-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnewpapers.txt
101 lines (90 loc) · 5.23 KB
/
newpapers.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Kernel Software Security
## sp
Usable Mandatory Integrity Protection for Operating Systems
Lurking in the Shadows: Identifying Systemic Threats to Kernel Data
Practical Proactive Integrity Preservation: A Basis for Malware Defense
Verifying the Safety of User Pointer Dereferences
Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization
SoK: Eternal War in Memory
Practical Timing Side Channel Attacks against Kernel Space ASLR
KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels
Dancing with Giants: Wimpy Kernels for On-Demand Isolated I/O
NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch64
LBM: A Security Framework for Peripherals within the Linux Kernel
SoK: Shining Light on Shadow Stacks
SoK: Sanitizing for Security
Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels
## ndss
User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools.
Model Checking One Million Lines of C Code.
Ostia: A Delegating Architecture for Secure System Call Interposition.
A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities
K-Tracer: A System for Extracting Kernel Malware Behavior.
Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems.
IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution.
Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions.
Efficient Monitoring of Untrusted Kernel-Mode Execution.
SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures.
Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring.
Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring.
ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks.
Preventing Use-after-free with Dangling Pointers Nullification.
Enforcing Kernel Security Invariants with Data Flow Integrity
PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables.
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying.
K-Miner: Uncovering Memory Corruption in Linux
## osdi
Recovering Device Drivers
XFI: Software Guards for System Address Spaces
Improving Integer Security for Systems with KINT
Jitk: A Trustworthy In-Kernel Interpreter Infrastructure
Light-Weight Contexts: An OS Abstraction for Safety and Performance
EbbRT: A Framework for Building Per-Application Library Operating Systems
## usenix
Safety Checking of Kernel Extensions
Trusted Path Execution for the Linux 2.6 Kernel as a Linux Security Module
Linux Kernel Developer Responses to Static Analysis Bug Reports.
Tolerating Malicious Device Drivers in Linux
Static Analysis of Variability in System Software: The 90, 000 #ifdefs Issue.
Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path
Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers.
LXDs: Towards Isolation of Kernel Subsystems.
## ccs
Operating system enhancements to prevent the misuse of system calls.
On the effectiveness of address-space randomization.
Automated detection of persistent kernel control-flow attacks.
Mapping kernel objects to enable systematic integrity checking.
Robust signatures for kernel data structures.
A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel.
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR.
Breaking Kernel Address Space Layout Randomization with Intel TSX.
FreeGuard: A Faster Secure Heap Allocator
## sosp
Information flow control for standard OS abstractions.
## eurosys
Thorough static analysis of device drivers
Sealing OS processes to improve dependability and safety
Manageable fine-grained information flow
Multi-aspect profiling of kernel rootkit behavior
Defeating return-oriented rootkits with "Return-Less" kernels.
Process firewalls: protecting processes during resource access.
DangSan: Scalable Use-after-free Detection.
A Characterization of State Spill in Modern Operating Systems.
kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse.
## grsecurity
#SELinux and grsecurity: A Case Study Comparing Linux Security Kernel Enhancements
Real-World Buffer Overflow Protection for Userspace & Kernelspace
Return-Oriented Rootkits:Bypassing Kernel Code Integrity Protection Mechanisms
Securing The Kernel via Static Binary Rewriting and Program Shepherding
A Robust Kernel-Based Solution to Control-Hijacking Buffer Overflow Attacks
## other
#kBouncer: Efficient and Transparent ROP Mitigation
#DROP THE ROP Fine-grained Control-flow integrity for the Linux Kernel (kCFI
#PaX: The Guaranteed End of Arbitrary Code Execution
UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
PrivGuard: Protecting Sensitive Kernel Data From Privilege Escalation Attacks
Enhanced operating system security through efficient and fine-grained address space randomization
Enforcing kernel security invariants with data flow integrity
Mapping kernel objects to enable systematic integrity checking
Finding User/Kernel Pointer Bugs with Type Inference