• Publications
  • Influence
Design and Implementation of a TCG-based Integrity Measurement Architecture
TLDR
We present the design and implementation of a secure integrity measurement system for Linux. Expand
PRIMA: policy-reduced integrity measurement architecture
TLDR
We propose an integrity measurement approach based on information flow integrity,which we call the Policy-Reduced Integrity Measurement Architecture (PRIMA)using SELinux policies to provide the information flow. Expand
Building a MAC-based security architecture for the Xen open-source hypervisor
TLDR
We present the sHype hypervisor security architecture for virtualization environments that controls the sharing of resources among VMs according to formal security policies. Expand
Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture
TLDR
We present SPROBES, a novel primitive that enables introspection of operating systems running on ARM TrustZone hardware. Expand
Fine-Grained Control-Flow Integrity for Kernel Software
TLDR
We present a mostly-automated approach for retrofitting kernel software that leverages features of such software to enable comprehensive, efficient, fine-grained CFI enforcement. Expand
Block Oriented Programming: Automating Data-Only Attacks
TLDR
We introduce BOPC, a mechanism to automatically assess whether an attacker can execute arbitrary code on a binary hardened with CFI/shadow stack defenses. Expand
Trusted virtual domains: toward secure distributed services
TLDR
The focus of trusted computing efforts to date has been to create islands of trust in a sea of distrust, identifying these islands with a solid base that can be used for building applications upon which critical services depend. Expand
Shamon: A System for Distributed Mandatory Access Control
TLDR
We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. Expand
Seeding clouds with trust anchors
TLDR
A cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. Expand
On cellular botnets: measuring the impact of malicious devices on a cellular network core
TLDR
The vast expansion of interconnectivity with the Internet and the rapid evolution of highly-capable but largely insecure mobile devices threatens cellular networks. Expand
...
1
2
3
4
5
...