Nick Roessler
YOU?
Author Swipe
View article: μSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts
μSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts Open
By prioritizing simplicity and portability, least-privilege engineering has been an afterthought in OS design, resulting in monolithic kernels where any exploit leads to total compromise. μSCOPE ("microscope") addresses this problem by aut…
View article: SCALPEL: Exploring the Limits of Tag-enforced Compartmentalization
SCALPEL: Exploring the Limits of Tag-enforced Compartmentalization Open
We present Secure Compartments Automatically Learned and Protected by Execution using Lightweight metadata (SCALPEL), a tool for automatically deriving compartmentalization policies and lowering them to a tagged architecture for hardware-a…
View article: Lossless instruction-to-object memory tracing in the Linux kernel
Lossless instruction-to-object memory tracing in the Linux kernel Open
The lack of visibility into Linux's behavior makes it hard to refactor and maintain. To peer inside the box, we present Memorizer, a self-contained, low-level tracing framework that tracks (most) object allocations, data accesses, and func…
View article: Protecting the Stack with Metadata Policies and Tagged Hardware
Protecting the Stack with Metadata Policies and Tagged Hardware Open
The program call stack is a major source of exploitable security vulnerabilities in low-level, unsafe languages like C. In conventional runtime implementations, the underlying stack data is exposed and unprotected, allowing programming err…
View article: BreakApp: Automated, Flexible Application Compartmentalization
BreakApp: Automated, Flexible Application Compartmentalization Open
Developers of large-scale software systems may use third-party modules to reduce costs and accelerate release cycles, at some risk to safety and security.BREAKAPP exploits module boundaries to automate compartmentalization of systems and e…