Relevant bibliographies by topics / Hardware isolation

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'Hardware isolation'

Author: Grafiati
Published: 7 September 2024

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Hardware isolation.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Hardware isolation"

1

Shang, Ming. "A New Hardware Isolation Architecture." Applied Mechanics and Materials 530-531 (February 2014): 631–36. http://dx.doi.org/10.4028/www.scientific.net/amm.530-531.631.

Full text
Abstract:
Virtual systems are usually attacked due to the vulnerabilities in the hypervisor. The hypervisor cannot solve this because its code size is too big to implement totally right. This paper proposed a new hardware-software architecture based on hardware isolation, which adds a new component in CPU to provide hard-level isolation. Even when the malicious code gets the highest software privilege, it cannot break into another domain from current domain. This paper also gives the implementation of the booting, memory isolation, scheduling, interrupt handling and inter-domain communication.
APA, Harvard, Vancouver, ISO, and other styles
2

Hu, Nianhang, Mengmei Ye, and Sheng Wei. "Surviving Information Leakage Hardware Trojan Attacks Using Hardware Isolation." IEEE Transactions on Emerging Topics in Computing 7, no. 2 (April 1, 2019): 253–61. http://dx.doi.org/10.1109/tetc.2017.2648739.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Hooker, Sara. "The hardware lottery." Communications of the ACM 64, no. 12 (December 2021): 58–65. http://dx.doi.org/10.1145/3467017.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Kaplan, David. "Hardware VM Isolation in the Cloud." Queue 21, no. 4 (August 31, 2023): 49–67. http://dx.doi.org/10.1145/3623392.

Full text
Abstract:
Confidential computing is a security model that fits well with the public cloud. It enables customers to rent VMs while enjoying hardware-based isolation that ensures that a cloud provider cannot purposefully or accidentally see or corrupt their data. SEV-SNP was the first commercially available x86 technology to offer VM isolation for the cloud and is deployed in Microsoft Azure, AWS, and Google Cloud. As confidential computing technologies such as SEV-SNP develop, confidential computing is likely to simply become the default trust model for the cloud.
APA, Harvard, Vancouver, ISO, and other styles
5

Kaplan, David. "Hardware VM Isolation in the Cloud." Communications of the ACM 67, no. 1 (December 21, 2023): 54–59. http://dx.doi.org/10.1145/3624576.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Zeng, Qiang Hong, Shi Jian Zhu, Jing Jun Lou, and Shui Qing Xie. "Hardware Design for Active Vibration Isolation Controller." Advanced Materials Research 211-212 (February 2011): 1061–65. http://dx.doi.org/10.4028/www.scientific.net/amr.211-212.1061.

Full text
Abstract:
The active vibration control system are described in this paper, and the controller was designed for the active control system, the controller is based on ARM Cortex M3 microcontroller core, ICP series acceleration sensor is use for signal acquisition module, the A / D converter module was designed based on ADS1158 chip, the D/ A converter module was designed based on DAC8564 chip. The controller has the characteristics of high speed and versatility.
APA, Harvard, Vancouver, ISO, and other styles
7

Chen, Sui, Lu Peng, and Samuel Irving. "Accelerating GPU Hardware Transactional Memory with Snapshot Isolation." ACM SIGARCH Computer Architecture News 45, no. 2 (September 14, 2017): 282–94. http://dx.doi.org/10.1145/3140659.3080204.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Omar, Hamza, and Omer Khan. "PRISM." ACM Transactions on Architecture and Code Optimization 18, no. 3 (June 2021): 1–25. http://dx.doi.org/10.1145/3450523.

Full text
Abstract:
Multicores increasingly deploy safety-critical parallel applications that demand resiliency against soft-errors to satisfy the safety standards. However, protection against these errors is challenging due to complex communication and data access protocols that aggressively share on-chip hardware resources. Research has explored various temporal and spatial redundancy-based resiliency schemes that provide multicores with high soft-error coverage. However, redundant execution incurs performance overheads due to interference effects induced by aggressive resource sharing. Moreover, these schemes require intrusive hardware modifications and fall short in providing efficient system availability guarantees. This article proposes PRISM, a resilient multicore architecture that incorporates strong hardware isolation to form redundant clusters of cores, ensuring a non-interference-based redundant execution environment. A soft error in one cluster does not effect the execution of the other cluster, resulting in high system availability. Implementing strong isolation for shared hardware resources, such as queues, caches, and networks requires logic for partitioning. However, it is less intrusive as complex hardware modifications to protocols, such as hardware cache coherence, are avoided. The PRISM approach is prototyped on a real Tilera Tile-Gx72 processor that enables primitives to implement the proposed cluster-level hardware resource isolation. The evaluation shows performance benefits from avoiding destructive hardware interference effects with redundant execution, while delivering superior system availability.
APA, Harvard, Vancouver, ISO, and other styles
9

Cho, Yeongpil. "Fine-Grained Isolation to Protect Data against In-Process Attacks on AArch64." Electronics 9, no. 2 (February 1, 2020): 236. http://dx.doi.org/10.3390/electronics9020236.

Full text
Abstract:
In-process attacks are a new class of attacks that circumvent protection schemes centered around inter-process isolation. Against these attacks, researchers have proposed fine-grained data isolation schemes that can protect sensitive data from malicious accesses even during the same process. Their proposals based on salient hardware features, such as ARM® processor architecture’s domain protection, are quite successful, but it cannot be applied to a specific architecture, namely AArch64, as this does not provide the same hardware features. In this paper, therefore, we present Sealer, a fine-grained data isolation scheme applicable in AArch64. Sealer achieves its objective by brilliantly harmonizing two hardware features of AArch64: The eXecute-no-Read and the cryptographic extension. Sealer provides application developers with a set of application programming interface (API) so that the developers can enjoy the fine-grained data isolation in their own way.
APA, Harvard, Vancouver, ISO, and other styles
10

Verghese, Ben, Anoop Gupta, and Mendel Rosenblum. "Performance isolation." ACM SIGOPS Operating Systems Review 32, no. 5 (December 1998): 181–92. http://dx.doi.org/10.1145/384265.291044.

Full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Hardware isolation"

1

Vilanova, García Lluís. "Code-Centric Domain Isolation : a hardware/software co-design for efficient program isolation." Doctoral thesis, Universitat Politècnica de Catalunya, 2016. http://hdl.handle.net/10803/385746.

Full text
Abstract:
Current software systems contain a multitude of software components: from simple libraries to complex plugins and services. System security and resiliency depends on being able to isolate individual components onto separate domains. Conventional systems impose large performance and programmability overheads when isolating components. Importantly, when performance and isolation are at stake, performance often takes precedence at the expense of security and reliability. These performance and programmability overheads are rooted at the co-evolution of conventional architectures and OSs, which expose isolation in terms of a loose "virtual CPU" model. Operating Systems (OSs) expose isolation domains to users in the form of processes. The OS kernel is isolated from user code by running at a separate privileged level. At the same time, user processes are isolated from each other through the utilization of different page tables. The OS kernel then multiplexes processes across the available physical resources, providing processes the illusion of having a machine for their exclusive use. Given this virtual CPU model, processes interact through interfaces designed for distributed systems, making their programming and performance poorer. The architectural foundations used for building processes impose performance overheads in the excess of 10× and 1000× compared to a function call (for privilege level and page table switches, respectively). Even more, not all overheads can be attributed to the hardware itself, but to the inherent overheads imposed by current OS designs; the OS kernel must mediate cross-process communications through expensive Inter-Process Communication (IPC) operations, which deviate from the traditional synchronous function call semantics. Threads are bound to their creating process, and invoking functionality across processes requires costly OS kernel mediation and application developer involvement to synchronize and exchange information through IPC channels. This thesis proposes a hardware and software co-design that eliminate the overheads of process isolation, while providing a path for gradual adoption for more aggressive optimizations. That is, it allows processes to efficiently call into functions residing on other isolation domains (e.g., processes) without breaking the synchronous function call semantics. On the hardware side, this thesis proposes the CODOMs protection architecture. It provides memory and privilege protection across software components in a way that is at the same time very efficient and very flexible. This hardware substrate is then used to propose DomOS, a set of changes to the OS at the runtime and kernel layers to allow threads to efficiently and securely cross process boundaries using regular function calls. That is, a thread in one process is allowed to call into a function residing in another process without involving the OS in the critical communication path. This is achieved by mapping processes into a shared address space and eliminating IPC overheads through a combination of new hardware primitives and compile-time and run-time optimizations. IPC in DomOS is up to 24× times faster than Linux pipes, and up to 14× times faster than IPC in L4 Fiasco.OC. When applied to a multi-tier web server, DomOS performs up to 2.18× better than an unmodified Linux system, and 1.32× on average. On all configurations, DomOS provides more than 85% of the ideal system efficiency.
Els sistemes software d'avui en dia contenen una multitud de components software: des de simples llibreries fins a plugins o serveis complexos. La seguretat i fiabilitat d'aquests sistemes depèn de ser capaç d'aïllar cadascun d'aquests components en un domini a part. L'aïllament en els sistemes convencionals imposa grans costos tant en el rendiment com en la programabilitat del sistema. És més, tots els sistemes solen donar prioritat al rendiment sobre qualsevol altre consideració, degradant la seguretat i fiabilitat del sistema. Aquests costos en rendiment i programabilitat són deguts a la co-evolució de les arquitectures i Sistemes Operatius (SOs) convencionals, que exposen l'aïllament en termes d'un model de "CPUs virtuals". Els SOs encarnen aquest model a través dels processos que proprcionen. El SO s'aïlla del codi d'usuari a través d'un nivell de privilegi separat. Al mateix temps, els processos d'usuari estan aïllats els uns dels altres al utilitzar taules de pàgines separades. El nucli del SO multiplexa aquests processos entre els diferents recursos físics del sistema, proporcionant-los la il·lusió d'estar executant-se en una màquina per al seu ús exclusiu. Donat aquest model, els processos interactuen a través d'interfícies que han estat dissenyades per a sistemes distribuïts, empitjorant-ne la programabilitat i rendiment. Els elements de l'arquitectura que s'utilitzen per a construïr processos imposen costos en el rendiment que superen el 10x i 1000x en comparació amb una simple crida a funció (en el cas de nivells de privilegi i canvis de taula de pàgina, respectivament). És més, part d'aquests costos no vénen donats per l'arquitectura, sinó pels costos inherents al disseny dels SOs actuals. El nucli del SO actua com a mitjancer en la comunicació entre processos a través de primitives conegudes com a IPC. El IPC no és només costós en termes de rendiment, sinó que a més a més es desvia de les semàntiques tradicionals de crida síncrona de funcions. Tot "thread" està lligat al procés que el crea, i la invocació de funcionalitat entre processos requereix de la costosa mediació del SO i de la participació del programador a l'hora de sincronitzar "threads" i intercanviar informacio a través dels canals d'IPC. Aquesta tesi proposa un co-disseny del programari i del maquinari que elimina els costos de l'aïllament basat en processos, alhora que proporciona un camí per a l'adopció gradual d'optimitzacions més agressives. És a dir, permet que qualsevol procés faci una simple crida a una funció que està en un altre domini d'aïllament (com ara un altre procés) sense trencar la la semàntica de les crides síncrones a funció. Aquesta tesi proposa l'arquitectura de protecció CODOMs, que proporciona protecció de memòria i privilegis entre components de programari d'una forma que és, alhora, eficient i flexible. Aquest substrat del maquinari és aleshores utilitzat per proposar DomOS, un conjunt de canvis al SO al nivell del "runtime" i del nucli que permeten a qualsevol "thread" fer crides a funció de forma eficient i segura a codi que resideix en d'altres processos. És a dir, que el "thread" d'un procés pot cridar una funció d'un altre procés sense haver de passar pel SO en el seu camí crític. Això s'aconsegueix a través de mapejar tots els processos en un espai d'adreces compartit i d'eliminar tots els costos d'IPC a través d'una combinació de noves primitives en el maquinari i d'optimitzacions en temps de compilació i en temps d'execució. El IPC a DomOS és fins a 24x més ràpid que les pipes a Linux, i fins a 14x més ràpid que el IPC al SO L4 Fiasco.OC. Si s'aplica el sistema a un servidor web multi-capa, DomOS és fins a 2.18x més ràpid que un sistema Linux no modificat, i 1.32x més ràpid de mitjana. En totes les configuracions, DomOS proporciona més del 85% de la eficiència d'un sistema ideal.
APA, Harvard, Vancouver, ISO, and other styles
2

Goonasekera, Nuwan Abhayawardena. "Program-level support for protecting an application from untrustworthy components." Thesis, Queensland University of Technology, 2012. https://eprints.qut.edu.au/60851/1/Nuwan_Goonasekera_Thesis.pdf.

Full text
Abstract:
Many software applications extend their functionality by dynamically loading executable components into their allocated address space. Such components, exemplified by browser plugins and other software add-ons, not only enable reusability, but also promote programming simplicity, as they reside in the same address space as their host application, supporting easy sharing of complex data structures and pointers. However, such components are also often of unknown provenance and quality and may be riddled with accidental bugs or, in some cases, deliberately malicious code. Statistics show that such component failures account for a high percentage of software crashes and vulnerabilities. Enabling isolation of such fine-grained components is therefore necessary to increase the stability, security and resilience of computer programs. This thesis addresses this issue by showing how host applications can create isolation domains for individual components, while preserving the benefits of a single address space, via a new architecture for software isolation called LibVM. Towards this end, we define a specification which outlines the functional requirements for LibVM, identify the conditions under which these functional requirements can be met, define an abstract Application Programming Interface (API) that encompasses the general problem of isolating shared libraries, thus separating policy from mechanism, and prove its practicality with two concrete implementations based on hardware virtualization and system call interpositioning, respectively. The results demonstrate that hardware isolation minimises the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution’s correctness. This thesis concludes that, not only is it feasible to create such isolation domains for individual components, but that it should also be a fundamental operating system supported abstraction, which would lead to more stable and secure applications.
APA, Harvard, Vancouver, ISO, and other styles
3

Maisuradze, Giorgi [Verfasser], and Christian [Akademischer Betreuer] Rossow. "Assessing the security of hardware-assisted isolation techniques / Giorgi Maisuradze ; Betreuer: Christian Rossow." Saarbrücken : Saarländische Universitäts- und Landesbibliothek, 2019. http://d-nb.info/120658873X/34.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Behrens, Diogo. "Error isolation in distributed systems." Doctoral thesis, Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2016. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-203428.

Full text
Abstract:
In distributed systems, if a hardware fault corrupts the state of a process, this error might propagate as a corrupt message and contaminate other processes in the system, causing severe outages. Recently, state corruptions of this nature have been observed surprisingly often in large computer populations, e.g., in large-scale data centers. Moreover, since the resilience of processors is expected to decline in the near future, the likelihood of state corruptions will increase even further. In this work, we argue that preventing the propagation of state corruption should be a first-class requirement for large-scale fault-tolerant distributed systems. In particular, we propose developers to target error isolation, the property in which each correct process ignores any corrupt message it receives. Typically, a process cannot decide whether a received message is corrupt or not. Therefore, we introduce hardening as a class of principled approaches to implement error isolation in distributed systems. Hardening techniques are (semi-)automatic transformations that enforce that each process appends an evidence of good behavior in the form of error codes to all messages it sends. The techniques “virtualize” state corruptions into more benign failures such as crashes and message omissions: if a faulty process fails to detect its state corruption and abort, then hardening guarantees that any corrupt message the process sends has invalid error codes. Correct processes can then inspect received messages and drop them in case they are corrupt. With this dissertation, we contribute theoretically and practically to the state of the art in fault-tolerant distributed systems. To show that hardening is possible, we design, formalize, and prove correct different hardening techniques that enable existing crash-tolerant designs to handle state corruption with minimal developer intervention. To show that hardening is practical, we implement and evaluate these techniques, analyzing their effect on the system performance and their ability to detect state corruptions in practice.
APA, Harvard, Vancouver, ISO, and other styles
5

Behrens, Diogo, Marco Serafini, Sergei Arnautov, Flavio Junqueira, and Christof Fetzer. "Scalable error isolation for distributed systems: modeling, correctness proofs, and additional experiments." Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2016. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-203622.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Behrens, Diogo, Marco Serafini, Sergei Arnautov, Flavio Junqueira, and Christof Fetzer. "Scalable error isolation for distributed systems: modeling, correctness proofs, and additional experiments." Technische Universität Dresden, 2015. https://tud.qucosa.de/id/qucosa%3A29539.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Sensaoui, Abderrahmane. "Etude et implémentation de mécanismes de protection d'exécution d'applications embarquées." Thesis, Université Grenoble Alpes, 2020. http://www.theses.fr/2020GRALM002.

Full text
Abstract:
En considérant la vitesse avec laquelle la technologie des systèmes embarqués progresse, il n’est pas étonnant que le nombre des attaques des systèmes soit en nette augmentation. De nombreuses applications sont développées rapidement et sont écrites avec un langage bas niveau pour suivre le rythme avec lequel progresse l’industrie des systèmes embarqués. Souvent, ces applications contiennent beaucoup de bugs. Certains bugs peuvent être exploités pour pénétrer un système et exécuter un code malveillant. Aujourd’hui, la revue de code peut s’avérer très coûteuse vu la taille des codes développés. En outre, une revue détaillée de code ne garantit pas un système infaillible.Cette thèse présente une architecture permettant l'exécution de plusieurs applications sécurisées et non sécurisées sur une même plate-forme « légère ». Notre architecture doit garantir que même s’il y a une application compromise, les attaquants ne peuvent pas compromettre la totalité du système et/ou récupérer les données des autres applications. Elle doit garantir une forte séparation entre tous les périphériques et les applications présents sur la plate-forme. Finalement, elle doit aussi être capable de vérifier l’état de n’importe quel bout de code. Pour pouvoir garantir ces points, nous utiliserons des techniques d’isolation et d’attestation.Dans un premier temps, nous avons étudié plusieurs architectures d’isolation et d’attestation décrites dans la littérature et utilisés par l’industrie. L’étude a montré qu’il existe une grande variété d’architectures intéressantes offrant différents niveaux de protection et visant différents systèmes. Les systèmes avec une grande capacité de calcul proposent un bon niveau de protection. Par contre, les systèmes « légers », qui ont des ressources très limitées et doivent répondre aux contraintes temporelles, échouent dans au moins un des critères suivants : l’isolation, les performances, le coût, ou bien la flexibilité.À l’issue de cette étude, nous avons conçu Toubkal. Une solution hybride (Co-design logiciel et matériel) pour offrir une architecture d’isolation et d’attestation modulaire qui permet d’établir une isolation sur plusieurs niveaux, de détecter la présence d’un logiciel malveillant ou une donnée malveillante avec des performances acceptables et un coût réduit.Toubkal est principalement composé de trois modules ; deux matériels et un logiciel. Le premier module, appelé Master Memory Protection, permet de créer un premier niveau d’isolation pour contrôler les accès mémoire des périphériques. Le deuxième module, appelé Execution Aware Protection, permet de renforcer la protection d’un logiciel critique, y compris le système d’exploitation. Ces deux niveaux d’isolation permettent de réduire la surface d’attaque.L’isolation toute seule ne suffit pas pour garantir que les applications fonctionnent comme il le faut. En fait, l’attaquant peut toujours modifier le comportement d’une application faillible. Pour cela, Toubkal propose un root immuable qui permet d’attester l’intégrité des autres applications.Pour valider le design de Toubkal, nous avons défini des propriétés de sécurité que nous avons prouvé avec la vérification formelle. Nous avons aussi évalué la taille de Toubkal. Les résultats montrent que le coût de Toubkal est acceptable pour un système dit « léger ».Finalement, nous avons conclu cette thèse avec une discussion des limitations de Toubkal et les perspectives pour améliorer le design et offrir plus de protection, comme par exemple le chiffrement du code à coût caché
Looking at the speed by which embedded systems technologies are advancing, there is no surprise the attacks' number is rising. Many applications are written quickly in a low-level language to keep up with industry pace, and they contain a variety of bugs. Bugs can be used to break into a device and to run malicious code. Reviewing code becomes more and more complex and costly due to its size. Another factor complicating code review is the use of on-the-shelf libraries. Even a detailed code review does not guarantee a bug-free application.This thesis presents an architecture to run securely untrusted applications on the same platform. We assume that the applications contain exploitable bugs, even the operating system can be exploited. We also assume that attackers can take control of In/Out hardware components (e.g., Direct Memory Access (DMA)). The device is trusted when the architecture guarantees that attackers cannot compromise the whole device and access sensitive code and data. Even when an application is compromised, our architecture guarantees a strong separation of multiple components: hardware and software. It ensures the authenticity and integrity of embedded applications and can verify their state before any sensitive operation. The architecture guarantees, for local and remote parties, that the device is running properly, and protect against software attacks.First, we study multiple attack vector and isolation and attestation architectures. We present multiple software attack vectors, and we define the security features and properties that these architectures need to ensure. We provide a detailed description of fifteen existing architectures in both academia and industry, and we compare their features. Then, we provide an in-depth study of five lightweight architectures where we give a comparison of performance, size, and how they behave against software-based attacks. From these studies, we draw our security objectives for lightweight devices: multi-layer isolation, attestation, upgradability, confidentiality, small size with a negligible run-time overhead and ease-of-use.Then, we design hybrid isolation and attestation architecture for lightweight devices. The so-called Toubkal offers multi-layered isolation; the system is composed of three layers of isolation. The first one is at the hardware level to separate In/Out components from each other. The second one is at the security monitor level; our study shows that there is a strong need to create a real separation between the security monitor and all the rest. Finally, the third layer is at the application level.However, isolation itself is not sufficient. Devices still need to ensure that the running application behaves as it was intended. For this reason, Toubkal provides attestation to be able to check the state of a device at any-time. It guarantees that a software component or data were not compromised.Finally, we prove the correctness of the security properties that Toubkal provides. We modeled Toubkal as a finite state machine and used computer-aided formal verification to prove the security properties. Then, we evaluated Toubkal's overhead. The results show that Toubkal overhead is small and fit for lightweight devices
APA, Harvard, Vancouver, ISO, and other styles
8

Ducasse, Quentin. "Sécurisation matérielle de la compilation à la volée des machines virtuelles langage." Electronic Thesis or Diss., Brest, École nationale supérieure de techniques avancées Bretagne, 2024. http://www.theses.fr/2024ENTA0003.

Full text
Abstract:
Les machines virtuelles langage (VM) sont l’environnement d’exécution des langages de haut niveau les plus répandus. Elles permettent une portabilité du code applicatif et la gestion automatique de la mémoire. Leur large diffusion couplée à l’exécution de tâches de bas niveau les rendent intéressantes pour les attaquants. Les solutions purement logicielles entraînent souvent une perte de performance incompatible avec la compilation just-in-time (JIT). Des solutions accélérées matériellement sont ajoutées dans des processeurs commerciaux pour concilier des garanties de sécurité fortes avec la performance. Pour comparer ces solutions, cette thèse s’intéresse au jeu d’instructions RISC-V et à ses capacités d’extension. Nous présentons Gigue, un générateur de binaires similaires au code JIT directement exécutables sur les softcores RISC-V. Il fournit une interface pour des instructions personnalisées et garantit leur exécution. Nous présentons une solution d’isolation de domaine au niveau des instructions ajoutée aux binaires de Gigue et déployée dans un processeur avec des modifications minimales. La solution ajoute un surcoût de performance négligeable tout en garantissant des propriétés fortes sur les domaines. Afin de motiver le déploiement dans des cas d’utilisation réels, nous étendons le compilateur JIT Pharo au jeu d’instructions RISC-V, ainsi que son infrastructure de test
Language Virtual Machines (VMs) are the run-time environment of popular high level managed languages. They offer portability and memory handling for the developer and are deployed on most computing devices. Their widespread distribution, handling of untrusted user inputs, and low-level task execution make them interesting to attackers. Software-only solutions that isolate their different components often incur a high performance overhead incompatible with just-in-time (JIT) compilation. Hardware-accelerated run time protections are pushed in vendor processors as a solution to conciliate strong security guarantees with performance. To allow experimentation in the design and comparison of such solutions, this thesis is interested in the RISC-V instruction set and its extension capabilities. We present Gigue, a workload generator that outputs binaries similar to JIT code directly executable on RISC-V softcores. It provides an interface for custom instructions and guarantees their execution. We present an instruction-level domain isolation solution added to Gigue binaries and implemented in an application-class processor with processor modifications. The solution adds negligible performance overhead while enforcing strong properties on domains. As an effort to motivate deployment in real use cases, we extend the Pharo JIT compiler to the RISC-V instruction set along with its testing infrastructure
APA, Harvard, Vancouver, ISO, and other styles
9

Wang, Shuo. "Control of a Uni-Axial Magnetorheological Vibration Isolator." University of Toledo / OhioLINK, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1302200947.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Benhani, El mehdi. "Sécurité des systèmes sur puce complexes hétérogènes." Thesis, Lyon, 2020. http://www.theses.fr/2020LYSES016.

Full text
Abstract:
La thèse étudie la sécurité de la technologie ARM TrustZone dans le cadre des SoCs complexes hétérogènes. La thèse présente des attaques matérielles qui touchent des éléments de l’architecture des SoCs et elle présente aussi des stratégies de contremesure
The thesis studies the security of the ARM TrustZone technology in the context of complex heterogeneous SoCs. The thesis presents hardware attacks that affect elements of the SoCs architecture and it also presents countermeasure strategies
APA, Harvard, Vancouver, ISO, and other styles

Books on the topic "Hardware isolation"

1

Patterson, Christopher B. Open World Empire. NYU Press, 2020. http://dx.doi.org/10.18574/nyu/9781479802043.001.0001.

Full text
Abstract:
Video games vastly outpace all other entertainment media in revenue and in global reach. On the surface, games do not appear ideological, nor are they categorized as national products, yet their very existence has been conditioned upon the spread of militarized technology, the exploitation of already existing labor and racial hierarchies in their manufacture, and the utopian promises of digital technology. Like literature and film before them, video games have become the main artistic expression of empire today and thus form an understanding for how war and imperial violence proceed under the signs of openness, transparency, and digital utopia. To understand games as such, this book uses Asian American critiques to discusses games as Asian-inflected commodities, with their hardware assembled in Asia, their most talented e-sports players of Asian origin, and most of their genres formed by Asian companies (Nintendo, Sony, Sega). Games draw on established discourses of Asia to provide an “Asiatic” space, a playful sphere of racial otherness that straddles notions of the queer, the exotic, the bizarre, and the erotic, reminiscent of the works of Roland Barthes, Michel Foucault, and Eve Sedgwick. Thinking through games like Overwatch, Call of Duty 4: Modern Warfare, Shenmue II, and Alien: Isolation, Patterson reads against the open world empire by playing games erotically, as players do—seeing games as Asiatic playthings that afford new passions, pleasures, desires, and attachments, with grave attention to how games allow us to tell our own stories about ourselves.
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Hardware isolation"

1

Passaretti, Daniele, Felix Boehm, Martin Wilhelm, and Thilo Pionteck. "Hardware Isolation Support for Low-Cost SoC-FPGAs." In Architecture of Computing Systems, 148–63. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-21867-5_10.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Zhang, Kening, Ronald F. DeMara, and Carthik A. Sharma. "Consensus-Based Evaluation for Fault Isolation and On-line Evolutionary Regeneration." In Evolvable Systems: From Biology to Hardware, 12–24. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005. http://dx.doi.org/10.1007/11549703_2.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Ye, Mengmei, Myra B. Cohen, Witawas Srisa-an, and Sheng Wei. "EvoIsolator: Evolving Program Slices for Hardware Isolation Based Security." In Search-Based Software Engineering, 377–82. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-319-99241-9_24.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Dowsley, Rafael, Jörn Müuller-Quade, and Tobias Nilges. "Weakening the Isolation Assumption of Tamper-Proof Hardware Tokens." In Lecture Notes in Computer Science, 197–213. Cham: Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-17470-9_12.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Ding, Baozeng, Fufeng Yao, Yanjun Wu, and Yeping He. "Improving Flask Implementation Using Hardware Assisted In-VM Isolation." In IFIP Advances in Information and Communication Technology, 115–25. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-30436-1_10.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Tople, Shruti, Soyeon Park, Min Suk Kang, and Prateek Saxena. "VeriCount: Verifiable Resource Accounting Using Hardware and Software Isolation." In Applied Cryptography and Network Security, 657–77. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-319-93387-0_34.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Shi, Bin, Lei Cui, Bo Li, Xudong Liu, Zhiyu Hao, and Haiying Shen. "ShadowMonitor: An Effective In-VM Monitoring Framework with Hardware-Enforced Isolation." In Research in Attacks, Intrusions, and Defenses, 670–90. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-030-00470-5_31.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Wang, Zhuoyue, Zhiqiang Wang, Jinyang Zhao, and Yaping Chi. "PCCP: A Private Container Cloud Platform Supporting Domestic Hardware and Software." In Proceeding of 2021 International Conference on Wireless Communications, Networking and Applications, 399–407. Singapore: Springer Nature Singapore, 2022. http://dx.doi.org/10.1007/978-981-19-2456-9_41.

Full text
Abstract:
AbstractWith the widespread use of container cloud, the security issue is becoming more and more critical. While dealing with common security threats in cloud platforms and traditional data centres, there are some new security issues and challenges in the container cloud platform. For example, there are significant challenges in network isolation and resource management. This paper proposes a private container cloud platform PCCP based on Docker supporting domestic software and hardware to solve these security problems. This paper introduces the system architecture and functional architecture of the platform. The system has been tested and confirmed to have high availability and high reliability. The platform gives full play to the value of domestic software and hardware and is better able to serve the information construction of our country.
APA, Harvard, Vancouver, ISO, and other styles
9

Yuan, Shenghao, Frédéric Besson, Jean-Pierre Talpin, Samuel Hym, Koen Zandberg, and Emmanuel Baccelli. "End-to-End Mechanized Proof of an eBPF Virtual Machine for Micro-controllers." In Computer Aided Verification, 293–316. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-13188-2_15.

Full text
Abstract:
AbstractRIOT is a micro-kernel dedicated to IoT applications that adopts eBPF (extended Berkeley Packet Filters) to implement so-called femto-containers. As micro-controllers rarely feature hardware memory protection, the isolation of eBPF virtual machines (VM) is critical to ensure system integrity against potentially malicious programs. This paper shows how to directly derive, within the Coq proof assistant, the verified C implementation of an eBPF virtual machine from a Gallina specification. Leveraging the formal semantics of the CompCert C compiler, we obtain an end-to-end theorem stating that the C code of our VM inherits the safety and security properties of the Gallina specification. Our refinement methodology ensures that the isolation property of the specification holds in the verified C implementation. Preliminary experiments demonstrate satisfying performance.
APA, Harvard, Vancouver, ISO, and other styles
10

Malipatlolla, Sunil. "A Novel Approach for a Hardware-Based Secure Process Isolation in an Embedded System." In Communications in Computer and Information Science, 1–9. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-40576-1_1.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Hardware isolation"

1

Ekberg, Jan-Erik. "Hardware Isolation for Trusted Execution." In CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM, 2016. http://dx.doi.org/10.1145/2994459.2994460.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Song, Chengyu, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. "HDFI: Hardware-Assisted Data-Flow Isolation." In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 2016. http://dx.doi.org/10.1109/sp.2016.9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Ye, Mengmei, Nianhang Hu, and Sheng Wei. "Lightweight secure sensing using hardware isolation." In 2016 IEEE SENSORS. IEEE, 2016. http://dx.doi.org/10.1109/icsens.2016.7808904.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Athalye, Anish, Frans Kaashoek, Nickolai Zeldovich, and Joseph Tassarotti. "The K2 Architecture for Trustworthy Hardware Security Modules." In KISV '23: 1st Workshop on Kernel Isolation, Safety and Verification. New York, NY, USA: ACM, 2023. http://dx.doi.org/10.1145/3625275.3625402.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Kumar Saha, Sujan, and Christophe Bobda. "FPGA Accelerated Embedded System Security Through Hardware Isolation." In 2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). IEEE, 2020. http://dx.doi.org/10.1109/asianhost51057.2020.9358258.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Jang, Jinsoo, and Brent Byunghoon Kang. "In-process Memory Isolation Using Hardware Watchpoint." In DAC '19: The 56th Annual Design Automation Conference 2019. New York, NY, USA: ACM, 2019. http://dx.doi.org/10.1145/3316781.3317843.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Ibn Ziad, M. Tarek, Amr Alanwar, Yousra Alkabani, M. Watheq El-Kharashi, and Hassan Bedour. "Homomorphic Data Isolation for Hardware Trojan Protection." In 2015 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). IEEE, 2015. http://dx.doi.org/10.1109/isvlsi.2015.66.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Chen, Sui, Lu Peng, and Samuel Irving. "Accelerating GPU Hardware Transactional Memory with Snapshot Isolation." In ISCA '17: The 44th Annual International Symposium on Computer Architecture. New York, NY, USA: ACM, 2017. http://dx.doi.org/10.1145/3079856.3080204.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Leontie, Eugen, Gedare Bloom, Bhagirath Narahari, Rahul Simha, and Joseph Zambreno. "Hardware-enforced fine-grained isolation of untrusted code." In the first ACM workshop. New York, New York, USA: ACM Press, 2009. http://dx.doi.org/10.1145/1655077.1655082.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Garcia R., Ferreiro, Perez Castelo J., Pinon Pazos A., and Calvo Rolle J.L. "On Fault Isolation by Functional and Hardware Redundancy." In World Automation Congress (WAC) 2006. IEEE, 2006. http://dx.doi.org/10.1109/wac.2006.375955.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Hardware isolation"

1

Author, Not Given. Characteristics of spent fuel, high-level waste, and other radioactive wastes which may require long-term isolation: Appendix 2E, Physical descriptions of LWR nonfuel assembly hardware, Appendix 2F, User's guide to the LWR nonfuel assembly data base. Office of Scientific and Technical Information (OSTI), December 1987. http://dx.doi.org/10.2172/5294562.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Wu, Yingjie, Selim Gunay, and Khalid Mosalam. Hybrid Simulations for the Seismic Evaluation of Resilient Highway Bridge Systems. Pacific Earthquake Engineering Research Center, University of California, Berkeley, CA, November 2020. http://dx.doi.org/10.55461/ytgv8834.

Full text
Abstract:
Bridges often serve as key links in local and national transportation networks. Bridge closures can result in severe costs, not only in the form of repair or replacement, but also in the form of economic losses related to medium- and long-term interruption of businesses and disruption to surrounding communities. In addition, continuous functionality of bridges is very important after any seismic event for emergency response and recovery purposes. Considering the importance of these structures, the associated structural design philosophy is shifting from collapse prevention to maintaining functionality in the aftermath of moderate to strong earthquakes, referred to as “resiliency” in earthquake engineering research. Moreover, the associated construction philosophy is being modernized with the utilization of accelerated bridge construction (ABC) techniques, which strive to reduce the impact of construction on traffic, society, economy and on-site safety. This report presents two bridge systems that target the aforementioned issues. A study that combined numerical and experimental research was undertaken to characterize the seismic performance of these bridge systems. The first part of the study focuses on the structural system-level response of highway bridges that incorporate a class of innovative connecting devices called the “V-connector,”, which can be used to connect two components in a structural system, e.g., the column and the bridge deck, or the column and its foundation. This device, designed by ACII, Inc., results in an isolation surface at the connection plane via a connector rod placed in a V-shaped tube that is embedded into the concrete. Energy dissipation is provided by friction between a special washer located around the V-shaped tube and a top plate. Because of the period elongation due to the isolation layer and the limited amount of force transferred by the relatively flexible connector rod, bridge columns are protected from experiencing damage, thus leading to improved seismic behavior. The V-connector system also facilitates the ABC by allowing on-site assembly of prefabricated structural parts including those of the V-connector. A single-column, two-span highway bridge located in Northern California was used for the proof-of-concept of the proposed V-connector protective system. The V-connector was designed to result in an elastic bridge response based on nonlinear dynamic analyses of the bridge model with the V-connector. Accordingly, a one-third scale V-connector was fabricated based on a set of selected design parameters. A quasi-static cyclic test was first conducted to characterize the force-displacement relationship of the V-connector, followed by a hybrid simulation (HS) test in the longitudinal direction of the bridge to verify the intended linear elastic response of the bridge system. In the HS test, all bridge components were analytically modeled except for the V-connector, which was simulated as the experimental substructure in a specially designed and constructed test setup. Linear elastic bridge response was confirmed according to the HS results. The response of the bridge with the V-connector was compared against that of the as-built bridge without the V-connector, which experienced significant column damage. These results justified the effectiveness of this innovative device. The second part of the study presents the HS test conducted on a one-third scale two-column bridge bent with self-centering columns (broadly defined as “resilient columns” in this study) to reduce (or ultimately eliminate) any residual drifts. The comparison of the HS test with a previously conducted shaking table test on an identical bridge bent is one of the highlights of this study. The concept of resiliency was incorporated in the design of the bridge bent columns characterized by a well-balanced combination of self-centering, rocking, and energy-dissipating mechanisms. This combination is expected to lead to minimum damage and low levels of residual drifts. The ABC is achieved by utilizing precast columns and end members (cap beam and foundation) through an innovative socket connection. In order to conduct the HS test, a new hybrid simulation system (HSS) was developed, utilizing commonly available software and hardware components in most structural laboratories including: a computational platform using Matlab/Simulink [MathWorks 2015], an interface hardware/software platform dSPACE [2017], and MTS controllers and data acquisition (DAQ) system for the utilized actuators and sensors. Proper operation of the HSS was verified using a trial run without the test specimen before the actual HS test. In the conducted HS test, the two-column bridge bent was simulated as the experimental substructure while modeling the horizontal and vertical inertia masses and corresponding mass proportional damping in the computer. The same ground motions from the shaking table test, consisting of one horizontal component and the vertical component, were applied as input excitations to the equations of motion in the HS. Good matching was obtained between the shaking table and the HS test results, demonstrating the appropriateness of the defined governing equations of motion and the employed damping model, in addition to the reliability of the developed HSS with minimum simulation errors. The small residual drifts and the minimum level of structural damage at large peak drift levels demonstrated the superior seismic response of the innovative design of the bridge bent with self-centering columns. The reliability of the developed HS approach motivated performing a follow-up HS study focusing on the transverse direction of the bridge, where the entire two-span bridge deck and its abutments represented the computational substructure, while the two-column bridge bent was the physical substructure. This investigation was effective in shedding light on the system-level performance of the entire bridge system that incorporated innovative bridge bent design beyond what can be achieved via shaking table tests, which are usually limited by large-scale bridge system testing capacities.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Hardware isolation' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography