic security kernel responsible for a system-wide security ...
The framework supports multiple levels of safety and multiple levels of security, based on the principle of creating separate layers of responsibility and control, with each layer responsible for enforcing ...
Instructions and data are accessed via a memory map that is controlled by the PK. All partitions are separated in time through the partition scheduler in the kernel. ...
doi:10.1109/hicss.2004.1265709
dblp:conf/hicss/Alves-FossTO04
fatcat:4vrbgao35bhhjjdrnos5ss5l7i
A security architecture for transient trust
2008
Proceedings of the 2nd ACM workshop on Computer security architectures - CSAW '08
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Interaction among subjects in different partitions is controlled by a high assurance separation kernel, and efficient use of devices is achieved through the application of a three-part device model. ...
Allocated to partitions, these domains are entered via a high integrity trusted path service located in a separate trusted partition. ...
" that is protected by a highly robust separation kernel ...
doi:10.1145/1456508.1456510
dblp:conf/ccs/IrvineLCN08
fatcat:yqjtytmbkjdgdnh5yysg7dd3ta
Inter-kernel Communication between Multiple Kernels on Multicore Machines
2009
IPSJ Online Transactions
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
The mechanism has been integrated into another mechanism called SHIMOS that partitions the CPUs, the memory, and I/O devices. ...
Several sets of benchmark results demonstrate that SHIMOS is faster than modern virtual machines. For system calls, SHIMOS achieves about seven times faster than the Xen virtual machine. ...
Acknowledgments This work is partially supported by a CREST project of JST (Japan Science and Technology). ...
doi:10.2197/ipsjtrans.2.261
fatcat:aiqfbpbyyrc5bddyd4xetjtlny
Efficient Monte Carlo Sampler for Detecting Parametric Objects in Large Scenes
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2013; you can also visit the original URL.
The file type is application/pdf.
Point processes have demonstrated efficiency and competitiveness when addressing object recognition problems in vision. ...
The performances of the sampler are analyzed through a set of experiments on various object recognition problems from large scenes, and through comparisons to the existing algorithms. ...
Note also that the hierarchical partitioning of K protects the sample from mosaic effects. ...
doi:10.1007/978-3-642-33712-3_39
fatcat:tfd25glhzrd6bcgfmpzenbmqeu
A New Approach to Memory Partitioning in On-Board Spacecraft Software
[chapter]
2008
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL.
The file type is application/pdf.
Both approaches provide safe memory partitioning with less overhead than current IMA techniques. ...
Two alternative approaches are discussed in the paper, based on some features of Ada and state-of-the art compilation tool-chains. ...
The meta-linker also creates some data structures describing the layout of the partition. This information is needed by the kernel to adjust the fence registers in each context switch. ...
doi:10.1007/978-3-540-68624-8_1
fatcat:iupueqlgj5fetbadfnzbbgukne
Using a Multi-Tasking VM for Mobile Applications
2016
Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications - HotMobile '16
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
This paper discusses the potential benifits of switching Android's single VM per application runtime environment to a multi-tasking VM environment. ...
A multi-tasking VM is a type of a Java virtual machine with the ability to execute multiple Java applications in one memory space. It does so by isolating the applications to prevent interferences. ...
For example, Android's messaging objects, Intent or Message, transfer their data object Bundle via Android's Binder calls. ...
doi:10.1145/2873587.2873596
dblp:conf/wmcsa/YanCDKZ16
fatcat:hin5dztjhzcrlhvft5uyzfi4mq
« Previous
Showing results 1 — 15 out of 10,540 results