Who We Are
What We Do
Problem and Goal
Policies
Mechanisms
Metrics
Optimizations
Projects
SEVER&PROTECT
Publications
News
Standards and Interfaces
Contact
Paper-Conference
μSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts
By prioritizing simplicity and portability, least-privilege engineering has been an afterthought in OS design, resulting in monolithic …
Nick Roessler
,
Lucas Atayde
,
Imani Palmer
,
Derrick McKee
,
Jai Pandey
,
Vasileios P. Kemerlis
,
Mathias Payer
,
Adam Bates
,
Jonathan M. Smith
,
André DeHon
,
Nathan Dautenhahn
PDF
Cite
DOI
DeepMatch: practical deep packet inspection in the data plane using network processors
Restricting data plane processing to packet headers precludes analysis of payloads to improve routing and security decisions. DeepMatch …
Joel Hypolite
,
John Sonchack
,
Shlomo Hershkop
,
Nathan Dautenhahn
,
André DeHon
,
Jonathan M. Smith
PDF
Cite
DOI
Protecting the Stack with Metadata Policies and Tagged Hardware
The program call stack is a major source of exploitable security vulnerabilities in low-level, unsafe languages like C. In conventional …
Nick Roessler
,
André DeHon
PDF
Cite
Video
DOI
The Dover inherently secure processor
The Dover inherently secure processor being developed at Draper extends a conventional CPU (we use an open-source RISC-V …
Gregory T. Sullivan
,
André DeHon
,
Steven Milburn
,
Eli Boling
,
Marco Ciaffi
,
Jothy Rosenberg
,
Andrew Sutherland
PDF
Cite
DOI
Architectural Support for Software-Defined Metadata Processing
Optimized hardware for propagating and checking software-programmable metadata tags can achieve low runtime overhead. We generalize …
Udit Dhawan
,
Catalin Hritcu
,
Nikos Vasilakis
,
Raphael Rubin
,
Silviu Chiricescu
,
Jonathan M. Smith
,
Thomas F. Knight, Jr.
,
Benjamin C. Pierce
,
André DeHon
PDF
Cite
DOI
RotoRouter: Router Support for Endpoint-Authorized Decentralized Traffic Filtering to Prevent DoS Attacks
RotoRouter addresses Denial-of-Service (DoS) attacks on networks with a novel protocol and router implementation. Sets of RotoRouters …
Albert Kwon
,
Kaiyu Zhang
,
Perk Lun Lim
,
Yuchen Pan
,
Jonathan M. Smith
,
André DeHon
PDF
Cite
A verified information-flow architecture
SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information …
Arthur Azevedo De Amorim
,
Nathan Collins
,
André DeHon
,
Delphine Demange
,
Cătălin Hriţcu
,
David Pichardie
,
Benjamin C. Pierce
,
Randy Pollack
,
Andrew Tolmach
PDF
Cite
DOI
Low-Fat Pointers: Compact Encoding and Efficient Gate-Level Implementation of Fat Pointers for Spatial Safety and Capability-based Security
Referencing outside the bounds of an array or buffer is a common source of bugs and security vulnerabilities in today’s software. …
Albert Kwon
,
Udit Dhawan
,
Jonathan M. Smith
,
Thomas F. Knight, Jr.
,
André DeHon
PDF
Cite
DOI
Cite
×