Skip to content

Other Papers

HotOS

Towards Modern Development of Cloud Applications

Thesis Papers

Strengthening memory safety in Rust: exploring CHERI capabilities for a safe language

TODO

Preserving Memory Safety in Safe Rust during Interactions with Unsafe Languages

TODO

Security analysis of hardware-OS interfaces in Linux

A Zero Kernel Operating System: Rethinking Microkernel Design by Leveraging Tagged Architectures and Memory-Safe Languages

Others

HotBPF - An On-demand and On-the-fly Memory Protection for the Linux Kernel

Key idea: separate the vulnerable object to virtual memory region (vmalloc region is not continuous physically).

Challenges

  1. identify the vulnerable object from thousdands of kernel objects
  2. separate potential corruption without recompiling and rebooting the whole system

Understanding and Detecting Cloud-nativeness Vulnerabilities in Distributed Systems

Distrubuted systems != cloud native

A distributed system has a cloud-nativeness vulnerability if, under the same configuration, input and execution sequence, the system fails in the cloud environment, but not in the bare-metal server environment

A failure caused by cloud-nativeness vulnerability is a cloud-nativeness failure.

JIRA issue format.