Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleApril 2019
Safer Program Behavior Sharing Through Trace Wringing
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 1059–1072https://doi.org/10.1145/3297858.3304074When working towards application-tuned systems, developers often find themselves caught between the need to share information (so that partners can make intelligent design choices) and the need to hide information (to protect proprietary methods or ...
- research-articleApril 2019
ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 545–558https://doi.org/10.1145/3297858.3304073Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integrity-based defenses, these solutions are vulnerable to probing attacks which ...
- research-articleApril 2019
Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 395–410https://doi.org/10.1145/3297858.3304060This paper describes context-sensitive fencing (CSF), a microcode-level defense against multiple variants of Spectre. CSF leverages the ability to dynamically alter the decoding of the instruction stream, to seamlessly inject new micro-ops, including ...
- research-articleApril 2019
kMVX: Detecting Kernel Information Leaks with Multi-variant Execution
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 559–572https://doi.org/10.1145/3297858.3304054Kernel information leak vulnerabilities are a major security threat to production systems. Attackers can exploit them to leak confidential information such as cryptographic keys or kernel pointers. Despite efforts by kernel developers and researchers, ...
- research-articleApril 2019Best Paper
CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment
- Brooks Davis,
- Robert N. M. Watson,
- Alexander Richardson,
- Peter G. Neumann,
- Simon W. Moore,
- John Baldwin,
- David Chisnall,
- Jessica Clarke,
- Nathaniel Wesley Filardo,
- Khilan Gudka,
- Alexandre Joannou,
- Ben Laurie,
- A. Theodore Markettos,
- J. Edward Maste,
- Alfredo Mazzinghi,
- Edward Tomasz Napierala,
- Robert M. Norton,
- Michael Roe,
- Peter Sewell,
- Stacey Son,
- Jonathan Woodruff
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 379–393https://doi.org/10.1145/3297858.3304042The CHERI architecture allows pointers to be implemented as capabilities (rather than integer virtual addresses) in a manner that is compatible with, and strengthens, the semantics of the C language. In addition to the spatial protections offered by ...
- research-articleApril 2019
Morpheus: A Vulnerability-Tolerant Secure Architecture Based on Ensembles of Moving Target Defenses with Churn
- Mark Gallagher,
- Lauren Biernacki,
- Shibo Chen,
- Zelalem Birhanu Aweke,
- Salessawi Ferede Yitbarek,
- Misiker Tadesse Aga,
- Austin Harris,
- Zhixing Xu,
- Baris Kasikci,
- Valeria Bertacco,
- Sharad Malik,
- Mohit Tiwari,
- Todd Austin
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 469–484https://doi.org/10.1145/3297858.3304037Attacks often succeed by abusing the gap between program and machine-level semantics-- for example, by locating a sensitive pointer, exploiting a bug to overwrite this sensitive data, and hijacking the victim program's execution. In this work, we take ...
- research-articleApril 2019
Fast and Scalable VMM Live Upgrade in Large Cloud Infrastructure
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 93–105https://doi.org/10.1145/3297858.3304034High availability is the most important and challenging problem for cloud providers. However, virtual machine monitor (VMM), a crucial component of the cloud infrastructure, has to be frequently updated and restarted to add security patches and new ...
- research-articleApril 2019
Heterogeneous Isolated Execution for Commodity GPUs
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 455–468https://doi.org/10.1145/3297858.3304021Traditional CPUs and cloud systems based on them have embraced the hardware-based trusted execution environments to securely isolate computation from malicious OS or hardware attacks. However, GPUs and their cloud deployments have yet to include such ...
- research-articleApril 2019
X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers
- Zhiming Shen,
- Zhen Sun,
- Gur-Eyal Sela,
- Eugene Bagdasaryan,
- Christina Delimitrou,
- Robbert Van Renesse,
- Hakim Weatherspoon
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating SystemsPages 121–135https://doi.org/10.1145/3297858.3304016"Cloud-native" container platforms, such as Kubernetes, have become an integral part of production cloud environments. One of the principles in designing cloud-native applications is called Single Concern Principle, which suggests that each container ...
