Publication

Extensible kernels are leading OS researchers astray

Related publications (39)

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

Secure Interface Design Leveraging Hardware/Software Support

Atri Bhattacharyya

Computer systems rely heavily on abstraction to manage the exponential growth of complexity across hardware and software. Due to practical considerations of compatibility between components of these complex systems across generations, developers have favou ...

EPFL2024

ACTOR: Action-Guided Kernel Fuzzing

Mathias Josef Payer

Fuzzing reliably and efficiently finds bugs in software, including operating system kernels. In general, higher code coverage leads to the discovery of more bugs. This is why most existing kernel fuzzers adopt strategies to generate a series of inputs that ...

Berkeley2023

End-to-end kernel learning via generative random Fourier features

Fanghui Liu, Jie Yang

Random Fourier features (RFFs) provide a promising way for kernel learning in a spectral case. Current RFFs-based kernel learning methods usually work in a two-stage way. In the first-stage process, learn-ing an optimal feature map is often formulated as a ...

ELSEVIER SCI LTD2023

A RISC-V Extension to Minimize Privileges of Enclave Runtimes

Edouard Bugnion, Neelu Shivprakash Kalani

In confidential computing, the view of the system software is Manichean: the host operating system is untrusted and the TEE runtime system is fully trusted. However, the runtime system is often as complex as a full operating system, and thus is not free fr ...

ACM2023

Midas: Systematic Kernel TOCTTOU Protection

Mathias Josef Payer, Atri Bhattacharyya, Uros Tesic

Double-fetch bugs are a plague across all major operating system kernels. They occur when data is fetched twice across the user/kernel trust boundary while allowing concurrent modification. Such bugs enable an attacker to illegally access memory, cause den ...

2022

NrOS: Effective Replication and Sharing in an Operating System

Sanidhya Kashyap, Ankit Bhardwaj

Writing a correct operating system kernel is notoriously hard. Kernel code requires manual memory management and type-unsafe code and must efficiently handle complex, asynchronous events. In addition, increasing CPU core counts further complicate kernel de ...

USENIX ASSOC2021

PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications

Mathias Josef Payer, Zhenyu Wu

setuid system calls enable critical functions such as user authentications and modular privileged components. Such operations must only be executed after careful validation. However, current systems do not perform rigorous checks, allowing exploitation of ...

ASSOC COMPUTING MACHINERY2019

Advancing the State of Network Switch ASIC Offloading in the Linux Kernel

Andy Roulin

Modern data-center network operating systems rely on proprietary user-space daemons wrapping SDKs from switch vendors. Linux-based variants of these operating systems have benefited from increasing and simplified dataplane offloading support in recent year ...

2018

A Formally Verified NAT Stack

George Candea, Solal Vincenzo Pirelli, Arseniy Zaostrovnykh

Prior work proved a stateful NAT network function to be semantically correct, crash-free, and memory safe. Their toolchain verifies the network function code while assuming the underlying kernel-bypass framework, drivers, operating system, and hardware to ...

2018

A Formally Verified NAT Stack

George Candea, Solal Vincenzo Pirelli, Arseniy Zaostrovnykh

Prior work proved a stateful NAT network function to be, crash-free, memory safe and semantically correct [29]. Their toolchain verifies the network function code while assuming the underlying kernel-bypass framework, drivers, operating system, and hardwar ...

ASSOC COMPUTING MACHINERY2018