OSDI
2023
Honeycomb: Secure and Efficient GPU Executions via Static Validation
TAILCHECK: A Lightweight Heap Overflow Detection Mechanism with Page Protection and Tagged Pointers
2022
Automatic Reliability Testing for Cluster Management Controllers
KSplit: Automating Device Driver Isolation
Join static analysis and kernel isolation.
RESIN: A Holistic Service for Dealing with Memory Leaks in Production Cloud Infrastructure
Memory leakage, cloud infrastructure
TODO
XRP: In-Kernel Storage Functions with eBPF
TODO
zIO: Accelerating IO-Intensive Applications with Transparent Zero-Copy IO
TODO
TODO
Design and Verification of the Arm Confidential Compute Architecture
TODO
CAP-VMs: Capability-Based Isolation and Sharing in the Cloud
TODO
Application-Informed Kernel Synchronization Primitives
TODO
TODO
Operating System Support for Safe and Efficient Auxiliary Execution
Auxiliary tasks: tasks for fault detection, performance monitoring, online diagnosis, resource management, etc.
Three protection scenarios:
- application extensibility: protect main realm from untrusted extension code.
- secure partitioning: protect sensitive procedure from main application being compromised.
- maintenance: protect main application from trusted code.
BlackBox: A Container Security Monitor for Protecting Containers on Untrusted Operating Systems
Terminology
- TCB: trusted computing base, can be a metric of LOC.
- CSM: container security monitor, servers as the TCB in BlackBox.
Blackbox: a fine-grain protection of container data confidentiality and integrity without the need to trust the OS
2021
NrOS: Effective Replication and Sharing in an Operating System
2020
Do OS abstractions make sense on FPGAs?
TODO
Testing Configuration Changes in Context to Prevent Production Failures
ctest's two targets: (1) misconfiguration (2) bugs in code exposed by change towards configurations.
ctest is parameterized.
ctest choose dynamic analysis by instrumenting GET and SET APIs in configuration abstractions.
ctest exempts parameters that implicitly assume values.
ctest use heuristics to automatically generate values for validation.
Toward a Generic Fault Tolerance Technique for Partial Network Partitioning