CCS
2023
Lost along the Way: Understanding and Mitigating Path-Misresolution Threats to Container Isolation
RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections
Hacksaw: Hardware-Centric Kernel Debloating via Device Inventory and Dependency Analysis
Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures
Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM Applications
PANIC: PAN-assisted Intra-process Memory Isolation on ARM
Whole-Program Control-Flow Path Attestation
SysXCHG: Refining Privilege with Adaptive System Call Filters
Attack surface reduction, system call filtering, adaptive filtering
SysPart: Automated Temporal System Call Filtering for Binaries
2022
Hecate: Lifting and Shifting On-Premises Workloads to an Untrusted Cloud
confidential computing; virtualization; AMD SEV-SNP
TODO
CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation
Intra-process Memory Isolation, Intel CET, Memory File Abstraction
Intel CET 101: hardware shadow stack for return address. It also provides instructions to modify shadow stacks: WRSSD (for 4 bytes) and WRSSQ (for 8 bytes).
WRSS instructions takes about 9.3 CPU cycles, faster than MPK. WRSS instructions has less influences on CPU pipelines than MPK.
Challenges:
- WRSS instructions require data alignment. (data combination)
- WRSS instructions is less efficient than MOV instruction (buffer small data writes)
CETIS provide integrity, JITed code support and strict isolation.
Detecting Missing-Permission-Check Vulnerabilities in Distributed Cloud Systems
Missing Permission Check Vulnerabilities; Distributed System
TODO
HyperDbg: Reinventing Hardware-Assisted Debugging
Hypervisor, Debugging, Kernel-debugger, Fuzzing, Malware-analysis
TODO
2017
PtrSplit: Supporting General Pointers in Automatic Program Partitioning
TODO