Other Papers
HotOS
Towards Modern Development of Cloud Applications
Thesis Papers
Strengthening memory safety in Rust: exploring CHERI capabilities for a safe language
TODO
Preserving Memory Safety in Safe Rust during Interactions with Unsafe Languages
TODO
Security analysis of hardware-OS interfaces in Linux
Others
HotBPF - An On-demand and On-the-fly Memory Protection for the Linux Kernel
Key idea: separate the vulnerable object to virtual memory region (vmalloc region is not continuous physically).
Challenges
- identify the vulnerable object from thousdands of kernel objects
- separate potential corruption without recompiling and rebooting the whole system
Understanding and Detecting Cloud-nativeness Vulnerabilities in Distributed Systems
Distrubuted systems != cloud native
A distributed system has a cloud-nativeness vulnerability if, under the same configuration, input and execution sequence, the system fails in the cloud environment, but not in the bare-metal server environment
A failure caused by cloud-nativeness vulnerability is a cloud-nativeness failure.
JIRA issue format.