• Publications
  • Influence
Linux security modules: general security support for the linux kernel
TLDR
The Linux Security Modules (LSM) project has developed a lightweight, general purpose, access control framework for the mainstream Linux kernel that enables many different access control models to be implemented as loadable kernel modules. Expand
  • 481
  • 60
  • PDF
PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities
TLDR
This paper presents PointGuard, a compiler technique to defend against most kinds of buffer overflows by encrypting pointers when stored in memory, and decrypting them only when loaded into CPU registers. Expand
  • 436
  • 25
  • PDF
Buffer overflows: attacks and defenses for the vulnerability of the decade
TLDR
Buffer overflows have been the most common form of security vulnerability for the last ten years. Expand
  • 260
  • 13
  • PDF
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
TLDR
We introduce access control gadgets (ACGs) as an operating system technique to capture user intent. Expand
  • 213
  • 13
  • PDF
Buffer overflows: attacks and defenses for the vulnerability of the decade
TLDR
Buffer overflows have been the most common form of security vulnerability for the last ten years. Expand
  • 244
  • 11
SubDomain: Parsimonious Server Security
TLDR
This paper presents SubDomain: an OS extension designed to provide sufficient security to prevent vulnerability rot in Internet server platforms, and yet simple enough to minimize the performance, administrative, and implementation costs. Expand
  • 126
  • 11
  • PDF
FormatGuard: Automatic Protection From printf Format String Vulnerabilities
TLDR
In June 2000, a major new class of vulnerabilities called "format bugs" was discovered when an vulnerability in WU-FTP appeared. Expand
  • 240
  • 9
  • PDF
A Distributed Real-Time MPEG Video Audio Player
TLDR
We use a novel toolkit approach to build software feedback mechanisms for client/server synchronization, dynamic Quality-of-Service control, and system adaptiveness in a distributed, real-time MPEG video and audio player. Expand
  • 151
  • 6
  • PDF
Linux Security Module Framework
Computer security is a chronic and growing problem, even for Linux, as evidenced by the seemingly endless stream of software security vulnerabilities. Security research has produced numerous accessExpand
  • 58
  • 6
  • PDF
Optimistic incremental specialization: streamlining a commercial operating system
TLDR
We use specialized operating system code that reduces interpretation for common cases, but still behaves correctly in the fully general c ase. Expand
  • 248
  • 5
  • PDF