The packer filter: an efficient mechanism for user-level network code
SOSP '87 Proceedings of the eleventh ACM Symposium on Operating systems principles
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
MediaBench: a tool for evaluating and synthesizing multimedia and communicatons systems
MICRO 30 Proceedings of the 30th annual ACM/IEEE international symposium on Microarchitecture
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A semantic model of types and machine instructions for proof-carrying code
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Essential COM
Java Virtual Machine Specification
Java Virtual Machine Specification
Programming the Microsoft Windows Driver Model, Second Edition
Programming the Microsoft Windows Driver Model, Second Edition
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
MiSFIT: Constructing Safe Extensible Systems
IEEE Concurrency
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
An infrastructure for adaptive dynamic optimization
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Protection is a software issue
HOTOS '95 Proceedings of the Fifth Workshop on Hot Topics in Operating Systems (HotOS-V)
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Improving the reliability of commodity operating systems
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Capriccio: scalable threads for internet services
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns
IEEE Security and Privacy
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer)
Proceedings of the 12th ACM conference on Computer and communications security
Certified In-lined Reference Monitoring on .NET
Proceedings of the 2006 workshop on Programming languages and analysis for security
Hardware works, software doesn't: enforcing modularity with Mondriaan memory protection
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Unmodified device driver reuse and improved system dependability via virtual machines
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A theory of secure control flow
ICFEM'05 Proceedings of the 7th international conference on Formal Methods and Software Engineering
Enforcing resource bounds via static verification of dynamic checks
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
A framework for certified program analysis and its applications to mobile-code safety
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Architectural support for software-based protection
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Switchblade: enforcing dynamic personalized system call models
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
An empirical security study of the native code in the JDK
SS'08 Proceedings of the 17th conference on Security symposium
Proceedings of the 4th ACM European conference on Computer systems
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Automatic device driver synthesis with termite
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Efficient, context-sensitive detection of real-world semantic attacks
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Membrane: Operating system support for restartable file systems
ACM Transactions on Storage (TOS)
CuriOS: improving reliability through operating system structure
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Leveraging legacy code to deploy desktop applications on the web
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Memory safety for low-level software/hardware interactions
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Flexible in-lined reference monitor certification: challenges and future directions
Proceedings of the 5th ACM workshop on Programming languages meets program verification
Adapting software fault isolation to contemporary CPU architectures
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Improved device driver reliability through hardware verification reuse
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
ROPdefender: a detection tool to defend against return-oriented programming attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Policy-centric protection of OS kernel from vulnerable loadable kernel modules
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
Combining control-flow integrity and static analysis for efficient and validated data sandboxing
Proceedings of the 18th ACM conference on Computer and communications security
Return-Oriented Programming: Systems, Languages, and Applications
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Defending embedded systems with software symbiotes
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
What if you can't trust your network card?
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Plug-n-trust: practical trusted sensing for mhealth
Proceedings of the 10th international conference on Mobile systems, applications, and services
kGuard: lightweight kernel protection against return-to-user attacks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Securing untrusted code via compiler-agnostic binary rewriting
Proceedings of the 28th Annual Computer Security Applications Conference
String oriented programming: when ASLR is not enough
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
Efficient user-space information flow control
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Monitor integrity protection with space efficiency and separate compilation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A versatile code execution isolation framework with security first
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Strato: a retargetable framework for low-level inlined-reference monitors
SEC'13 Proceedings of the 22nd USENIX conference on Security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
XFI is a comprehensive protection system that offers both flexible access control and fundamental integrity guarantees, at any privilege level and even for legacy code in commodity systems. For this purpose, XFI combines static analysis with inline software guards and a two-stack execution model. We have implemented XFI for Windows on the x86 architecture using binary rewriting and a simple, stand-alone verifier; the implementation's correctness depends on the verifier, but not on the rewriter. We have applied XFI to software such as device drivers and multimedia codecs. The resulting modules function safely within both kernel and user-mode address spaces, with only modest enforcement overheads.