Harbor: software-based memory protection for sensor nodes
Proceedings of the 6th international conference on Information processing in sensor networks
Guarded models for intrusion detection
Proceedings of the 2007 workshop on Programming languages and analysis for security
BrowserShield: Vulnerability-driven filtering of dynamic HTML
ACM Transactions on the Web (TWEB)
SafeDrive: safe and recoverable extensions using language-based techniques
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Understanding and visualizing full systems with data flow tomography
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Efficient fine-grained binary instrumentationwith applications to taint-tracking
Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Fast byte-granularity software fault isolation
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Tolerating hardware device failures in software
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Secure in-VM monitoring using hardware virtualization
Proceedings of the 16th ACM conference on Computer and communications security
Dynamic filtering: multi-purpose architecture support for language runtime systems
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Sentry: light-weight auxiliary memory access control
Proceedings of the 37th annual international symposium on Computer architecture
Membrane: operating system support for restartable file systems
FAST'10 Proceedings of the 8th USENIX conference on File and storage technologies
R2: an application-level kernel for record and replay
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Device driver safety through a reference validation mechanism
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Decaf: moving device drivers to a modern language
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Tolerating malicious device drivers in Linux
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Testing closed-source binary device drivers with DDT
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Making Linux protection mechanisms egalitarian with UserFS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Supporting dynamic update and resource protection in an embedded operating system
Proceedings of the 2011 ACM Symposium on Applied Computing
Language-independent sandboxing of just-in-time compilation and self-modifying code
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
ARMor: fully verified software fault isolation
EMSOFT '11 Proceedings of the ninth ACM international conference on Embedded software
Software fault isolation with API integrity and multi-principal modules
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Fay: extensible distributed tracing from kernels to clusters
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Ribbons: a partially shared memory programming model
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Mitigating code-reuse attacks with control-flow locking
Proceedings of the 27th Annual Computer Security Applications Conference
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Proceedings of the Second Asia-Pacific Workshop on Systems
Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems
ACM Transactions on Architecture and Code Optimization (TACO)
Understanding modern device drivers
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Isolating commodity hosted hypervisors with HyperLock
Proceedings of the 7th ACM european conference on Computer Systems
Body armor for binaries: preventing buffer overflows without recompilation
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Fay: Extensible Distributed Tracing from Kernels to Clusters
ACM Transactions on Computer Systems (TOCS)
Efficient protection of kernel data structures via object partitioning
Proceedings of the 28th Annual Computer Security Applications Conference
Fine-grained fault tolerance using device checkpoints
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Towards verifiable resource accounting for outsourced computation
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Proceedings of the 8th ACM European Conference on Computer Systems
Hypnos: understanding and treating sleep conflicts in smartphones
Proceedings of the 8th ACM European Conference on Computer Systems
Control-flow restrictor: compiler-based CFI for iOS
Proceedings of the 29th Annual Computer Security Applications Conference
Control flow integrity for COTS binaries
SEC'13 Proceedings of the 22nd USENIX conference on Security
Guardrail: a high fidelity approach to protecting hardware devices from buggy drivers
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
A platform for secure static binary instrumentation
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.00 |
XFI is a comprehensive protection system that offers both flexible access control and fundamental integrity guarantees, at any privilege level and even for legacy code in commodity systems. For this purpose, XFI combines static analysis with inline software guards and a two-stack execution model. We have implemented XFI for Windows on the x86 architecture using binary rewriting and a simple, stand-alone verifier; the implementation's correctness depends on the verifier, but not on the rewriter. We have applied XFI to software such as device drivers and multimedia codecs. The resulting modules function safely within both kernel and user-mode address spaces, with only modest enforcement overheads.