Skip to content

CCS

2023

Lost along the Way: Understanding and Mitigating Path-Misresolution Threats to Container Isolation

RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections

Hacksaw: Hardware-Centric Kernel Debloating via Device Inventory and Dependency Analysis

Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures

Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM Applications

PANIC: PAN-assisted Intra-process Memory Isolation on ARM

Whole-Program Control-Flow Path Attestation

SysXCHG: Refining Privilege with Adaptive System Call Filters

Attack surface reduction, system call filtering, adaptive filtering

SysPart: Automated Temporal System Call Filtering for Binaries

SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution

2022

Hecate: Lifting and Shifting On-Premises Workloads to an Untrusted Cloud

confidential computing; virtualization; AMD SEV-SNP

TODO

CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation

Intra-process Memory Isolation, Intel CET, Memory File Abstraction

Intel CET 101: hardware shadow stack for return address. It also provides instructions to modify shadow stacks: WRSSD (for 4 bytes) and WRSSQ (for 8 bytes).

WRSS instructions takes about 9.3 CPU cycles, faster than MPK. WRSS instructions has less influences on CPU pipelines than MPK.

Challenges:

  1. WRSS instructions require data alignment. (data combination)
  2. WRSS instructions is less efficient than MOV instruction (buffer small data writes)

CETIS provide integrity, JITed code support and strict isolation.

Detecting Missing-Permission-Check Vulnerabilities in Distributed Cloud Systems

Missing Permission Check Vulnerabilities; Distributed System

TODO

HyperDbg: Reinventing Hardware-Assisted Debugging

Hypervisor, Debugging, Kernel-debugger, Fuzzing, Malware-analysis

TODO

2017

PtrSplit: Supporting General Pointers in Automatic Program Partitioning

TODO