Software Fault Isolation with Api Integrity and Multi-Principal Modules

Software Fault Isolation with Api Integrity and Multi-Principal Modules

The security of many applications relies on the kernel being secure, but history suggests that kernel vulnerabilities are routinely discovered and exploited. In particular, exploitable vulnerabilities in kernel modules are common. This paper proposes LXFI, a system which isolates kernel modules from...

Full description

Bibliographic Details
Main Authors:	Mao, Yandong, Chen, Haogang, Zhou, Dong, Wang, Xi, Zeldovich, Nickolai, Kaashoek, M. Frans
Other Authors:	Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Format:	Article
Language:	en_US
Published:	Association for Computing Machinery (ACM) 2012
Online Access:	http://hdl.handle.net/1721.1/72580 https://orcid.org/0000-0003-0238-2703 https://orcid.org/0000-0002-2898-1686 https://orcid.org/0000-0001-7098-586X

Similar Items

Linux Kernel Vulnerabilities: State-of-the-Art Defenses and Open Problems
by: Chen, Haogang, et al.
Published: (2012)

Security bugs in embedded interpreters
by: Chen, Haogang, et al.
Published: (2014)

The K2 Architecture for Trustworthy Hardware Security Modules
by: Athalye, Anish, et al.
Published: (2023)

Retroactive auditing
by: Wang, Xi, et al.
Published: (2012)

A Software Approach to Unifying Multicore Caches
by: Boyd-Wickizer, Silas, et al.
Published: (2011)

Undefined behavior: what happened to my code?
by: Wang, Xi, et al.
Published: (2014)

Using Crash Hoare logic for certifying the FSCQ file system
by: Chen, Haogang, et al.
Published: (2021)

Intrusion Recovery Using Selective Re-execution
by: Kim, Taesoo, et al.
Published: (2011)

Improving application security with data flow assertions
by: Yip, Alexander, et al.
Published: (2011)

Certifying a file system using crash hoare logic
by: Chajed, Tej, et al.
Published: (2019)

The scalable commutativity rule: designing scalable software for multicore processors
by: Clements, Austin T., et al.
Published: (2014)

Optimizing MapReduce for Multicore Architectures
by: Kaashoek, Frans, et al.
Published: (2010)

Towards optimization-safe systems: analyzing the impact of undefined behavior
by: Wang, Xi, et al.
Published: (2014)

Extracting and Optimizing Formally Verified Code for Systems Programming
by: Ioannidis, Eleftherios, et al.
Published: (2020)

CPHASH: A cache-partitioned hash table
by: Metreveli, Zviad, et al.
Published: (2012)

Scalable Address Spaces Using Rcu Balanced Trees
by: Clements, Austin T., et al.
Published: (2012)

CPHash: A Cache-Partitioned Hash Table
by: Metreveli, Zviad, et al.
Published: (2011)

RadixVM: Scalable address spaces for multithreaded applications
by: Clements, Austin T., et al.
Published: (2014)

An Analysis of Linux Scalability to Many Cores
by: Boyd-Wickizer, Silas, et al.
Published: (2011)

Specifying crash safety for storage systems
by: Chen, Haogang, et al.
Published: (2021)

Verifying a high-performance crash-safe file system using a tree specification
by: Chen, Haogang, et al.
Published: (2021)

Hare: a file system for non-cache-coherent multicores
by: Gruenwald, Charles, et al.
Published: (2016)

Verifying concurrent, crash-safe systems with Perennial
by: Chajed, Tej, et al.
Published: (2021)

Argosy: verifying layered storage systems with recovery refinement
by: Chajed, Tej, et al.
Published: (2021)

VerSum: Verifiable Computations over Large Public Logs
by: van den Hooff, Jelle, et al.
Published: (2015)

Grove: a Separation-Logic Library for Verifying Distributed Systems
by: Sharma, Upamanyu, et al.
Published: (2023)

OpLog: a library for scaling update-heavy data structures
by: Boyd-Wickizer, Silas, et al.
Published: (2014)

Modular Verification of Secure and Leakage-Free Systems: From Application Specification to Circuit-Level Implementation
by: Athalye, Anish, et al.
Published: (2024)

Processing Analytical Queries over Encrypted Data
by: Tu, Stephen Lyle, et al.
Published: (2014)

Scaling a file system to many cores using an operation log
by: Bhat, Srivatsa S., et al.
Published: (2021)

Notary: a device for secure transaction approval
by: Athalye, Anish, et al.
Published: (2020)

Oort: User-Centric Cloud Storage with Global Queries
by: Chajed, Tej, et al.
Published: (2016)

Optimizing unit test execution in large software programs using dependency analysis
by: Kim, Taesoo, et al.
Published: (2014)

CRL: High - Performance All-Software Distributed Shared Memory*
by: Johnson, Kirk L., et al.
Published: (2023)

Design Of Multi-Modulation Baseband Modulator And Demodulator For Software Defined Radio
by: Chye, Yin Hui
Published: (2011)

Multi-period principal-agent problems
by: Ooi, Kenneth Wen Rui
Published: (2019)

Concurrency control for multiprocessor event-driven systems
by: Zeldovich, Nickolai, 1981-
Published: (2014)

6.828 Operating System Engineering, Fall 2006
by: Kaashoek, Frans
Published: (2006)

Fast in-memory storage systems : two aspects
by: Mao, Yandong
Published: (2015)

PIKA: A Network Service for Multikernel Operating Systems
by: Beckmann, Nathan Z., et al.
Published: (2014)