More Like this

1. Hardening Hypervisors with Ombro

   Johnson, Ethan; Pronovost, Colin; Criswell, John (July 2022, Usenix Security Symposium)

   This paper presents Ombro, a low-level virtual instruction set architecture (vISA) which enforces compiler-based security policies on real-world commodity hypervisors. We extend the Secure Virtual Architecture (which itself extends the LLVM compiler’s Intermediate Representation) to support the full set of hardware operations needed to run an x86 commodity hypervisor used in some of the world’s largest public clouds, namely, the Xen 4.12 hypervisor, running in full hardware-accelerated mode using Intel’s Virtual Machine Extensions (VMX). We have ported Xen 4.12 to the Ombro vISA and demonstrated that it can run unmodified guest VMs of real-world relevance (namely, Linux guests under Xen’s HVM and PVH modes). Furthermore, to demonstrate Ombro’s ability to harden hypervisors from attack, Ombro implements control flow integrity and the first protected shadow (split) stack for x86 hypervisors. Our performance results show that Ombro achieves this protection without imposing measurable overheads on most application benchmarks. 

   more » « less
2. Strain hardening by sediment transport

   https://doi.org/10.1103/PhysRevResearch.4.L022055  

   Cúñez, Fernando D.; Franklin, Erick M.; Houssais, Morgane; Arratia, Paulo; Jerolmack, Douglas J. (June 2022, Physical Review Research)
3. Swivel: Hardening WebAssembly against Spectre

   Shravan Narayan, Craig Disselkoen (January 2021, Usenix Security Symposium)

   We describe Swivel, a new compiler framework for hardening WebAssembly (Wasm) against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in-process sandbox and is, for example, used in production to isolate different clients on edge clouds and function-as-a-service platforms. Unfortunately, Spectre attacks can bypass Wasm's isolation guarantees. Swivel hardens Wasm against this class of attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code—another Wasm client or the embedding process—to leak secret data. 

   more » « less
4. Swivel: Hardening WebAssembly against Spectre

   Narayan, Shravan; Disselkoen, Craig; Moghimi, Daniel; Cauligi, Sunjay; Johnson, Evan; Gang, Zhao; Vahldiek-Oberwagner, Anjo; Sahita, Ravi; Shacham, Hovav; Tullsen, Dean; et al (March 2021, USENIX Security Symposium.)

   null (Ed.)

   We describe Swivel, a new compiler framework for hardening WebAssembly (Wasm) against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in-process sandbox and is, for example, used in production to isolate different clients on edge clouds and function-as-a-service platforms. Unfortunately, Spectre attacks can bypass Wasm's isolation guarantees. Swivel hardens Wasm against this class of attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code—another Wasm client or the embedding process—to leak secret data. We describe two Swivel designs, a software-only approach that can be used on existing CPUs, and a hardware-assisted approach that uses extension available in Intel® 11th generation CPUs. For both, we evaluate a randomized approach that mitigates Spectre and a deterministic approach that eliminates Spectre altogether. Our randomized implementations impose under 10.3% overhead on the Wasm-compatible subset of SPEC 2006, while our deterministic implementations impose overheads between 3.3% and 240.2%. Though high on some benchmarks, Swivel's overhead is still between 9× and 36.3× smaller than existing defenses that rely on pipeline fences. 

   more » « less
5. Distribution Systems Hardening Against Natural Disasters

   https://doi.org/10.1109/TPWRS.2018.2836391  

   Tan, Yushi; Das, Arindam K.; Arabshahi, Payman; Kirschen, Daniel S. (November 2018, IEEE Transactions on Power Systems)