Skip to content

NDSS

2024

Efficient Use-After-Free Prevention with Opportunistic Page-Level Sweeping

Two ways to prevent use-after-free: 1. reusing freed chunks after ensuring no dangling pointers, e.g. Markus (SP'2020) and Minesweeper (ASPLOS'22) 2. one-time-allocation

mremap: Linux kernel allows a process to detach the physical page from a virtual page without unmapping the virtual page.

2022

Preventing Kernel Hacks with HAKC

TODO

Cross-Language Attacks

Forensic Analysis of Configuration-based Attacks

TODO

2017

Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM

Propose Hilps: intra-level privilege seperation mechanism.

Intra-level: same privilege level

Hilps incurs on average just than 1% overhead.

TODO

2016

SKEE: A Lightweight Secure Kernel-level Execution Environment for ARM

SKEE does not require higher execution privilege. SKEE performs context switch between OS kernel and isolated environment.

SKEE uses a set of novel techniques to achieve 3 key objectives:

  1. isolation (based on MMU)
  2. secure context switching
  3. the ability to monitor and protect the kernel, without involving a higher privileged layer

The performance evaluation also shows that the number of CPU cycles required for switching to and from the isolated environment is in the range of few hundred cycles.