Article

Enclosure: language-based restriction of untrusted libraries

Authors:

James R. Larus,

Edouard BugnionAuthors Info & Claims

ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 255 - 267

https://doi.org/10.1145/3445814.3446728

Published: 17 April 2021 Publication History

Abstract

Programming languages and systems have failed to address the security implications of the increasingly frequent use of public libraries to construct modern software. Most languages provide tools and online repositories to publish, import, and use libraries; however, this double-edged sword can incorporate a large quantity of unknown, unchecked, and unverified code into an application. The risk is real, as demonstrated by malevolent actors who have repeatedly inserted malware into popular open-source libraries.

This paper proposes a solution: enclosures, a new programming language construct for library isolation that provides a developer with fine-grain control over the resources that a library can access, even for libraries with complex inter-library dependencies. The programming abstraction is language-independent and could be added to most languages. These languages would then be able to take advantage of hardware isolation mechanisms that are effective across language boundaries.

The enclosure policies are enforced at run time by LitterBox, a language-independent framework that uses hardware mechanisms to provide uniform and robust isolation guarantees, even for libraries written in unsafe languages. LitterBox currently supports both Intel VT-x (with general-purpose extended page tables) and the emerging Intel Memory Protection Keys (MPK).

We describe an enclosure implementation for the Go and Pythonlanguages. Our evaluation demonstrates that the Go implementation can protect sensitive data in real-world applications constructed using complex untrusted libraries with deep dependencies. It requires minimal code refactoring and incurs acceptable performance overhead. The Python implementation demonstrates LitterBox’s ability to support dynamic languages.

References

[1]

[n.d.]. Intel SGX-Software Guard Extensions Programming References. https: //software.intel.com/sites/default/files/managed/48/88/329298-002.pdf.

[2]

2020. Linux Kernel-based Virtual Machine. https://www.linux-kvm.org.

[3]

2020. Python Packge Index. https://pypi.org/.

[4]

2020. Rubygems stats. https://rubygems.org/stats.

[5]

2020. Rust The Cargo Book. https://doc.rust-lang.org/cargo/commands/.

[6]

2020. Seccomp BPF. kernel.org/doc/html/latest/userspace-api/seccomp_filter. html.

[7]

2020. Writing Web Applications Golang. https://golang.org/doc/articles/wiki/.

[8]

Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. Controllfow integrity. In ACM Conference on Computer and Communications Security. 340-353.

[9]

Adrien Ghosn. 2020. Enclosures: language-based restriction of untrusted libraries. https://github.com/aghosn/enclosures.

[10]

ARM. 2020. ARM1136JF-S and ARM1136J-S Technical Reference Manual. https: //developer.arm.com/documentation/ddi0211/latest/.

[11]

Adam Belay, Andrea Bittau, Ali José Mashtizadeh, David Terei, David Mazières, and Christos Kozyrakis. 2012. Dune: Safe User-level Access to Privileged CPU Features. In Proceedings of the 10th Symposium on Operating System Design and Implementation (OSDI). 335-348.

[12]

A. Bensoussan, C. T. Clingen, and Robert C. Daley. 1972. The Multics Virtual Memory: Concepts and Design. Commun. ACM 15, 5 ( 1972 ), 308-318.

[13]

Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-Privilege Compartments. In Proceedings of the 5th Symposium on Networked Systems Design and Implementation (NSDI). 309-322.

[14]

Catalin Cimpanu. 2018. Somebody tried to hide a backdoor in a popular javascript npm package. https://www.bleepingcomputer.com/news/security/somebodytried-to-hide-a-backdoor-in-a-popular-javascript-npm-package/.

[15]

Catalin Cimpanu. 2019. Backdoored Python Library Caught Stealing SSH Credentials. https://www.bleepingcomputer.com/news/security/backdoored-pythonlibrary-caught-stealing-ssh-credentials/.

[16]

Catalin Cimpanu. 2019. Malicious Python libraries targeting Linux servers removed from PyPi. https://www.zdnet.com/article/malicious-python-librariestargeting-linux-servers-removed-from-pypi/.

[17]

Catalin Cimpanu. 2019. Twelve malicious Python libraries found and removed from PyPi. https://www.zdnet.com/article/twelve-malicious-python-librariesfound-and-removed-from-pypi/.

[18]

Catalin Cimpanu. 2019. Two malicious Python libraries caught stealing SSH and GPG keys. https://www.zdnet.com/article/two-malicious-python-librariesremoved-from-pypi/.

[19]

Catalin Cimpanu. 2020. Malicious npm packages caught installing remote access trojans. https://www.zdnet.com/article/malicious-npm-packages-caughtinstalling-remote-access-trojans/.

[20]

Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, and Long Lu. 2016. Shreds: Fine-Grained Execution Units with Private Memory. In IEEE Symposium on Security and Privacy. 56-71.

[21]

Nathan Dautenhahn, Theodoros Kasampalis, Will Dietz, John Criswell, and Vikram S. Adve. 2015. Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XX). 191-206.

[22]

Daniel Farina. 2020. pq-A pure Go postgres driver for Go's database/sql package. https://github.com/lib/pq.

[23]

Tommaso Frassetto, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. JITGuard: Hardening Just-in-time Compilers with SGX. In ACM Conference on Computer and Communications Security. 2405-2419.

Digital Library

[24]

Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2018. IMIX: In-Process Memory Isolation EXtension. In Proceedings of the 27th USENIX Security Symposium. 83-97.

[25]

Adrien Ghosn, James R. Larus, and Edouard Bugnion. 2019. Secured Routines: Language-based Construction of Trusted Execution Environments. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC). 571-586.

[26]

Google. 2020. Chromium V8 isolates. https://chromium.googlesource. com/chromium/src/+/master/third_party/blink/renderer/bindings/core/v8/ V8BindingDesign.md#Isolate.

[27]

Google. 2020. Golang add dependencies to the module and install them. https://golang.org/cmd/go/#hdr-Add_dependencies_to_current_module_and_install_them.

[28]

Microsfot Confidential Computing group. 2020. Project Verona: a programming language for the modern cloud. https://www.microsoft.com/en-us/research/ project/project-verona/.

[29]

Khilan Gudka, Robert N. M. Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G. Neumann, and Alex Richardson. 2015. Clean Application Compartmentalization with SOAAP. In ACM Conference on Computer and Communications Security. 1016-1031.

Digital Library

[30]

Andreas Haas, Andreas Rossberg, Derek L. Schuf, Ben L. Titzer, Michael Holman, Dan Gohman, Luke Wagner, Alon Zakai, and J. F. Bastien. 2017. Bringing the web up to speed with WebAssembly. In Proceedings of the ACM SIGPLAN 2017 Conference on Programming Language Design and Implementation (PLDI). 185-200.

[31]

Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L. Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC). 489-504.

[32]

Terry Ching-Hsiang Hsu, Kevin J. Hofman, Patrick Eugster, and Mathias Payer. 2016. Enforcing Least Privilege Memory Views for Multithreaded Applications. In ACM Conference on Computer and Communications Security. 393-405.

[33]

Intel. 2020. Intel®64 and IA-32 Architectures Software Developer's Manual.

[34]

Yoongu Kim, Ross Daly, Jeremie S. Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In Proceedings of the 41st International Symposium on Computer Architecture (ISCA). 361-372.

Digital Library

[35]

Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In IEEE Symposium on Security and Privacy. 1-19.

[36]

Koen Koning, Xi Chen, Herbert Bos, Cristiano Giufrida, and Elias Athanasopoulos. 2017. No Need to Hide: Protecting Safe Regions on Commodity Hardware. In Proceedings of the 2017 EuroSys Conference. 437-452.

Digital Library

[37]

Lawrence Abrams. 2020. Malicious RubyGems packages used in cryptocurrency supply chain attack. https://www.bleepingcomputer.com/news/security/ malicious-rubygems-packages-used-in-cryptocurrency-supply-chain-attack/.

[38]

Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keefe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David M. Eyers, Rüdiger Kapitza, Christof Fetzer, and Peter R. Pietzuch. 2017. Glamdring: Automatic Application Partitioning for Intel SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC). 285-298.

[39]

Linux. 2020. SecComp Load Filter. https://man7.org/linux/man-pages/man3/ seccomp_load.3.html.

[40]

James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In Proceedings of the 12th Symposium on Operating System Design and Implementation (OSDI). 49-64.

[41]

Lei Liu, Xinwen Zhang, Guanhua Yan, and Songqing Chen. 2012. Chrome Extensions: Threat Analysis and Countermeasures. In Proceedings of the 2012 Annual Network and Distributed System Security Symposium (NDSS).

[42]

Yutao Liu, Tianyu Zhou, Kexin Chen, Haibo Chen, and Yubin Xia. 2015. Thwarting Memory Disclosure with Eficient Hypervisor-enforced Intra-domain Isolation. In ACM Conference on Computer and Communications Security. 1607-1619.

[43]

Lukas Martini. 2019. Fake version of dateutil and jellyfish. https://github.com/ dateutil/dateutil/issues/984.

[44]

Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil D. Gligor, and Adrian Perrig. 2010. TrustVisor: Eficient TCB Reduction and Attestation. In IEEE Symposium on Security and Privacy. 143-158.

Digital Library

[45]

Michael Sammler. 2018. seccom: Add pkru into seccomp data. https://marc.info/ ?l=linux-api&m=154039581615478&w=2.

[46]

Lucian Mogosanu, Ashay Rane, and Nathan Dautenhahn. 2018. MicroStache: A Lightweight Execution Context for In-Process Safe Region Isolation. In Proceedings of the 21st International Symposium on Research in Attacks, Intrusions, and Defenses(RAID). 359-379.

[47]

Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scotty Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, and Anton Burtsev. 2019. LXDs: Towards Isolation of Kernel Subsystems. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC). 269-284.

[48]

George C. Necula. 1997. Proof-Carrying Code. In Proceedings of the 24th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL). 106-119.

Digital Library

[49]

Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. 2012. You are what you include: large-scale evaluation of remote javascript inclusions. In ACM Conference on Computer and Communications Security. 736-747.

Digital Library

[50]

Nikola ?uza. 2020. JavaScript Growing Pains: From 0 to 13,000 Dependencies. https://blog.appsignal.com/ 2020 /05/14/javascript-growing-pains-from-0-to-13000-dependencies.html.

[51]

Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim. 2019. libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK). In Proceedings of the 2019 USENIX Annual Technical Conference (ATC). 241-254.

[52]

Jerome H. Saltzer and Michael D. Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 ( 1975 ), 1278-1308.

[53]

Monirul I. Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi. 2009. Secure inVM monitoring using hardware virtualization. In ACM Conference on Computer and Communications Security. 477-487.

[54]

Le Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, and Jinming Li. 2017. Deconstructing Xen. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS).

[55]

Anthony N. Simon. 2020. Bild: A collection of parallel image processing algorithms in pure Go. https://github.com/anthonynsimon/bild.

[56]

Soham Kamani. 2020. Adding a database to a Go web application. https://www.sohamkamani.com/blog/2017/10/18/golang-adding-databaseto-web-application/.

[57]

Michael M. Swift, Steven Martin, Henry M. Levy, and Susan J. Eggers. 2002. Nooks: an architecture for reliable device drivers. In ACM SIGOPS European Workshop. 102-107.

[58]

Gorilla Web Toolkit. 2020. mux-Request router and dispatcher. https://github. com/gorilla/mux.

[59]

Trend Micro. 2020. The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zeroday Exploits. https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf.

[60]

Rich Uhlig, Gil Neiger, Dion Rodgers, Amy L. Santoni, Fernando C. M. Martins, Andrew V. Anderson, Steven M. Bennett, Alain Kägi, Felix H. Leung, and Larry Smith. 2005. Intel Virtualization Technology. Computer 38, 5 ( 2005 ), 48-56.

[61]

Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Eficient In-process Isolation with Protection Keys (MPK). In Proceedings of the 28th USENIX Security Symposium. 1221-1238.

[62]

Aliaksandr Valialkin. 2020. FastHTTP: Fast HTTP implementation for Go. https: //github.com/valyala/fasthttp.

[63]

Lluís Vilanova, Muli Ben-Yehuda, Nacho Navarro, Yoav Etsion, and Mateo Valero. 2014. CODOMs: Protecting software with Code-centric memory Domains. In Proceedings of the 41st International Symposium on Computer Architecture (ISCA). 469-480.

Digital Library

[64]

Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1993. Eficient Software-Based Fault Isolation. In Proceedings of the 14th ACM Symposium on Operating Systems Principles (SOSP). 203-216.

[65]

Zhi Wang and Xuxian Jiang. 2010. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In IEEE Symposium on Security and Privacy. 380-395.

Digital Library

[66]

Emmett Witchel, Josh Cates, and Krste Asanovic. 2002. Mondrian memory protection. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X). 304-316.

Digital Library

[67]

Jonathan Woodruf, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert M. Norton, and Michael Roe. 2014. The CHERI capability model: Revisiting RISC in an age of risk. In Proceedings of the 41st International Symposium on Computer Architecture (ISCA). 457-468.

[68]

Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In IEEE Symposium on Security and Privacy. 79-93.

Digital Library

[69]

Ethan G. Young, Pengfei Zhu, Tyler Caraza-Harter, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2019. The True Cost of Containing: A gVisor Case Study. In Proceedings of the 11th workshop on Hot topics in Cloud Computing (HotCloud).

[70]

Eric S. Yuan. 2020. Zoom's Use of Facebook's SDK in iOS Client. https://blog. zoom.us/zoom-use-of-facebook-sdk-in-ios-client/.

[71]

Zack Bloom. 2020. Cloud Computing without Containers. https://blog.cloudflare. com/cloud-computing-without-containers/.

[72]

Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small World with High Risks: A Study of Security Threats in the npm Ecosystem. In Proceedings of the 28th USENIX Security Symposium. 995-1010.

[73]

Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. 2006. XFI: Software Guards for System Address Spaces. In Proceedings of the 7th Symposium on Operating System Design and Implementation (OSDI). 75-88.

Cited By

Jacobs AGülmez MAndries AVolckaert SVoulimeneas A(2024)System Call Interposition Without Compromise2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00030(183-194)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00030
Ahad AWang GKim CJana SLin ZKwon YAamodt TSwift MJerger N(2023)FreePart: Hardening Data Processing Software via Framework-based Partitioning and IsolationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624760(169-188)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624760
Lowther DJacob DSinger JBruno RMoss E(2023)Morello MicroPython: A Python Interpreter for CHERIProceedings of the 20th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3617651.3622991(62-69)Online publication date: 19-Oct-2023
https://dl.acm.org/doi/10.1145/3617651.3622991
Show More Cited By

Index Terms

Enclosure: language-based restriction of untrusted libraries
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software notations and tools
    1. Compilers
      1. Runtime environments

Recommendations

Revised Report on the Algorithmic Language Scheme

The report gives a defining description of the programming language Scheme. Scheme is a statically scoped and properly tail-recursive dialect of the Lisp programming language invented by Guy Lewis Steele, Jr. and Gerald Jay Sussman. It was designed to have ...
Formalisation of C Language Interfaces

In practical computing, implementations of programming languages provide an interface that allow programs written in a language to call code written in another programming language, most often C. Usually, those language interfaces are left out of the ...
Towards a fully-reflective meta-programming language
ACSC '05: Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38

The term meta-programming language is used to describe languages that have some capability for manipulating code. A multi-stage language is a kind of meta-programming language that allows static type-checking of dynamically generated code. The ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

April 2021

1090 pages

ISBN:9781450383172

DOI:10.1145/3445814

General Chair:
Tim Sherwood
University of California at Santa Barbara, USA
,
Program Chairs:
Emery Berger
University of Massachusetts at Amherst, USA
,
Christos Kozyrakis
Stanford University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ASPLOS '21

Sponsor:

SIGPLAN

ASPLOS '21: 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

April 19 - 23, 2021

Virtual, USA

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
678
Total Downloads

Downloads (Last 12 months)136
Downloads (Last 6 weeks)9

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jacobs AGülmez MAndries AVolckaert SVoulimeneas A(2024)System Call Interposition Without Compromise2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00030(183-194)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00030
Ahad AWang GKim CJana SLin ZKwon YAamodt TSwift MJerger N(2023)FreePart: Hardening Data Processing Software via Framework-based Partitioning and IsolationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624760(169-188)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624760
Lowther DJacob DSinger JBruno RMoss E(2023)Morello MicroPython: A Python Interpreter for CHERIProceedings of the 20th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3617651.3622991(62-69)Online publication date: 19-Oct-2023
https://dl.acm.org/doi/10.1145/3617651.3622991
Blair WRobertson WEgele M(2023)ThreadLock: Native Principal Isolation Through Memory Protection KeysProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3595797(966-979)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3595797
Yang YHuang WKaoudis KDautenhahn N(2023)Whole-Program Privilege and Compartmentalization Analysis with the Object-Encapsulation Model2023 IEEE Security and Privacy Workshops (SPW)10.1109/SPW59333.2023.00018(1-12)Online publication date: May-2023
https://doi.org/10.1109/SPW59333.2023.00018
Bhattacharyya AHofhammer FLi YGupta SSanchez AFalsafi BPayer M(2023)SecureCells: A Secure Compartmentalized Architecture2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179472(2921-2939)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179472
Peng DLiu CPalit TFonseca PVahldiek-Oberwagner AVij M(2023)μSwitch: Fast Kernel Context Isolation with Implicit Context Switches2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179284(2956-2973)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179284

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents