From 543bacbe55039d601290c5672450551812efda8c Mon Sep 17 00:00:00 2001
From: Anjo Vahldiek-Oberwagner <anjo.lucas.vahldiek-oberwagner@intel.com>
Date: Fri, 11 Oct 2024 11:13:42 +0200
Subject: [PATCH] rebuilding site Fri Oct 11 11:13:42 CEST 2024

---
 404.html                              |   8 +-
 index.html                            | 102 ++++++++++++++------------
 index.json                            |   2 +-
 index.xml                             |  18 ++---
 project/erim/index.html               |  48 ------------
 publication/index.html                |  58 ---------------
 publication/index.xml                 |   9 ---
 publication_types/1/index.html        |  24 +++---
 publication_types/1/index.xml         |  11 +--
 publication_types/1/page/2/index.html |  11 +--
 publication_types/index.html          |   2 +-
 publication_types/index.xml           |   4 +-
 sitemap.xml                           |  12 +--
 13 files changed, 85 insertions(+), 224 deletions(-)

diff --git a/404.html b/404.html
index 6deef21..e56e745 100755
--- a/404.html
+++ b/404.html
@@ -373,10 +373,6 @@ <h2>Publications</h2>
     <li><a href="/publication/constable-2024-modelintegrity/">METHODS AND APPARATUS TO VERIFY THE INTEGRITY OF A MODEL</a></li>
   </ul>
   
-  <ul>
-    <li><a href="/publication/peng-2025/">Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication</a></li>
-  </ul>
-  
   <ul>
     <li><a href="/publication/vahldiek-oberwagner-2024-modelaccuracy/">Artificial intelligence model accuracy validation</a></li>
   </ul>
@@ -389,6 +385,10 @@ <h2>Publications</h2>
     <li><a href="/publication/narayan-2024/">Hardware-Assisted Fault Isolation: Going Beyond the Limits of Software-Based Sandboxing</a></li>
   </ul>
   
+  <ul>
+    <li><a href="/publication/lemay-2024-rtcall/">REDUCING INSTRUMENTATION CODE BLOAT AND PERFORMANCE OVERHEADS USING A RUNTIME CALL INSTRUCTION</a></li>
+  </ul>
+  
   
 
   
diff --git a/index.html b/index.html
index 610d2a2..eff49c8 100755
--- a/index.html
+++ b/index.html
@@ -826,54 +826,6 @@ <h1>Selected Publications</h1>
     
     
       
-        <div class="pub-list-item" style="margin-bottom: 1rem" itemscope itemtype="http://schema.org/CreativeWork">
-  <i class="far fa-file-alt pub-icon" aria-hidden="true"></i>
-  <a href="/publication/peng-2025/" itemprop="name">Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication</a>
-  <div itemprop="author">
-    Dinglan Peng, Congyu Liu, Tapti Palit, Anjo Vahldiek-Oberwagner, Mona Vij, Pedro Fonseca</div>
-  ACM EuroSys,
-  2024.
-  <p>
-
-
-
-
-
-
-
-  
-
-
-
-
-<button type="button" class="btn btn-outline-primary my-1 mr-1 btn-sm js-cite-modal"
-        data-filename="/publication/peng-2025/peng-2025.bib">
-  Cite
-</button>
-
-
-
-
-
-  
-  
-  
-
-
-
-
-
-
-
-
-
-
-</p>
-</div>
-
-      
-    
-      
         <div class="pub-list-item" style="margin-bottom: 1rem" itemscope itemtype="http://schema.org/CreativeWork">
   <i class="far fa-file-alt pub-icon" aria-hidden="true"></i>
   <a href="/publication/yang-2024-endokernel/" itemprop="name">Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation</a>
@@ -1380,6 +1332,60 @@ <h1>Selected Publications</h1>
 
 
 
+</p>
+</div>
+
+      
+    
+      
+        <div class="pub-list-item" style="margin-bottom: 1rem" itemscope itemtype="http://schema.org/CreativeWork">
+  <i class="far fa-file-alt pub-icon" aria-hidden="true"></i>
+  <a href="/publication/elnikety-2016/" itemprop="name">Thoth : Comprehensive Policy Compliance in Data Retrieval Systems</a>
+  <div itemprop="author">
+    Eslam Elnikety, Aastha Mehta, Anjo Vahldiek-oberwagner, Deepak Garg, Peter Druschel</div>
+  Usenix Security,
+  2016.
+  <p>
+
+
+
+
+
+
+
+  
+    
+  
+
+
+<a class="btn btn-outline-primary my-1 mr-1 btn-sm" href="https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/elnikety" target="_blank" rel="noopener">
+  PDF
+</a>
+
+
+
+<button type="button" class="btn btn-outline-primary my-1 mr-1 btn-sm js-cite-modal"
+        data-filename="/publication/elnikety-2016/elnikety-2016.bib">
+  Cite
+</button>
+
+
+
+
+
+  
+  
+  
+
+
+
+
+
+
+
+
+
+
 </p>
 </div>
 
diff --git a/index.json b/index.json
index c042d70..3de222a 100755
--- a/index.json
+++ b/index.json
@@ -1 +1 @@
-[{"authors":["Scott Douglas Constable","Marcin Andrzej Chrapek","Marcin Spoczynski","Cory Cornelius","Mona Vij","Anjo Lucas Vahldiek-Oberwagner"],"categories":null,"content":"","date":1727913600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1727913600,"objectID":"184e494ef5b66f5bbe3b4115c544fbab","permalink":"https://vahldiek.github.io/publication/constable-2024-modelintegrity/","publishdate":"2024-10-03T00:00:00Z","relpermalink":"/publication/constable-2024-modelintegrity/","section":"publication","summary":"Methods, apparatus, systems, and articles of manufacture to verify integrity of a model are disclosed. An example apparatus includes programmable circuitry to initialize an instance of a trusted execution environment; upload a security manifest of the trusted execution environment and a machine learning model; determine whether to store the machine learning model into a memory based on checking of the security manifest; determine whether the machine learning model is valid; and output a validation result.","tags":null,"title":"METHODS AND APPARATUS TO VERIFY THE INTEGRITY OF A MODEL","type":"publication"},{"authors":["Dinglan Peng","Congyu Liu","Tapti Palit","Anjo Vahldiek-Oberwagner","Mona Vij","Pedro Fonseca"],"categories":null,"content":"","date":1726790400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1726790400,"objectID":"1aec17be03a3f87c7d11972f75aee090","permalink":"https://vahldiek.github.io/publication/peng-2025/","publishdate":"2024-09-20T00:00:00Z","relpermalink":"/publication/peng-2025/","section":"publication","summary":"Modern software architectures in cloud computing are highly reliant\r\non interconnected local and remote services.\r\nPopular architectures, such as the service mesh,\r\nrely on the use of independent services or sidecars for\r\na single application. While such modular approaches\r\nsimplify application development and deployment,\r\nthey also introduce significant communication overhead since\r\nnow even local communication that is handled by the kernel\r\nbecomes a performance bottleneck. This problem has been\r\nidentified and partially solved for remote communication over\r\nfast NICs through the use of kernel-bypass data plane systems.\r\nHowever, existing kernel-bypass\r\nmechanisms challenge their practical deployment by either\r\nrequiring code modification or supporting only a small subset of the network\r\ninterface.\r\n\r\nIn this paper, we propose Pegasus, a framework for transparent\r\nkernel bypass for local and remote communication.\r\nBy transparently fusing multiple applications into a single\r\nprocess, Pegasus provides an in-process *fast path* to\r\nbypass the kernel for local communication.\r\nTo accelerate remote communication over fast NICs, Pegasus\r\nuses DPDK to directly access the NIC.\r\nPegasus supports transparent kernel bypass\r\nfor unmodified binaries by implementing core OS services in user space, such\r\nas scheduling and memory management, thus\r\nremoving the kernel from the critical path.\r\nOur experiments on a range of real-world applications show that,\r\ncompared with Linux,\r\nPegasus improves the throughput\r\nby 19% to 33% for local communication\r\nand 178% to 442% for remote communication,\r\nwithout application changes.\r\nFurthermore, Pegasus achieves 222% higher\r\nthroughput than Linux for co-located, IO-intensive applications that\r\nrequire both local and remote communication, with each communication\r\noptimization contributing significantly.","tags":null,"title":"Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication","type":"publication"},{"authors":["Anjo Lucas Vahldiek-Oberwagner","Marcin Andrzej Chrapek","Scott Constable"],"categories":null,"content":"","date":1726099200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1726099200,"objectID":"8eea68f99bcee9aaeba2fc35dd0fa806","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2024-modelaccuracy/","publishdate":"2024-09-12T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2024-modelaccuracy/","section":"publication","summary":"Systems, apparatus, methods, and articles of manufacture to validate the accuracy of artificial intelligence models are disclosed. An example apparatus includes machine-readable instructions; and at least one processor circuit to be programmed by the machine-readable instructions to: compute accuracy statistics of an artificial intelligence model using software applied by a trusted third party and an input data set; determine a signed artifact based on (1) the accuracy statistics indicative of the accuracy of the artificial intelligence model,(2) the software applied by the trusted third party, and (3) the input data set; and communicate the signed artifact to a user of the artificial intelligence model. ","tags":null,"title":"Artificial intelligence model accuracy validation","type":"publication"},{"authors":["Fangfei Yang","Bumjin Im","Weijie Huang","Kelly Kaoudis","Anjo Vahldiek-Oberwagner","Chia-Che Tsai","Nathan Dautenhahn"],"categories":null,"content":"","date":1723593600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1723593600,"objectID":"c5377622cc9cbc9da6ea358bb44361a3","permalink":"https://vahldiek.github.io/publication/yang-2024-endokernel/","publishdate":"2024-08-14T00:00:00Z","relpermalink":"/publication/yang-2024-endokernel/","section":"publication","summary":"Compartmentalization decomposes applications into isolated components, effectively confining the scope of potential security breaches. Recent approaches nest the protection monitor within processes for efficient memory isolation at the cost of security. However, these systems lack solutions for efficient multithreaded safety and neglect kernel semantics that can be abused to bypass the monitor.\r\n\r\nThe Endokernel is an intra-process security monitor that isolates memory at subprocess granularity. It ensures backwards-compatible and secure emulation of system interfaces, a task uniquely challenging due to the need to analyze OS and hardware semantics beyond mere interface usability. We introduce an inside-out methodology where we identify core OS primitives that allow bypass and map that back to the interfaces that depend on them. This approach led to the identification of several missing policies as well as aided in developing a fine-grained locking approach to deal with complex thread safety when inserting a monitor between the OS and the application. Results indicate that we can achieve fast isolation while greatly enhancing security and maintaining backwards-compatibility, and also showing a new method for systematically finding gaps in policies.","tags":null,"title":"Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation","type":"publication"},{"authors":["Shravan Narayan","Tal Garfinkel","Mohammadkazem Taram","Joey Rudek","Daniel Moghimi","Evan Johnson","Anjo Vahldiek-Oberwagner","Michael LeMay","Ravi Sahita","Dean Tullsen","Deian Stefan"],"categories":null,"content":"","date":1722470400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1722470400,"objectID":"8279a918b99d79503c655098c67bccc3","permalink":"https://vahldiek.github.io/publication/narayan-2024/","publishdate":"2024-08-01T00:00:00Z","relpermalink":"/publication/narayan-2024/","section":"publication","summary":"Hardware-assisted fault isolation (HFI) is a minimal extension to current processors that supports secure, flexible, and efficient in-process isolation. HFI addresses the limitations of existing software-based fault isolation (SFI) systems, including runtime overheads, limited scalability, vulnerability to Spectre attacks, and limited compatibility with existing code and binaries. HFI can be seamlessly integrated into existing SFI systems (e.g., WebAssembly) or directly sandbox unmodified native binaries. To ease adoption, HFI relies only on incremental changes to existing high-performance processors.","tags":null,"title":"Hardware-Assisted Fault Isolation: Going Beyond the Limits of Software-Based Sandboxing","type":"publication"},{"authors":["Michael Lemay","Dan Baum","Joseph Cihula","Joao Batista Correa Gomes Moreira","Anjo Lucas Vahldiek-Oberwagner","Scott Constable","Andreas Kleen","Konrad Lai","Henrique De Medeiros Kawakami","David M Durham"],"categories":null,"content":"","date":1704326400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1704326400,"objectID":"468ce9c7b3f490b9cd55dfa32b6a9662","permalink":"https://vahldiek.github.io/publication/lemay-2024-rtcall/","publishdate":"2024-01-04T00:00:00Z","relpermalink":"/publication/lemay-2024-rtcall/","section":"publication","summary":"Techniques for an instruction for a Runtime Call operation are described. An example apparatus comprises decoder circuitry to decode a single instruction, the single instruction to include a field for an identifier of an opcode, the opcode to indicate execution circuitry is to execute a no operation when a runtime call destination equals a predetermined value; and execute an indirect call with the runtime call destination as a destination address when the runtime call destination does not equal the predetermined value. Other examples are described and claimed.","tags":null,"title":"REDUCING INSTRUMENTATION CODE BLOAT AND PERFORMANCE OVERHEADS USING A RUNTIME CALL INSTRUCTION","type":"publication"},{"authors":["Fangfei Yang","Weijie Huang","Kelly Kaoudis","Anjo Vahldiek-Oberwagner","Nathan Dautenhahn"],"categories":null,"content":"","date":1701993600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1701993600,"objectID":"311969e799c798fc849731b13b29fc35","permalink":"https://vahldiek.github.io/publication/yang-2023-endoprocess/","publishdate":"2023-12-08T00:00:00Z","relpermalink":"/publication/yang-2023-endoprocess/","section":"publication","summary":"Modern applications combine multiple components into single processes, leading to complex tradeoffs between isolation, performance, and programmability. We present the Endoprocess, a unique, microkernel-based approach for protection within process spaces. An endoprocess safely multiplexes process resources by exporting a low-level abstraction, the subprocess, that is transparently overlaid on existing process interfaces (like mmap, mprotect, etc), and provides extensibility and programmability through custom application-layer modules. We report experimental results of an initial prototype and highlight several application domains. Overall, the endoprocess presents a path for protection within processes while remaining compatible with existing OS abstractions and multiplexing them in a secure and extensible way.","tags":null,"title":"Endoprocess: Programmable and Extensible Subprocess Isolation","type":"publication"},{"authors":["Atsushi Koshiba","Felix Gust","Julian Pritzi","Anjo Vahldiek-Oberwagner","Nuno Santos","Pramod Bhatotia"],"categories":null,"content":"","date":1692835200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1692835200,"objectID":"602c4cb32b31cf8d95ba8c9e57d3c55b","permalink":"https://vahldiek.github.io/publication/koshiba-2023-tdcof/","publishdate":"2023-08-24T00:00:00Z","relpermalink":"/publication/koshiba-2023-tdcof/","section":"publication","summary":"The rising performance demands and increasing heterogeneity in cloud data centers lead to a paradigm shift in the cloud infrastructure, from monolithic servers to a disaggregated architecture. In a multi-tenant cloud, users should be able to leverage trusted computing to protect their applications from untrusted parties. While Trusted Execution Environments (TEEs) are a well-known technique to realize trusted computing on monolithic servers, we cannot adopt existing TEE technologies to the disaggregated architecture due to their distributed nature and heterogeneity of devices. To address these challenges, we propose trusted heterogeneous disaggregated architectures, which allows cloud users to construct virtual TEEs (vTEEs): TEE-based, secure, isolated environments assembled with any combination of disaggregated components.","tags":null,"title":"Trusted Heterogeneous Disaggregated Architectures","type":"publication"},{"authors":["Marcela S Melara","Bruno Vavala","Michael Steiner","Vincent Scarlata","Anjo Lucas Vahldiek-Oberwagner"],"categories":null,"content":"","date":1692748800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1692748800,"objectID":"0d19bd8389c641c80a62fd2a41169e0a","permalink":"https://vahldiek.github.io/publication/melara-2023-attest/","publishdate":"2023-08-23T00:00:00Z","relpermalink":"/publication/melara-2023-attest/","section":"publication","summary":"A method and apparatus for multi-dimensional attestations for a software application. A multi-dimensional attestation is generated for at least one component of the software application. The multi-dimensional attestation includes a signed attestation for the at least one component and an attestation reference to at least one other related component. A verifier obtains multi-dimensional attestations for the components of the software application and obtains the signed attestation for the related components of the software application based on the attestation reference and verifies integrity of at least part of the software application based on the obtained signed attestations. The multi-dimensional attestation for a given component of a software application can link attestations across spatial and temporal dimensions including other microservice(s) that communicates directly with the subject microservice, imported code dependencies on which the subject microservice is dependent, and/or the underlying software layer of the subject microservice.","tags":null,"title":"Method and apparatus for multi-dimensional attestation for a software application","type":"publication"},{"authors":["Vincent Scarlata","Alpa Trivedi","Reshma Lal","Marcela S Melara","Michael Steiner","Anjo Vahldiek-Oberwagner"],"categories":null,"content":"","date":1684195200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1684195200,"objectID":"edf3e091afcad332eea0079b39c3b7ea","permalink":"https://vahldiek.github.io/publication/scarlata-2022-atttool/","publishdate":"2023-05-16T00:00:00Z","relpermalink":"/publication/scarlata-2022-atttool/","section":"publication","summary":"Attestation of operations by tool chains is described. An example of a storage medium includes instructions for receiving source code for processing of a secure workload of a tenant; selecting at least a first compute node to provide computation for the workload; processing the source code by an attestable tool chain to generate machine code for the first compute node, including performing one or more conversions of the source code by one or more convertors to generate converted code and generating an attestation associated with each code conversion, and receiving machine code for the first compute node and generating an attestation associated with the first compute node; and providing each of the attestations from the first stage and the second stage for verification.","tags":null,"title":"ATTESTATION OF OPERATIONS BY TOOL CHAINS","type":"publication"},{"authors":["Shravan Narayan","Tal Garfinkel","Mohammadkazem Taram","Joey Rudek","Daniel Moghimi","Evan Johnson","Anjo Vahldiek-Oberwagner","Michael LeMay","Ravi Sahita","Dean Tullsen","Deian Stefan"],"categories":null,"content":"","date":1677628800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1677628800,"objectID":"e645142689f3cbf82cd0307016499cdf","permalink":"https://vahldiek.github.io/publication/narayan-2023/","publishdate":"2023-03-01T00:00:00Z","relpermalink":"/publication/narayan-2023/","section":"publication","summary":"We introduce Hardware-assisted Fault Isolation (HFI), a simple\r\nextension to existing processors to support secure, flexible, and efficient\r\nin-process isolation. HFI addresses the limitations of existing software-based\r\nisolation (SFI) systems including: runtime overheads, limited scalability,\r\nvulnerability to Spectre attacks, and limited compatibility with existing code.\r\nHFI can seamlessly integrate with current SFI systems (e.g., WebAssembly), or\r\ndirectly sandbox unmodified native binaries. To ease adoption, HFI relies only\r\non incremental changes to the data and control path of existing high-performance\r\nprocessors. We evaluate HFI for x86-64 using the gem5 simulator and\r\ncompiler-based emulation on a mix of real and synthetic workloads.","tags":null,"title":"Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI","type":"publication"},{"authors":["Dinglan Peng","Congyu Liu","Tapti Palit","Pedro Fonseca","Anjo Vahldiek-Oberwagner","Mona Vij"],"categories":null,"content":"","date":1672531200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1672531200,"objectID":"74ee736bd683f9b38e12e930f4705ac4","permalink":"https://vahldiek.github.io/publication/peng-2023/","publishdate":"2023-01-01T00:00:00Z","relpermalink":"/publication/peng-2023/","section":"publication","summary":"Isolating application components is crucial to limit the exposure of sensitive data and code to vulnerabilities in the untrusted components. Process-based isolation is the de facto isolation used in practice, e.g., web browsers. However, it incurs significant performance overhead and is typically infeasible when frequent switches between isolation domains are expected. To address this problem, many intra-process memory isolation techniques have been proposed using novel kernel abstractions, recent CPU extensions, such as Intel® MPK, and software-based fault isolation (e.g., WebAssembly). However, these techniques insufficiently isolate kernel resources, such as file descriptors, or do so by incurring substantial overheads when these resources are accessed. Other work virtualizes the kernel context inside a privileged user space domain, but this is ad-hoc, error-prone, and provides only a limited set of kernel functionalities. We propose μSWITCH, an efficient kernel context isolation mechanism with memory protection that addresses these limitations. We use a protected structure, shared by the kernel and the userspace, for context switching and propose implicit context switching to improve its performance by deferring the kernel resource switch to the next system call. We apply μSWITCH to isolate libraries in the Firefox web browser and an HTTP server, and reduce the overhead of isolation by 32.7% to 98.4% compared with other isolation techniques.","tags":null,"title":"uSwitch: Fast Kernel Context Isolation with Implicit Context Switches","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner"],"categories":null,"content":"","date":1671062400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1671062400,"objectID":"0a44469264758c0671e8a0552bee5b9b","permalink":"https://vahldiek.github.io/publication/vahldiek-2022-darpa/","publishdate":"2022-12-15T00:00:00Z","relpermalink":"/publication/vahldiek-2022-darpa/","section":"publication","summary":"Motivated by developer productivity, serverless computing, and\r\nmicroservices have become the de facto development model in the cloud.\r\nMicroservices decompose monolithic applications into separate functional units\r\ndeployed individually. This deployment model, however, costs CSPs a large\r\ninfrastructure tax of more than 25%. To overcome these limitations, CSPs shift\r\nworkloads to Infrastructure Processing Units (IPUs) like Amazon’s Nitro or,\r\ncomplementary, innovate by building on memory-safe languages and novel software\r\nabstractions.\r\n\r\nBased on these trends, we hypothesize a MemorySafe Software and Hardware\r\nArchitecture providing a general-purpose runtime environment to specialize\r\nfunctionality when needed and strongly isolate components. To achieve this goal,\r\nwe investigate building a single address space OS or a multi-application library\r\nOS, possible hardware implications, and demonstrate their capabilities,\r\ndrawbacks and requirements. The goal is to bring the advantages to all\r\napplication workloads including legacy and memory-unsafe applications, and\r\nanalyze how hardware may improve the efficiency and security.","tags":null,"title":"The Rise of Memory-Safe Languages: Building a Fast, Elastic, Secure Software \u0026 Hardware Architecture","type":"publication"},{"authors":["Shravan Narayan","Tal Garfinkel","Evan Johnson","David Thien","Joey Rudek","Michael LeMay","Anjo Vahldiek-Oberwagner","Dean Tullsen","Deian Stefan"],"categories":null,"content":"","date":1670803200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1670803200,"objectID":"1ffa86836ab7f54ef1bdb0f863329842","permalink":"https://vahldiek.github.io/publication/narayan-2022/","publishdate":"2022-12-12T00:00:00Z","relpermalink":"/publication/narayan-2022/","section":"publication","summary":"WebAssembly (Wasm) and similar Software-based Fault Isolation\r\n(SFI) systems enable secure sandboxing by virtualizing process address space.\r\nThey accomplish this by: (1) adding a base address to the operand of all\r\nload/store instructions to select a sandbox, and (2) enforcing isolation by\r\ntrapping out-of-bounds memory accesses using regions of unmapped memory (guard\r\nregions). Leveraging modern x86 hardware, we offer two optimizations to this.\r\n\r\nWith Segue, we observe that x86-64 segmentation can be used to remove most of\r\nthe cost of SFI base addition, resulting in speedups ranging from 13.8% for\r\nSPECint® 2006 to 11.2% for font rendering in Firefox. With ColorGuard, we note\r\nthat MPK-based page coloring can be used to reclaim the virtual address space\r\nwasted by guard regions. This results in a 11.91× increase in the number of\r\nconcurrent Wasm instances a process can support — reducing context switch\r\noverheads, load imbalances, and other inefficiencies that detract from the\r\nperformance of high-scale edge computing platforms. ","tags":null,"title":"Segue \u0026 ColorGuard: Optimizing SFI Performance and Scalability on Modern x86","type":"publication"},{"authors":null,"categories":null,"content":"Motivated by developer productivity, serverless computing, and microservices have become the de facto development model in the cloud. Microservices decompose monolithic applications into separate functional units deployed individually. This deployment model, however, costs CSPs a large infrastructure tax of more than 25%.\nTo overcome this architectural limitation, we hypothesize a Memory-Safe Software and Hardware Architecture providing a general-purpose runtime environment to specialize functionality when needed and strongly isolate components.\n","date":1668122682,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1668122682,"objectID":"ca6b29ade8fbe9c3d6b80b008aefb057","permalink":"https://vahldiek.github.io/project/meshwa/","publishdate":"2022-11-11T00:24:42+01:00","relpermalink":"/project/meshwa/","section":"project","summary":"Optimize local microservice executions using memory-safe languages and hardware optimizations","tags":["memory isolation","serverless computing","microservices","memory-safe langauges"],"title":"Memory-Safe Hardware and Software Architecture","type":"project"},{"authors":["Anjo Vahldiek-Oberwagner","Mona Vij"],"categories":null,"content":"","date":1667865600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1667865600,"objectID":"75a7223930931b288e2c4cbf25db82a3","permalink":"https://vahldiek.github.io/publication/vahldiek-2022-words/","publishdate":"2022-11-08T00:00:00Z","relpermalink":"/publication/vahldiek-2022-words/","section":"publication","summary":"Motivated by developer productivity, serverless computing, and\r\nmicroservices have become the de facto development model in the cloud.\r\nMicroservices decompose monolithic applications into separate functional units\r\ndeployed individually. This deployment model, however, costs CSPs a large\r\ninfrastructure tax of more than 25%. To overcome these limitations, CSPs shift\r\nworkloads to Infrastructure Processing Units (IPUs) like Amazon’s Nitro or,\r\ncomplementary, innovate by building on memory-safe languages and novel software\r\nabstractions.\r\n\r\nBased on these trends, we hypothesize a MemorySafe Software and Hardware\r\nArchitecture providing a general-purpose runtime environment to specialize\r\nfunctionality when needed and strongly isolate components. To achieve this goal,\r\nwe investigate building a single address space OS or a multi-application library\r\nOS, possible hardware implications, and demonstrate their capabilities,\r\ndrawbacks and requirements. The goal is to bring the advantages to all\r\napplication workloads including legacy and memory-unsafe applications, and\r\nanalyze how hardware may improve the efficiency and security.","tags":null,"title":"MeSHwA: The case for a Memory-Safe Software and Hardware Architecture for Serverless Computing","type":"publication"},{"authors":["Dayeol Lee","Kevin Cheang","Alexander Thomas","Catherine Lu","Pranav Gaddamadugu","Anjo Vahldiek-Oberwagner","Mona Vij","Dawn Song","Sanjit A. Seshia","Krste Asanović"],"categories":null,"content":"","date":1664841600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1664841600,"objectID":"a9da1558128d358ab8ffc837264fc917","permalink":"https://vahldiek.github.io/publication/lee-2022/","publishdate":"2022-10-04T00:00:00Z","relpermalink":"/publication/lee-2022/","section":"publication","summary":"Hardware enclaves rely on a disjoint memory model, which maps each physical address to an enclave to achieve strong memory isolation. However, this severely limits the performance and programmability of enclave programs. While some prior work proposes enclave memory sharing, it does not provide a formal model or verification of their designs. This paper presents Cerberus, a formal approach to secure and efficient enclave memory sharing. To reduce the burden of formal verification, we compare different sharing models and choose a simple yet powerful sharing model. Based on the sharing model, Cerberus extends an enclave platform such that enclave memory can be made immutable and shareable across multiple enclaves via additional operations. We use incremental verification starting with an existing formal model called the Trusted Abstract Platform (TAP). Using our extended TAP model, we formally verify that Cerberus does not break or weaken the security guarantees of the enclaves despite allowing memory sharing. More specifically, we prove the Secure Remote Execution (SRE) property on our formal model. Finally, the paper shows the feasibility of Cerberus by implementing it in an existing enclave platform, RISC-V Keystone.","tags":null,"title":"Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing","type":"publication"},{"authors":["Ravi Sahita","Dror Caspi","Vedvyas Shanbhogue","Vincent Scarlata","Anjo Lucas Vahldiek-Oberwagner","Haidong Xia","Mona Vij"],"categories":null,"content":"","date":1664841600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1664841600,"objectID":"da93266cc5c96e6eb95d9a2af09d1c6e","permalink":"https://vahldiek.github.io/publication/sahita-2022-clonetee/","publishdate":"2022-10-04T00:00:00Z","relpermalink":"/publication/sahita-2022-clonetee/","section":"publication","summary":"Scalable cloning and replication for trusted execution environments is described. An example of a computer-readable storage medium includes instructions for receiving a selection of a point to capture a snapshot of a baseline trust domain (TD) or secure enclave, the TD or secure enclave being associated with a trusted execution environment (TEE) of a processor utilized for processing of a workload; initiating cloning of the TD or secure enclave from a source platform to an escrow platform; generating an escrow key to export the snapshot to the escrow platform; and exporting a state of the TD or secure enclave to the escrow platform, the state being sealed with a sealing key.","tags":null,"title":"Scalable cloning and replication for trusted execution environments","type":"publication"},{"authors":null,"categories":null,"content":"A scientific paper consists of a constellation of artifacts that extend beyond the document itself: software, hardware, evaluation data and documentation, raw survey results, mechanized proofs, models, test suites, benchmarks, and so on. In some cases, the quality of these artifacts is as important as that of the document itself.\nMy involvement in artifact evaluation efforts in the systems, security and HPC communities have led to a growing understanding of building reusable and reproducible artifacts. We continuously work on the process to lower the burden on the authors and ease the reproduction of results for evaluators.\nInvolvement in past Artifact Evaluation:\n USENIX Security\u0026rsquo;24 Artifact Evaluation co-chair USENIX Security\u0026rsquo;23 Artifact Evaluation co-chair EuroSys\u0026rsquo;22 Artifact Evaluation co-chair SC\u0026rsquo;21 Best Reproducibility Advancement Award o-chair SC\u0026rsquo;21 Artifact Evaluation co-chair OSDI\u0026rsquo;20 Artifact Evaluation co-chair  ","date":1656977082,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1656977082,"objectID":"8a3efdbe12ae435a4d96905bea8117f9","permalink":"https://vahldiek.github.io/project/artifact-eval/","publishdate":"2022-07-05T00:24:42+01:00","relpermalink":"/project/artifact-eval/","section":"project","summary":"Building and evaluating reproducible and reusable research artifacts. ","tags":["research artifacts","artifact evaluation"],"title":"Research Artifacts and Evaluation","type":"project"},{"authors":["Michael Lemay","David M Durham","Anjo Lucas Vahldiek-Oberwagner","Anna Trikalinou"],"categories":null,"content":"","date":1656547200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1656547200,"objectID":"cdc69387188016c813af872ebff0e36e","permalink":"https://vahldiek.github.io/publication/lemay-2022-xaddrcc/","publishdate":"2022-06-30T00:00:00Z","relpermalink":"/publication/lemay-2022-xaddrcc/","section":"publication","summary":"An apparatus comprising a processor unit comprising circuitry to generate, for a first network host, a request for an object of a second network host, wherein the request comprises an address comprising a routable host ID of the second network host and an at least partially encrypted object ID, wherein the address uniquely identifies the object within a distributed computing domain; and a memory element to store at least a portion of the object.","tags":null,"title":"CRYPTOGRAPHIC COMPUTING INCLUDING ENHANCED CRYPTOGRAPHIC ADDRESSES","type":"publication"},{"authors":["Tanu Malik","Anjo Vahldiek-Oberwagner","Ivo Jimenez","Carlos Maltzahn"],"categories":null,"content":"","date":1656547200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1656547200,"objectID":"5f4f34b05ba7390b1ba1caed57976f9f","permalink":"https://vahldiek.github.io/publication/malik-2022-aehpc/","publishdate":"2022-06-30T00:00:00Z","relpermalink":"/publication/malik-2022-aehpc/","section":"publication","summary":"A scientific paper consists of a constellation of artifacts that extend beyond the document itself: software, hardware, evaluation data and documentation, raw survey results, mechanized proofs, models, test suites, benchmarks, and so on. In some cases, the quality of these artifacts is as important as that of the document itself. Based on the success of the Artifact Evaluation efforts at other systems conferences, the 2021 International Conference for High Performance Computing, Networking, Storage, and Analysis (SC21) organized a comprehensive Artifact Description/Artifact Evaluation (AD/AE) review and competition as part of the SC21 Reproducibility Initiative. This paper summarizes the key findings of the AD/AE effort.","tags":null,"title":"Expanding the Scope of Artifact Evaluation at HPC Conferences: Experience of SC21","type":"publication"},{"authors":["Paritosh Saxena","Anjo Lucas Vahldiek-Oberwagner","Mona Vij","Kshitij A Doshi","Carlos H Morales","Clair Bowman","Marcela S Melara","Michael Steiner"],"categories":null,"content":"","date":1650499200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1650499200,"objectID":"8f509be9abcb60afcb3e1b370718e890","permalink":"https://vahldiek.github.io/publication/saxena-2022-optuserv/","publishdate":"2022-04-21T00:00:00Z","relpermalink":"/publication/saxena-2022-optuserv/","section":"publication","summary":"In one embodiment, metadata associated with deployment of a container within an orchestration environment includes information indicating security preferences for deployment of the container within the orchestration environment, information indicating a level of communications between the container and other containers, and/or information indicating effects of execution of the container with respect to other containers. The metadata is used to select a particular node of a plurality of nodes within the orchestration environment on which to deploy the container based on the metadata.","tags":null,"title":"Optimizing deployment and security of microservices","type":"publication"},{"authors":["Michael Lemay","Anjo Vahldiek-oberwagner"],"categories":null,"content":"","date":1629936000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1629936000,"objectID":"0ea1a34cbe895e1d75013fb636640e88","permalink":"https://vahldiek.github.io/publication/lemay-2021-ctrlsyscallpat/","publishdate":"2021-08-26T00:00:00Z","relpermalink":"/publication/lemay-2021-ctrlsyscallpat/","section":"publication","summary":"Systems, apparatuses and methods may provide for technology that stores a security monitor at a first location in an address space, wherein the security monitor is to control requests to use a security-critical instruction at a second location in the address space, and wherein the second location is in the first set of locations. The technology also installs a control instruction at an entry point to the security monitor, wherein the control instruction is to restrict indirect branch targets, and excludes the control instruction from all locations in the first set of locations that are not entry points.","tags":null,"title":"TECHNOLOGY TO CONTROL SYSTEM CALL INVOCATIONS WITHIN A SINGLE ADDRESS SPACE","type":"publication"},{"authors":["Bumjin Im","Fangfei Yang","Chia-Che Tasi","Michael LeMay","Anjo Vahldiek-Oberwagner","Nathan Dautenhahn"],"categories":null,"content":"","date":1628467200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1628467200,"objectID":"bd8621a62693821b2c92a78816cdb062","permalink":"https://vahldiek.github.io/publication/im-2021-endokernel/","publishdate":"2021-08-09T00:00:00Z","relpermalink":"/publication/im-2021-endokernel/","section":"publication","summary":"Commodity applications contain more and more combinations of interacting components (user, application, library, and system) and exhibit increasingly diverse tradeoffs between isolation, performance, and programmability. We argue that the challenge of future runtime isolation is best met by embracing the multi-principle nature of applications, rethinking process architecture for fast and extensible intra-process isolation. We present, the Endokernel, a new process model and security architecture that nests an extensible monitor into the standard process for building efficient least-authority abstractions. The Endokernel introduces a new virtual machine abstraction for representing subprocess authority, which is enforced by an efficient self-isolating monitor that maps the abstraction to system level objects (processes, threads, files, and signals). We show how the Endokernel can be used to develop specialized separation abstractions using an exokernel-like organization to provide virtual privilege rings, which we use to reorganize and secure NGINX. Our prototype, includes a new syscall monitor, the nexpoline, and explores the tradeoffs of implementing it with diverse mechanisms, including Intel Control Enhancement Technology. Overall, we believe sub-process isolation is a must and that the Endokernel exposes an essential set of abstractions for realizing this in a simple and feasible way.","tags":null,"title":"The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner"],"categories":null,"content":"","date":1618444800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618444800,"objectID":"950ba2229ba3fa8b9e2b38c4397ad34a","permalink":"https://vahldiek.github.io/publication/vahldiek-2021-ittkgp/","publishdate":"2021-04-15T00:00:00Z","relpermalink":"/publication/vahldiek-2021-ittkgp/","section":"publication","summary":"In this lecture we review existing operating system abstractions and review their effectiveness in a changing world where workloads are deployed in the cloud, run in high-level languages, and rely on fast communication. We take a deep dive into single address-space OS and discuss their advantages, disadvantages and challenges in implementing them. ","tags":null,"title":"Breaking with traditional OS Abstractions","type":"publication"},{"authors":["Ravi L Sahita","Anjo Lucas Vahldiek-Oberwagner","Teck Joo Goh","Rameshkmar Illikkal","Andrzej Kuriata","Vedvyas Shanbhogue","Mona Vij","Haidong Xia"],"categories":null,"content":"","date":1618444800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618444800,"objectID":"08705d60950d6527b1a90d17d5f2168e","permalink":"https://vahldiek.github.io/publication/sahita-2021-isomempat/","publishdate":"2021-04-15T00:00:00Z","relpermalink":"/publication/sahita-2021-isomempat/","section":"publication","summary":"Example methods and systems are directed to isolating memory in\r\ntrusted execution environments ( TEEs ) . In func tion - as - a - service ( FaaS\r\n) environments , a client makes use of a function executing within a TEE on a\r\nFaaS server . To minimize the trusted code base ( TCB ) for each function , each\r\nfunction may be placed in a separate TEE . However , this causes the overhead of\r\ncreating a TEE to be incurred for each function . As discussed herein , multiple\r\nfunctions may be placed in a single TEE without compromising the data integrity\r\nof each function . For example , by using a different extended page table ( EPT\r\n) for each function , the virtual address spaces of the functions are kept\r\nseparate and map to different ,non - overlapping physical address spaces .\r\nPartial overlap may be permitted to allow functions to share some data while\r\nprotecting other data . Memory for each function may be encrypted using a\r\ndifferent encryption key. ","tags":null,"title":"Isolating memory within trusted execution environments","type":"publication"},{"authors":["Anjo Lucas Vahldiek-Oberwagner","Ravi L Sahita","Mona Vij","Rameshkumar Illikkal","Michael Steiner","Thomas Knauth","Dmitrii Kuvaiskii","Sudha Krishnakumar","Krystof C Zmudzinski","Vincent Scarlata","Francis McKeen"],"categories":null,"content":"","date":1618444800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618444800,"objectID":"9dc687f2e491dd393298f4c0eb3a53fc","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2021-redlatpat/","publishdate":"2021-04-15T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2021-redlatpat/","section":"publication","summary":"Example methods and systems are directed to reducing latency in providing trusted execution environments (TEES). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed. ","tags":null,"title":"Reducing latency of hardware trusted execution environments","type":"publication"},{"authors":["Anjo Lucas Vahldiek-Oberwagner","Ravi L Sahita","Mona Vij","Dayeol Lee","Haidong Xia","Rameshkumar Illikkal","Samuel Ortiz","Kshitij Arun Doshi","Mourad Cherfaoui","Andrzej Kuriata","Teck Joo Goh"],"categories":null,"content":"","date":1618444800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618444800,"objectID":"9c27c1eb97b656aea09a42521e3015d5","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2021-scalableattestpat/","publishdate":"2021-04-15T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2021-scalableattestpat/","section":"publication","summary":"In function-as-a-service (FaaS) environments, a client makes use of a function executing within a trusted execution environment (TEE) on a FaaS server. Multiple tenants of the FaaS platform may provide functions to be executed by the FaaS platform via a gateway. Each tenant may provide code and data for any number of functions to be executed within any number of TEEs on the FaaS platform and accessed via the gateway. Additionally, each tenant may provide code and data for a single surrogate attester TEE. The client devices of the tenant use the surrogate attester TEE to attest each of the other TEEs of the tenant and establish trust with the functions in those TEEs. Once the functions have been attested, the client devices have confidence that the other TEEs of the tenant are running on the same platform as the gateway. ","tags":null,"title":"Scalabe attestation for trusted execution environments","type":"publication"},{"authors":["Shravan Narayan","Craig Disselkoen","Daniel Moghimi","Sunjay Cauligi","Evan Johnson","Zhao Gang","Anjo Vahldiek-Oberwagner","Ravi Sahita","Hovav Shacham","Dean Tullsen","Deian Stefan"],"categories":null,"content":"","date":1614556800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1614556800,"objectID":"67102dcbbeb8051a1640a4d9d51a8b1f","permalink":"https://vahldiek.github.io/publication/narayan-2021/","publishdate":"2021-03-01T00:00:00Z","relpermalink":"/publication/narayan-2021/","section":"publication","summary":"We describe Swivel, a new compiler framework for hardening\r\nWebAssembly (Wasm) against Spectre attacks. Outside the browser, Wasm has become\r\na popular lightweight, in-process sandbox and is, for example, used in\r\nproduction to isolate different clients on edge clouds and function-as-a-service\r\nplatforms. Unfortunately, Spectre attacks can bypass Wasm’s isolation\r\nguarantees. Swivel hardens Wasm against this class of attacks by ensuring that\r\npotentially malicious code can neither use Spectre attacks to break out of the\r\nWasm sandbox nor coerce victim code—another Wasm client or the embedding\r\nprocess—to leak secret data.\r\n\r\nWe describe two Swivel designs, a software-only approach that can be used on\r\nexisting CPUs, and a hardware-assisted approach that uses extension available in\r\nIntel® 11th generation CPUs. For both, we evaluate a randomized approach that\r\nmitigates Spectre and a deterministic approach that eliminates Spectre\r\naltogether. Our randomized implementations impose under 10.3% overhead on the\r\nWasm-compatible subset of SPEC 2006, while our deterministic implementations\r\nimpose overheads between 3.3% and 240.2%. Though high on some benchmarks,\r\nSwivel’s overhead is still between 9× and 36.3× smaller than existing defenses\r\nthat rely on pipeline fences. ","tags":null,"title":"Swivel: Hardening WebAssembly against Spectre","type":"publication"},{"authors":["Dayeol Lee","Dmitrii Kuvaiskii","Anjo Vahldiek-Oberwagner","Mona Vij"],"categories":null,"content":"","date":1599696000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1599696000,"objectID":"a10b66f22373fc3a2dc3e8d62f1e654f","permalink":"https://vahldiek.github.io/publication/lee-2020-ppml/","publishdate":"2020-09-10T00:00:00Z","relpermalink":"/publication/lee-2020-ppml/","section":"publication","summary":"We present a practical framework to deploy privacy-preserving machine learning (PPML) applications in untrusted clouds based on a trusted execution environment (TEE). Specifically, we shield unmodified PyTorch ML applications by running them in Intel SGX enclaves with encrypted model parameters and encrypted input data to protect the confidentiality and integrity of these secrets at rest and during runtime. We use the open-source Graphene library OS with transparent file encryption and SGX-based remote attestation to minimize porting effort and seamlessly provide file protection and attestation. Our approach is completely transparent to the machine learning application: the developer and the end-user do not need to modify the ML application in any way.","tags":null,"title":"Privacy-Preserving Machine Learning in Untrusted Clouds Made Simple","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner","Chia-Che Tsai","Dmitrii Kuvaiskii","Don Porter"],"categories":null,"content":"","date":1599696000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1599696000,"objectID":"c10e63151000023863e5b0910a32c99a","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2020-secdev/","publishdate":"2020-09-10T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2020-secdev/","section":"publication","summary":"In this tutorial, we will walk through the steps of using the Graphene framework to establish a confidential computing environment for protecting the data of an unmodified Linux application on untrusted hosts. Graphene is an open-source project since 2014 and has been ported for Intel SGX, an innovative CPU feature design for confidential computing. Graphene has been maintained by the community and has been actively adopted for prototyping and development. This tutorial will start with an introduction and overview of the Graphene project and architecture, followed by the step-by-step guide for installing, configuring, executing, and debugging the Graphene framework for confidential computing of applications. In particular, this tutorial will deep dive into several latest features of Graphene, including remote attestation, protected FS, Graphene shielded containers.","tags":null,"title":"Tutorial: Graphene: Confidential Computing for Unmodified Linux Applications","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner","Dmitrii Kuvaiskii"],"categories":null,"content":"","date":1593648000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1593648000,"objectID":"fc7580379ee37415bcea2efb6ae984e0","permalink":"https://vahldiek.github.io/publication/vahldiek-2020-lss/","publishdate":"2020-07-02T00:00:00Z","relpermalink":"/publication/vahldiek-2020-lss/","section":"publication","summary":"Computing on secret data is challenging with today’s cloud service provider (CSP)\r\nofferings. CSP have full visibility into their client’s workloads and data while run in a VM or\r\ncontainer and shielding against other tenants. On the contrary, confidential computing (CC)\r\ntechniques (e.g., Intel Software Guard Extension (SGX)) offer a reverse sandbox. These techniques\r\nshield the workload and data from accesses by the underlying system software (e.g., OS or VMM) and\r\nhardware attacks. Thus, preventing CSPs from accessing secrets. In addition, CC provides remote\r\nattestation to verify the integrity of applications.\r\n\r\nIn this talk we will present Graphene Secure Containers, a technique to automatically wrap an\r\nunmodified Linux application packaged in a container image to execute inside Intel SGX using the\r\nGraphene LibraryOS and allow users to verify application integrity via remote attestation. ","tags":null,"title":"Automatically Securing Linux Application Containers in Untrusted Clouds","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner","Eslam Elnikety","Nuno O. Duarte","Michael Sammler","Peter Druschel","Deepak Garg"],"categories":null,"content":"","date":1547424000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1547424000,"objectID":"e35baa3c4ce5ea8876db20f423926be5","permalink":"https://vahldiek.github.io/publication/vahldiek-2018-erim/","publishdate":"2019-01-14T00:00:00Z","relpermalink":"/publication/vahldiek-2018-erim/","section":"publication","summary":"Isolating sensitive data and state can increase the security and robustness of many applications. Examples include protecting cryptographic keys against exploits like OpenSSL's Heartbleed bug or protecting a language runtime from native libraries written in unsafe languages. When runtime references across isolation boundaries occur relatively infrequently, then page-based hardware isolation can be used, because the cost of kernel- or hypervisor-mediated domain switching is tolerable. However, some applications, such as the isolation of cryptographic session keys in network-facing services, require very frequent domain switching. In such applications, the overhead of kernel- or hypervisor-mediated domain switching is prohibitive. In this paper, we present ERIM, a novel technique that provides hardware-enforced isolation with low overhead on x86 CPUs, even at high switching rates (ERIM's measured overhead is less than 1% for 100,000 switches per second). The key idea is to combine protection keys (MPKs), a feature recently added to x86 that allows protection domain switches in userspace, with binary inspection to prevent circumvention. We show that ERIM can be applied with little effort to new and existing applications, doesn't require compiler changes, can run on a stock Linux kernel, and has low runtime overhead even at high domain switching rates. ","tags":null,"title":"ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys","type":"publication"},{"authors":null,"categories":null,"content":"In today’s systems, policies protecting stored data and mechanisms for their enforcement are spread across many software components, increasing the risk of violation due to bugs, vulnerabilities and misconfigurations. We suggest Guardat to addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Thus, policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We show experimentally that the overhead is low.\n","date":1544829887,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1544829887,"objectID":"8c9785daf6f9b03e3a33f7f19964372a","permalink":"https://vahldiek.github.io/project/guardat/","publishdate":"2018-12-15T00:24:47+01:00","relpermalink":"/project/guardat/","section":"project","summary":"Enforcing security policies at the storage layer to reduce attack surface of existing solutions.","tags":["secure storage"],"title":"Protecting Persistent Data","type":"project"},{"authors":null,"categories":null,"content":"Isolating sensitive data and state can increase the security and robustness of many applications. Applications, such as isolating cryptographic session keys in a network-facing application or isolating frequently invoked native libraries in managed runtimes, require very frequent domain switching. In such applications, the overhead of kernel- or hypervisormediated domain switching is prohibitive. We suggest LwCs and ERIM to overcome these costs using novel kernel functionality and hardware-support (e.g., Intel MPK), respectively.\nWasm has become a popular lightweight, in-process sandbox and is, for example, used in production to isolate different clients on edge clouds and function-as-a-service platforms. Unfortunately, Spectre attacks can bypass Wasm’s isolation guarantees. Swivel hardens Wasm against this class of attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code—another Wasm client or the embedding process—to leak secret data. We suggest Swivel, a new compiler framework for hardening WebAssembly (Wasm) against Spectre attacks.\nUsing these findings, we apply in-process memory isolation to legacy cloud deployments allowing symbiotic applications to efficiently communicate and improve performance.\n","date":1544829882,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1544829882,"objectID":"373b4159e343df7487c10b9166fe892e","permalink":"https://vahldiek.github.io/project/erim/","publishdate":"2018-12-15T00:24:42+01:00","relpermalink":"/project/erim/","section":"project","summary":"Providing in-process isolation for sensitive data and state to increase the security and robustness of applications and its use to provide efficient cloud deployments ","tags":["memory isolation","Intel MPK","FaaS"],"title":"Secure In-Process Memory Isolation and Efficient Cloud Deployments","type":"project"},{"authors":null,"categories":null,"content":"Computing on secret data is challenging with today’s cloud service provider (CSP) offerings. CSP have full visibility into their client’s workloads and data while run in a VM or container and shielding against other tenants. On the contrary, confidential computing (CC) techniques (e.g., Intel Software Guard Extension (SGX)) offer a reverse sandbox. These techniques shield the workload and data from accesses by the underlying system software (e.g., OS or VMM) and hardware attacks. Thus, preventing CSPs from accessing secrets. In addition, CC provides remote attestation to verify the integrity of applications.\nProjects in this space focus on popular cloud deployment scenarios and automate the process to deploy applications in confidential compute enclaves.\n","date":1544829882,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1544829882,"objectID":"3f504df4b0c279ec52c54f82157a0c42","permalink":"https://vahldiek.github.io/project/untrustedcloud/","publishdate":"2018-12-15T00:24:42+01:00","relpermalink":"/project/untrustedcloud/","section":"project","summary":"Lift and shift unmodified applications into Intel SGX enclaves to shield them in an untrusted cloud. ","tags":["Intel SGX","Confidential Compute"],"title":"Shielding Applications in an untrusted Cloud","type":"project"},{"authors":["Anjo Lucas Vahldiek-Oberwagner"],"categories":null,"content":"","date":1538352000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1538352000,"objectID":"294b81c2f472d25ada7c4dc3d6d08969","permalink":"https://vahldiek.github.io/publication/vahldiek-2018-thesis/","publishdate":"2018-10-01T00:00:00Z","relpermalink":"/publication/vahldiek-2018-thesis/","section":"publication","summary":"Today computers store and analyze valuable and sensitive data. As a result we need to protect this data against confidentiality and integrity violations that can result in the illicit release, loss, or modification of a user’s and an organization’s sensitive data such as personal media content or client records. Existing techniques protecting confidentiality and integrity lack either efficiency or are vulnerable to malicious attacks. In this thesis we suggest techniques, Guardat and ERIM, to efficiently and robustly protect persistent and in-memory data. To protect the confidentiality and integrity of persistent data, clients specify per-file policies to Guardat declaratively, concisely and separately from code. Guardat enforces policies by mediating I/O in the storage layer. In contrast to prior techniques, we protect against accidental or malicious circumvention of higher software layers. We present the design and prototype implementation, and demonstrate that Guardat efficiently enforces example policies in a web server. To protect the confidentiality and integrity of in-memory data, ERIM isolates sensitive data using Intel Memory Protection Keys (MPK), a recent x86 extension to partition the address space. However, MPK does not protect against malicious attacks by itself. We prevent malicious attacks by combining MPK with call gates to trusted entry points and ahead-of-time binary inspection. In contrast to existing techniques, ERIM efficiently protects frequently-used session keys of web servers, an in-memory reference monitor’s private state, and managed runtimes from native libraries. These use cases result in high switch rates of the order of 10^5 - 10^6 switches/s. Our experiments demonstrate less then 1% runtime overhead per 100,000 switches/s, thus outperforming existing techniques.","tags":null,"title":"Techniques to Protect Confidentiality and Integrity of Persistent and In-Memory Data","type":"publication"},{"authors":["Robert Krahn","Bohdan Trach","Anjo Vahldiek-Oberwagner","Thomas Knauth","Pramod Bhatotia","Christof Fetzer"],"categories":null,"content":"","date":1522540800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1522540800,"objectID":"b55e7fdf07cf827953d3c97470069b53","permalink":"https://vahldiek.github.io/publication/krahn-2018/","publishdate":"2018-04-01T00:00:00Z","relpermalink":"/publication/krahn-2018/","section":"publication","summary":"Third-party storage services pose the risk of integrity and confidentiality violations as the current storage policy enforcement mechanisms are spread across many layers in the system\r\nstack. To mitigate these security vulnerabilities, we present\r\nthe design and implementation of Pesos, a Policy Enhanced\r\nSecure Object Store (Pesos) for untrusted third-party storage\r\nproviders. Pesos allows clients to specify per-object security\r\npolicies, concisely and separately from the storage stack, and\r\nenforces these policies by securely mediating the I/O in the\r\npersistence layer through a single unified enforcement layer.\r\nMore broadly, Pesos exposes a rich set of storage policies\r\nensuring the integrity, confidentiality, and access accounting\r\nfor data storage through a declarative policy language.\r\nPesos enforces these policies on untrusted commodity platforms by leveraging a combination of two trusted computing technologies: Intel SGX for trusted execution environment (TEE) and Kinetic Open Storage for trusted storage. We\r\nhave implemented Pesos as a fully-functional storage system\r\nsupporting many useful end-to-end storage features, and a\r\nrange of effective performance optimizations. We evaluated\r\nPesos using a range of micro-benchmarks, and real-world\r\nuse cases. Our evaluation shows that Pesos incurs reasonable\r\nperformance overheads for the enforcement of policies while\r\nkeeping the trusted computing base (TCB) small.","tags":null,"title":"Pesos: Policy Enhanced Secure Object store","type":"publication"},{"authors":["James Litton","Anjo Vahldiek-Oberwagner","Eslam Elnikety","Deepak Garg","Bobby Bhattacharjee","Peter Druschel"],"categories":null,"content":"","date":1475280000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1475280000,"objectID":"e2a4f4684285c614cafe7ef69d5df8a7","permalink":"https://vahldiek.github.io/publication/litton-2016/","publishdate":"2016-10-01T00:00:00Z","relpermalink":"/publication/litton-2016/","section":"publication","summary":"We introduce a new OS abstraction—light-weight con- texts (lwCs)—that provides independent units of protec- tion, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state), isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating differ- ent user sessions), and privilege separation (in-process reference monitors can arbitrate and control access). lwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclu- sive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll- back, session isolation, sensitive data isolation, and in- process reference monitoring, using Apache, nginx, PHP, and OpenSSL.","tags":["Max Planck Institute for Software Systems","University of Maryland"],"title":"Light-Weight Contexts: An OS Abstraction for Safety and Performance","type":"publication"},{"authors":["Eslam Elnikety","Aastha Mehta","Anjo Vahldiek-oberwagner","Deepak Garg","Peter Druschel"],"categories":null,"content":"","date":1451606400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1451606400,"objectID":"3debed590ff91e91279afca1ba079561","permalink":"https://vahldiek.github.io/publication/elnikety-2016/","publishdate":"2016-01-01T00:00:00Z","relpermalink":"/publication/elnikety-2016/","section":"publication","summary":"Data retrieval systems process data from many sources, each subject to its own data use policy. Ensuring compli-ance with these policies despite bugs, misconfiguration, or operator error in a large, complex, and fast evolving system is a major challenge. Thoth provides an effi-cient, kernel-level compliance layer for data use policies. Declarative policies are attached to the systems' input and output files, key-value tuples, and network connec-tions, and specify the data's integrity and confidential-ity requirements. Thoth tracks the flow of data through the system, and enforces policy regardless of bugs, mis-configurations, compromises in application code, or ac-tions by unprivileged operators. Thoth requires minimal changes to an existing system and has modest overhead, as we show using a prototype Thoth-enabled data re-trieval system based on the popular Apache Lucene.","tags":null,"title":"Thoth : Comprehensive Policy Compliance in Data Retrieval Systems","type":"publication"},{"authors":["Peter Druschel","Rodrigo Rodrigues","Ansley Post","Johannes Gehrke","Anjo Lucas Vahldiek"],"categories":null,"content":"","date":1445299200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1445299200,"objectID":"86d6135edec2c114dd97c4b19647d50f","permalink":"https://vahldiek.github.io/publication/druschel-2015-storagelease/","publishdate":"2015-10-20T00:00:00Z","relpermalink":"/publication/druschel-2015-storagelease/","section":"publication","summary":"Storage leases specify access restrictions and time periods, restricting access to their associated data during the storage lease time period. Storage leases may be assigned to individual data storage blocks or groups of data storage blocks in a data storage device. A data storage device may include any arbitrary number of different storage leases assigned to different portions of its data storage blocks. Storage lease-enabled devices may provide security certificates to verify that data access operations have been performed as requested and that their storage leases are being enforced. Storage lease-enabled devices compare storage lease information for data units with the current time using a clock isolated from access by storage clients or time certificates from one or more trusted time servers... ","tags":null,"title":"Protecting Data Integrity with Storage Leases","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner","Eslam Elnikety","Aastha Mehta","Deepak Garg","Peter Druschel","Rodrigo Rodrigues","Johannes Gehrke","Ansley Post"],"categories":null,"content":"","date":1429228800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1429228800,"objectID":"b47edddac9be84810077adc48a060580","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2015/","publishdate":"2015-04-17T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2015/","section":"publication","summary":"In today’s data processing systems, both the policies protecting stored data and the mechanisms for their enforcement are spread over many software components and configuration files, increasing the risk of policy violation due to bugs, vulnerabilities and misconfigurations. Guardat addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We present the design and prototype implementation of Guardat, enforce example policies in a Web server, and show experimentally thatits overhead is low.","tags":null,"title":"Guardat: Enforcing data policies at the storage layer","type":"publication"},{"authors":["Anjo Vahldiek","Eslam Elnikety","Ansley Post","Peter Druschel","Rodrigo Rodrigues"],"categories":null,"content":"","date":1312156800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1312156800,"objectID":"324687ddd9b814e7fe809d29cd7bb411","permalink":"https://vahldiek.github.io/publication/vahldiek-2011/","publishdate":"2011-08-01T00:00:00Z","relpermalink":"/publication/vahldiek-2011/","section":"publication","summary":"We present a storage primitive called a storage lease. Data stored under a lease cannot be written for a pre-determined period. During the lease period, online data is protected from corruption due to security breaches, software errors, or accidental data deletion. Storage leases fill an important gap in the spectrum of data protection options because they combine strong integrity for online data with the ability to eventually reclaim storage. We define the storage lease primitive, show how it can be implemented in storage device firmware, and discuss its applications. A simulation-based evaluation indicates that storage leases have a modest performance cost for most workloads on magnetic disks. Using a small amount of flash memory, this overhead can be reduced to near zero.","tags":null,"title":"Protecting Data Integrity with Storage Leases","type":"publication"},{"authors":["Hernán Baró Graf","Holger Hermanns","Juhi Kulshrestha","Jens Peter","Anjo Vahldiek","Aravind Vasudevan"],"categories":null,"content":"","date":1293840000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1293840000,"objectID":"282e55345bf12f722b9f7d036e1624b8","permalink":"https://vahldiek.github.io/publication/graf-2011-verifiedwireless/","publishdate":"2011-01-01T00:00:00Z","relpermalink":"/publication/graf-2011-verifiedwireless/","section":"publication","summary":"Wireless communication, hard real time requirements and safety criticality do not go together well. This paper reports on the modelling, design, simulation, implementation and deployment of a small exemplary case that possesses all these features. State-of-the-art verification and simulation means are employed to ensure its proper operation.","tags":null,"title":"A verifiedwireless safety critical hard real-time design","type":"publication"}]
\ No newline at end of file
+[{"authors":["Scott Douglas Constable","Marcin Andrzej Chrapek","Marcin Spoczynski","Cory Cornelius","Mona Vij","Anjo Lucas Vahldiek-Oberwagner"],"categories":null,"content":"","date":1727913600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1727913600,"objectID":"184e494ef5b66f5bbe3b4115c544fbab","permalink":"https://vahldiek.github.io/publication/constable-2024-modelintegrity/","publishdate":"2024-10-03T00:00:00Z","relpermalink":"/publication/constable-2024-modelintegrity/","section":"publication","summary":"Methods, apparatus, systems, and articles of manufacture to verify integrity of a model are disclosed. An example apparatus includes programmable circuitry to initialize an instance of a trusted execution environment; upload a security manifest of the trusted execution environment and a machine learning model; determine whether to store the machine learning model into a memory based on checking of the security manifest; determine whether the machine learning model is valid; and output a validation result.","tags":null,"title":"METHODS AND APPARATUS TO VERIFY THE INTEGRITY OF A MODEL","type":"publication"},{"authors":["Anjo Lucas Vahldiek-Oberwagner","Marcin Andrzej Chrapek","Scott Constable"],"categories":null,"content":"","date":1726099200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1726099200,"objectID":"8eea68f99bcee9aaeba2fc35dd0fa806","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2024-modelaccuracy/","publishdate":"2024-09-12T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2024-modelaccuracy/","section":"publication","summary":"Systems, apparatus, methods, and articles of manufacture to validate the accuracy of artificial intelligence models are disclosed. An example apparatus includes machine-readable instructions; and at least one processor circuit to be programmed by the machine-readable instructions to: compute accuracy statistics of an artificial intelligence model using software applied by a trusted third party and an input data set; determine a signed artifact based on (1) the accuracy statistics indicative of the accuracy of the artificial intelligence model,(2) the software applied by the trusted third party, and (3) the input data set; and communicate the signed artifact to a user of the artificial intelligence model. ","tags":null,"title":"Artificial intelligence model accuracy validation","type":"publication"},{"authors":["Fangfei Yang","Bumjin Im","Weijie Huang","Kelly Kaoudis","Anjo Vahldiek-Oberwagner","Chia-Che Tsai","Nathan Dautenhahn"],"categories":null,"content":"","date":1723593600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1723593600,"objectID":"c5377622cc9cbc9da6ea358bb44361a3","permalink":"https://vahldiek.github.io/publication/yang-2024-endokernel/","publishdate":"2024-08-14T00:00:00Z","relpermalink":"/publication/yang-2024-endokernel/","section":"publication","summary":"Compartmentalization decomposes applications into isolated components, effectively confining the scope of potential security breaches. Recent approaches nest the protection monitor within processes for efficient memory isolation at the cost of security. However, these systems lack solutions for efficient multithreaded safety and neglect kernel semantics that can be abused to bypass the monitor.\r\n\r\nThe Endokernel is an intra-process security monitor that isolates memory at subprocess granularity. It ensures backwards-compatible and secure emulation of system interfaces, a task uniquely challenging due to the need to analyze OS and hardware semantics beyond mere interface usability. We introduce an inside-out methodology where we identify core OS primitives that allow bypass and map that back to the interfaces that depend on them. This approach led to the identification of several missing policies as well as aided in developing a fine-grained locking approach to deal with complex thread safety when inserting a monitor between the OS and the application. Results indicate that we can achieve fast isolation while greatly enhancing security and maintaining backwards-compatibility, and also showing a new method for systematically finding gaps in policies.","tags":null,"title":"Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation","type":"publication"},{"authors":["Shravan Narayan","Tal Garfinkel","Mohammadkazem Taram","Joey Rudek","Daniel Moghimi","Evan Johnson","Anjo Vahldiek-Oberwagner","Michael LeMay","Ravi Sahita","Dean Tullsen","Deian Stefan"],"categories":null,"content":"","date":1722470400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1722470400,"objectID":"8279a918b99d79503c655098c67bccc3","permalink":"https://vahldiek.github.io/publication/narayan-2024/","publishdate":"2024-08-01T00:00:00Z","relpermalink":"/publication/narayan-2024/","section":"publication","summary":"Hardware-assisted fault isolation (HFI) is a minimal extension to current processors that supports secure, flexible, and efficient in-process isolation. HFI addresses the limitations of existing software-based fault isolation (SFI) systems, including runtime overheads, limited scalability, vulnerability to Spectre attacks, and limited compatibility with existing code and binaries. HFI can be seamlessly integrated into existing SFI systems (e.g., WebAssembly) or directly sandbox unmodified native binaries. To ease adoption, HFI relies only on incremental changes to existing high-performance processors.","tags":null,"title":"Hardware-Assisted Fault Isolation: Going Beyond the Limits of Software-Based Sandboxing","type":"publication"},{"authors":["Michael Lemay","Dan Baum","Joseph Cihula","Joao Batista Correa Gomes Moreira","Anjo Lucas Vahldiek-Oberwagner","Scott Constable","Andreas Kleen","Konrad Lai","Henrique De Medeiros Kawakami","David M Durham"],"categories":null,"content":"","date":1704326400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1704326400,"objectID":"468ce9c7b3f490b9cd55dfa32b6a9662","permalink":"https://vahldiek.github.io/publication/lemay-2024-rtcall/","publishdate":"2024-01-04T00:00:00Z","relpermalink":"/publication/lemay-2024-rtcall/","section":"publication","summary":"Techniques for an instruction for a Runtime Call operation are described. An example apparatus comprises decoder circuitry to decode a single instruction, the single instruction to include a field for an identifier of an opcode, the opcode to indicate execution circuitry is to execute a no operation when a runtime call destination equals a predetermined value; and execute an indirect call with the runtime call destination as a destination address when the runtime call destination does not equal the predetermined value. Other examples are described and claimed.","tags":null,"title":"REDUCING INSTRUMENTATION CODE BLOAT AND PERFORMANCE OVERHEADS USING A RUNTIME CALL INSTRUCTION","type":"publication"},{"authors":["Fangfei Yang","Weijie Huang","Kelly Kaoudis","Anjo Vahldiek-Oberwagner","Nathan Dautenhahn"],"categories":null,"content":"","date":1701993600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1701993600,"objectID":"311969e799c798fc849731b13b29fc35","permalink":"https://vahldiek.github.io/publication/yang-2023-endoprocess/","publishdate":"2023-12-08T00:00:00Z","relpermalink":"/publication/yang-2023-endoprocess/","section":"publication","summary":"Modern applications combine multiple components into single processes, leading to complex tradeoffs between isolation, performance, and programmability. We present the Endoprocess, a unique, microkernel-based approach for protection within process spaces. An endoprocess safely multiplexes process resources by exporting a low-level abstraction, the subprocess, that is transparently overlaid on existing process interfaces (like mmap, mprotect, etc), and provides extensibility and programmability through custom application-layer modules. We report experimental results of an initial prototype and highlight several application domains. Overall, the endoprocess presents a path for protection within processes while remaining compatible with existing OS abstractions and multiplexing them in a secure and extensible way.","tags":null,"title":"Endoprocess: Programmable and Extensible Subprocess Isolation","type":"publication"},{"authors":["Atsushi Koshiba","Felix Gust","Julian Pritzi","Anjo Vahldiek-Oberwagner","Nuno Santos","Pramod Bhatotia"],"categories":null,"content":"","date":1692835200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1692835200,"objectID":"602c4cb32b31cf8d95ba8c9e57d3c55b","permalink":"https://vahldiek.github.io/publication/koshiba-2023-tdcof/","publishdate":"2023-08-24T00:00:00Z","relpermalink":"/publication/koshiba-2023-tdcof/","section":"publication","summary":"The rising performance demands and increasing heterogeneity in cloud data centers lead to a paradigm shift in the cloud infrastructure, from monolithic servers to a disaggregated architecture. In a multi-tenant cloud, users should be able to leverage trusted computing to protect their applications from untrusted parties. While Trusted Execution Environments (TEEs) are a well-known technique to realize trusted computing on monolithic servers, we cannot adopt existing TEE technologies to the disaggregated architecture due to their distributed nature and heterogeneity of devices. To address these challenges, we propose trusted heterogeneous disaggregated architectures, which allows cloud users to construct virtual TEEs (vTEEs): TEE-based, secure, isolated environments assembled with any combination of disaggregated components.","tags":null,"title":"Trusted Heterogeneous Disaggregated Architectures","type":"publication"},{"authors":["Marcela S Melara","Bruno Vavala","Michael Steiner","Vincent Scarlata","Anjo Lucas Vahldiek-Oberwagner"],"categories":null,"content":"","date":1692748800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1692748800,"objectID":"0d19bd8389c641c80a62fd2a41169e0a","permalink":"https://vahldiek.github.io/publication/melara-2023-attest/","publishdate":"2023-08-23T00:00:00Z","relpermalink":"/publication/melara-2023-attest/","section":"publication","summary":"A method and apparatus for multi-dimensional attestations for a software application. A multi-dimensional attestation is generated for at least one component of the software application. The multi-dimensional attestation includes a signed attestation for the at least one component and an attestation reference to at least one other related component. A verifier obtains multi-dimensional attestations for the components of the software application and obtains the signed attestation for the related components of the software application based on the attestation reference and verifies integrity of at least part of the software application based on the obtained signed attestations. The multi-dimensional attestation for a given component of a software application can link attestations across spatial and temporal dimensions including other microservice(s) that communicates directly with the subject microservice, imported code dependencies on which the subject microservice is dependent, and/or the underlying software layer of the subject microservice.","tags":null,"title":"Method and apparatus for multi-dimensional attestation for a software application","type":"publication"},{"authors":["Vincent Scarlata","Alpa Trivedi","Reshma Lal","Marcela S Melara","Michael Steiner","Anjo Vahldiek-Oberwagner"],"categories":null,"content":"","date":1684195200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1684195200,"objectID":"edf3e091afcad332eea0079b39c3b7ea","permalink":"https://vahldiek.github.io/publication/scarlata-2022-atttool/","publishdate":"2023-05-16T00:00:00Z","relpermalink":"/publication/scarlata-2022-atttool/","section":"publication","summary":"Attestation of operations by tool chains is described. An example of a storage medium includes instructions for receiving source code for processing of a secure workload of a tenant; selecting at least a first compute node to provide computation for the workload; processing the source code by an attestable tool chain to generate machine code for the first compute node, including performing one or more conversions of the source code by one or more convertors to generate converted code and generating an attestation associated with each code conversion, and receiving machine code for the first compute node and generating an attestation associated with the first compute node; and providing each of the attestations from the first stage and the second stage for verification.","tags":null,"title":"ATTESTATION OF OPERATIONS BY TOOL CHAINS","type":"publication"},{"authors":["Shravan Narayan","Tal Garfinkel","Mohammadkazem Taram","Joey Rudek","Daniel Moghimi","Evan Johnson","Anjo Vahldiek-Oberwagner","Michael LeMay","Ravi Sahita","Dean Tullsen","Deian Stefan"],"categories":null,"content":"","date":1677628800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1677628800,"objectID":"e645142689f3cbf82cd0307016499cdf","permalink":"https://vahldiek.github.io/publication/narayan-2023/","publishdate":"2023-03-01T00:00:00Z","relpermalink":"/publication/narayan-2023/","section":"publication","summary":"We introduce Hardware-assisted Fault Isolation (HFI), a simple\r\nextension to existing processors to support secure, flexible, and efficient\r\nin-process isolation. HFI addresses the limitations of existing software-based\r\nisolation (SFI) systems including: runtime overheads, limited scalability,\r\nvulnerability to Spectre attacks, and limited compatibility with existing code.\r\nHFI can seamlessly integrate with current SFI systems (e.g., WebAssembly), or\r\ndirectly sandbox unmodified native binaries. To ease adoption, HFI relies only\r\non incremental changes to the data and control path of existing high-performance\r\nprocessors. We evaluate HFI for x86-64 using the gem5 simulator and\r\ncompiler-based emulation on a mix of real and synthetic workloads.","tags":null,"title":"Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI","type":"publication"},{"authors":["Dinglan Peng","Congyu Liu","Tapti Palit","Pedro Fonseca","Anjo Vahldiek-Oberwagner","Mona Vij"],"categories":null,"content":"","date":1672531200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1672531200,"objectID":"74ee736bd683f9b38e12e930f4705ac4","permalink":"https://vahldiek.github.io/publication/peng-2023/","publishdate":"2023-01-01T00:00:00Z","relpermalink":"/publication/peng-2023/","section":"publication","summary":"Isolating application components is crucial to limit the exposure of sensitive data and code to vulnerabilities in the untrusted components. Process-based isolation is the de facto isolation used in practice, e.g., web browsers. However, it incurs significant performance overhead and is typically infeasible when frequent switches between isolation domains are expected. To address this problem, many intra-process memory isolation techniques have been proposed using novel kernel abstractions, recent CPU extensions, such as Intel® MPK, and software-based fault isolation (e.g., WebAssembly). However, these techniques insufficiently isolate kernel resources, such as file descriptors, or do so by incurring substantial overheads when these resources are accessed. Other work virtualizes the kernel context inside a privileged user space domain, but this is ad-hoc, error-prone, and provides only a limited set of kernel functionalities. We propose μSWITCH, an efficient kernel context isolation mechanism with memory protection that addresses these limitations. We use a protected structure, shared by the kernel and the userspace, for context switching and propose implicit context switching to improve its performance by deferring the kernel resource switch to the next system call. We apply μSWITCH to isolate libraries in the Firefox web browser and an HTTP server, and reduce the overhead of isolation by 32.7% to 98.4% compared with other isolation techniques.","tags":null,"title":"uSwitch: Fast Kernel Context Isolation with Implicit Context Switches","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner"],"categories":null,"content":"","date":1671062400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1671062400,"objectID":"0a44469264758c0671e8a0552bee5b9b","permalink":"https://vahldiek.github.io/publication/vahldiek-2022-darpa/","publishdate":"2022-12-15T00:00:00Z","relpermalink":"/publication/vahldiek-2022-darpa/","section":"publication","summary":"Motivated by developer productivity, serverless computing, and\r\nmicroservices have become the de facto development model in the cloud.\r\nMicroservices decompose monolithic applications into separate functional units\r\ndeployed individually. This deployment model, however, costs CSPs a large\r\ninfrastructure tax of more than 25%. To overcome these limitations, CSPs shift\r\nworkloads to Infrastructure Processing Units (IPUs) like Amazon’s Nitro or,\r\ncomplementary, innovate by building on memory-safe languages and novel software\r\nabstractions.\r\n\r\nBased on these trends, we hypothesize a MemorySafe Software and Hardware\r\nArchitecture providing a general-purpose runtime environment to specialize\r\nfunctionality when needed and strongly isolate components. To achieve this goal,\r\nwe investigate building a single address space OS or a multi-application library\r\nOS, possible hardware implications, and demonstrate their capabilities,\r\ndrawbacks and requirements. The goal is to bring the advantages to all\r\napplication workloads including legacy and memory-unsafe applications, and\r\nanalyze how hardware may improve the efficiency and security.","tags":null,"title":"The Rise of Memory-Safe Languages: Building a Fast, Elastic, Secure Software \u0026 Hardware Architecture","type":"publication"},{"authors":["Shravan Narayan","Tal Garfinkel","Evan Johnson","David Thien","Joey Rudek","Michael LeMay","Anjo Vahldiek-Oberwagner","Dean Tullsen","Deian Stefan"],"categories":null,"content":"","date":1670803200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1670803200,"objectID":"1ffa86836ab7f54ef1bdb0f863329842","permalink":"https://vahldiek.github.io/publication/narayan-2022/","publishdate":"2022-12-12T00:00:00Z","relpermalink":"/publication/narayan-2022/","section":"publication","summary":"WebAssembly (Wasm) and similar Software-based Fault Isolation\r\n(SFI) systems enable secure sandboxing by virtualizing process address space.\r\nThey accomplish this by: (1) adding a base address to the operand of all\r\nload/store instructions to select a sandbox, and (2) enforcing isolation by\r\ntrapping out-of-bounds memory accesses using regions of unmapped memory (guard\r\nregions). Leveraging modern x86 hardware, we offer two optimizations to this.\r\n\r\nWith Segue, we observe that x86-64 segmentation can be used to remove most of\r\nthe cost of SFI base addition, resulting in speedups ranging from 13.8% for\r\nSPECint® 2006 to 11.2% for font rendering in Firefox. With ColorGuard, we note\r\nthat MPK-based page coloring can be used to reclaim the virtual address space\r\nwasted by guard regions. This results in a 11.91× increase in the number of\r\nconcurrent Wasm instances a process can support — reducing context switch\r\noverheads, load imbalances, and other inefficiencies that detract from the\r\nperformance of high-scale edge computing platforms. ","tags":null,"title":"Segue \u0026 ColorGuard: Optimizing SFI Performance and Scalability on Modern x86","type":"publication"},{"authors":null,"categories":null,"content":"Motivated by developer productivity, serverless computing, and microservices have become the de facto development model in the cloud. Microservices decompose monolithic applications into separate functional units deployed individually. This deployment model, however, costs CSPs a large infrastructure tax of more than 25%.\nTo overcome this architectural limitation, we hypothesize a Memory-Safe Software and Hardware Architecture providing a general-purpose runtime environment to specialize functionality when needed and strongly isolate components.\n","date":1668122682,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1668122682,"objectID":"ca6b29ade8fbe9c3d6b80b008aefb057","permalink":"https://vahldiek.github.io/project/meshwa/","publishdate":"2022-11-11T00:24:42+01:00","relpermalink":"/project/meshwa/","section":"project","summary":"Optimize local microservice executions using memory-safe languages and hardware optimizations","tags":["memory isolation","serverless computing","microservices","memory-safe langauges"],"title":"Memory-Safe Hardware and Software Architecture","type":"project"},{"authors":["Anjo Vahldiek-Oberwagner","Mona Vij"],"categories":null,"content":"","date":1667865600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1667865600,"objectID":"75a7223930931b288e2c4cbf25db82a3","permalink":"https://vahldiek.github.io/publication/vahldiek-2022-words/","publishdate":"2022-11-08T00:00:00Z","relpermalink":"/publication/vahldiek-2022-words/","section":"publication","summary":"Motivated by developer productivity, serverless computing, and\r\nmicroservices have become the de facto development model in the cloud.\r\nMicroservices decompose monolithic applications into separate functional units\r\ndeployed individually. This deployment model, however, costs CSPs a large\r\ninfrastructure tax of more than 25%. To overcome these limitations, CSPs shift\r\nworkloads to Infrastructure Processing Units (IPUs) like Amazon’s Nitro or,\r\ncomplementary, innovate by building on memory-safe languages and novel software\r\nabstractions.\r\n\r\nBased on these trends, we hypothesize a MemorySafe Software and Hardware\r\nArchitecture providing a general-purpose runtime environment to specialize\r\nfunctionality when needed and strongly isolate components. To achieve this goal,\r\nwe investigate building a single address space OS or a multi-application library\r\nOS, possible hardware implications, and demonstrate their capabilities,\r\ndrawbacks and requirements. The goal is to bring the advantages to all\r\napplication workloads including legacy and memory-unsafe applications, and\r\nanalyze how hardware may improve the efficiency and security.","tags":null,"title":"MeSHwA: The case for a Memory-Safe Software and Hardware Architecture for Serverless Computing","type":"publication"},{"authors":["Dayeol Lee","Kevin Cheang","Alexander Thomas","Catherine Lu","Pranav Gaddamadugu","Anjo Vahldiek-Oberwagner","Mona Vij","Dawn Song","Sanjit A. Seshia","Krste Asanović"],"categories":null,"content":"","date":1664841600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1664841600,"objectID":"a9da1558128d358ab8ffc837264fc917","permalink":"https://vahldiek.github.io/publication/lee-2022/","publishdate":"2022-10-04T00:00:00Z","relpermalink":"/publication/lee-2022/","section":"publication","summary":"Hardware enclaves rely on a disjoint memory model, which maps each physical address to an enclave to achieve strong memory isolation. However, this severely limits the performance and programmability of enclave programs. While some prior work proposes enclave memory sharing, it does not provide a formal model or verification of their designs. This paper presents Cerberus, a formal approach to secure and efficient enclave memory sharing. To reduce the burden of formal verification, we compare different sharing models and choose a simple yet powerful sharing model. Based on the sharing model, Cerberus extends an enclave platform such that enclave memory can be made immutable and shareable across multiple enclaves via additional operations. We use incremental verification starting with an existing formal model called the Trusted Abstract Platform (TAP). Using our extended TAP model, we formally verify that Cerberus does not break or weaken the security guarantees of the enclaves despite allowing memory sharing. More specifically, we prove the Secure Remote Execution (SRE) property on our formal model. Finally, the paper shows the feasibility of Cerberus by implementing it in an existing enclave platform, RISC-V Keystone.","tags":null,"title":"Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing","type":"publication"},{"authors":["Ravi Sahita","Dror Caspi","Vedvyas Shanbhogue","Vincent Scarlata","Anjo Lucas Vahldiek-Oberwagner","Haidong Xia","Mona Vij"],"categories":null,"content":"","date":1664841600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1664841600,"objectID":"da93266cc5c96e6eb95d9a2af09d1c6e","permalink":"https://vahldiek.github.io/publication/sahita-2022-clonetee/","publishdate":"2022-10-04T00:00:00Z","relpermalink":"/publication/sahita-2022-clonetee/","section":"publication","summary":"Scalable cloning and replication for trusted execution environments is described. An example of a computer-readable storage medium includes instructions for receiving a selection of a point to capture a snapshot of a baseline trust domain (TD) or secure enclave, the TD or secure enclave being associated with a trusted execution environment (TEE) of a processor utilized for processing of a workload; initiating cloning of the TD or secure enclave from a source platform to an escrow platform; generating an escrow key to export the snapshot to the escrow platform; and exporting a state of the TD or secure enclave to the escrow platform, the state being sealed with a sealing key.","tags":null,"title":"Scalable cloning and replication for trusted execution environments","type":"publication"},{"authors":null,"categories":null,"content":"A scientific paper consists of a constellation of artifacts that extend beyond the document itself: software, hardware, evaluation data and documentation, raw survey results, mechanized proofs, models, test suites, benchmarks, and so on. In some cases, the quality of these artifacts is as important as that of the document itself.\nMy involvement in artifact evaluation efforts in the systems, security and HPC communities have led to a growing understanding of building reusable and reproducible artifacts. We continuously work on the process to lower the burden on the authors and ease the reproduction of results for evaluators.\nInvolvement in past Artifact Evaluation:\n USENIX Security\u0026rsquo;24 Artifact Evaluation co-chair USENIX Security\u0026rsquo;23 Artifact Evaluation co-chair EuroSys\u0026rsquo;22 Artifact Evaluation co-chair SC\u0026rsquo;21 Best Reproducibility Advancement Award o-chair SC\u0026rsquo;21 Artifact Evaluation co-chair OSDI\u0026rsquo;20 Artifact Evaluation co-chair  ","date":1656977082,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1656977082,"objectID":"8a3efdbe12ae435a4d96905bea8117f9","permalink":"https://vahldiek.github.io/project/artifact-eval/","publishdate":"2022-07-05T00:24:42+01:00","relpermalink":"/project/artifact-eval/","section":"project","summary":"Building and evaluating reproducible and reusable research artifacts. ","tags":["research artifacts","artifact evaluation"],"title":"Research Artifacts and Evaluation","type":"project"},{"authors":["Michael Lemay","David M Durham","Anjo Lucas Vahldiek-Oberwagner","Anna Trikalinou"],"categories":null,"content":"","date":1656547200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1656547200,"objectID":"cdc69387188016c813af872ebff0e36e","permalink":"https://vahldiek.github.io/publication/lemay-2022-xaddrcc/","publishdate":"2022-06-30T00:00:00Z","relpermalink":"/publication/lemay-2022-xaddrcc/","section":"publication","summary":"An apparatus comprising a processor unit comprising circuitry to generate, for a first network host, a request for an object of a second network host, wherein the request comprises an address comprising a routable host ID of the second network host and an at least partially encrypted object ID, wherein the address uniquely identifies the object within a distributed computing domain; and a memory element to store at least a portion of the object.","tags":null,"title":"CRYPTOGRAPHIC COMPUTING INCLUDING ENHANCED CRYPTOGRAPHIC ADDRESSES","type":"publication"},{"authors":["Tanu Malik","Anjo Vahldiek-Oberwagner","Ivo Jimenez","Carlos Maltzahn"],"categories":null,"content":"","date":1656547200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1656547200,"objectID":"5f4f34b05ba7390b1ba1caed57976f9f","permalink":"https://vahldiek.github.io/publication/malik-2022-aehpc/","publishdate":"2022-06-30T00:00:00Z","relpermalink":"/publication/malik-2022-aehpc/","section":"publication","summary":"A scientific paper consists of a constellation of artifacts that extend beyond the document itself: software, hardware, evaluation data and documentation, raw survey results, mechanized proofs, models, test suites, benchmarks, and so on. In some cases, the quality of these artifacts is as important as that of the document itself. Based on the success of the Artifact Evaluation efforts at other systems conferences, the 2021 International Conference for High Performance Computing, Networking, Storage, and Analysis (SC21) organized a comprehensive Artifact Description/Artifact Evaluation (AD/AE) review and competition as part of the SC21 Reproducibility Initiative. This paper summarizes the key findings of the AD/AE effort.","tags":null,"title":"Expanding the Scope of Artifact Evaluation at HPC Conferences: Experience of SC21","type":"publication"},{"authors":["Paritosh Saxena","Anjo Lucas Vahldiek-Oberwagner","Mona Vij","Kshitij A Doshi","Carlos H Morales","Clair Bowman","Marcela S Melara","Michael Steiner"],"categories":null,"content":"","date":1650499200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1650499200,"objectID":"8f509be9abcb60afcb3e1b370718e890","permalink":"https://vahldiek.github.io/publication/saxena-2022-optuserv/","publishdate":"2022-04-21T00:00:00Z","relpermalink":"/publication/saxena-2022-optuserv/","section":"publication","summary":"In one embodiment, metadata associated with deployment of a container within an orchestration environment includes information indicating security preferences for deployment of the container within the orchestration environment, information indicating a level of communications between the container and other containers, and/or information indicating effects of execution of the container with respect to other containers. The metadata is used to select a particular node of a plurality of nodes within the orchestration environment on which to deploy the container based on the metadata.","tags":null,"title":"Optimizing deployment and security of microservices","type":"publication"},{"authors":["Michael Lemay","Anjo Vahldiek-oberwagner"],"categories":null,"content":"","date":1629936000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1629936000,"objectID":"0ea1a34cbe895e1d75013fb636640e88","permalink":"https://vahldiek.github.io/publication/lemay-2021-ctrlsyscallpat/","publishdate":"2021-08-26T00:00:00Z","relpermalink":"/publication/lemay-2021-ctrlsyscallpat/","section":"publication","summary":"Systems, apparatuses and methods may provide for technology that stores a security monitor at a first location in an address space, wherein the security monitor is to control requests to use a security-critical instruction at a second location in the address space, and wherein the second location is in the first set of locations. The technology also installs a control instruction at an entry point to the security monitor, wherein the control instruction is to restrict indirect branch targets, and excludes the control instruction from all locations in the first set of locations that are not entry points.","tags":null,"title":"TECHNOLOGY TO CONTROL SYSTEM CALL INVOCATIONS WITHIN A SINGLE ADDRESS SPACE","type":"publication"},{"authors":["Bumjin Im","Fangfei Yang","Chia-Che Tasi","Michael LeMay","Anjo Vahldiek-Oberwagner","Nathan Dautenhahn"],"categories":null,"content":"","date":1628467200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1628467200,"objectID":"bd8621a62693821b2c92a78816cdb062","permalink":"https://vahldiek.github.io/publication/im-2021-endokernel/","publishdate":"2021-08-09T00:00:00Z","relpermalink":"/publication/im-2021-endokernel/","section":"publication","summary":"Commodity applications contain more and more combinations of interacting components (user, application, library, and system) and exhibit increasingly diverse tradeoffs between isolation, performance, and programmability. We argue that the challenge of future runtime isolation is best met by embracing the multi-principle nature of applications, rethinking process architecture for fast and extensible intra-process isolation. We present, the Endokernel, a new process model and security architecture that nests an extensible monitor into the standard process for building efficient least-authority abstractions. The Endokernel introduces a new virtual machine abstraction for representing subprocess authority, which is enforced by an efficient self-isolating monitor that maps the abstraction to system level objects (processes, threads, files, and signals). We show how the Endokernel can be used to develop specialized separation abstractions using an exokernel-like organization to provide virtual privilege rings, which we use to reorganize and secure NGINX. Our prototype, includes a new syscall monitor, the nexpoline, and explores the tradeoffs of implementing it with diverse mechanisms, including Intel Control Enhancement Technology. Overall, we believe sub-process isolation is a must and that the Endokernel exposes an essential set of abstractions for realizing this in a simple and feasible way.","tags":null,"title":"The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner"],"categories":null,"content":"","date":1618444800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618444800,"objectID":"950ba2229ba3fa8b9e2b38c4397ad34a","permalink":"https://vahldiek.github.io/publication/vahldiek-2021-ittkgp/","publishdate":"2021-04-15T00:00:00Z","relpermalink":"/publication/vahldiek-2021-ittkgp/","section":"publication","summary":"In this lecture we review existing operating system abstractions and review their effectiveness in a changing world where workloads are deployed in the cloud, run in high-level languages, and rely on fast communication. We take a deep dive into single address-space OS and discuss their advantages, disadvantages and challenges in implementing them. ","tags":null,"title":"Breaking with traditional OS Abstractions","type":"publication"},{"authors":["Ravi L Sahita","Anjo Lucas Vahldiek-Oberwagner","Teck Joo Goh","Rameshkmar Illikkal","Andrzej Kuriata","Vedvyas Shanbhogue","Mona Vij","Haidong Xia"],"categories":null,"content":"","date":1618444800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618444800,"objectID":"08705d60950d6527b1a90d17d5f2168e","permalink":"https://vahldiek.github.io/publication/sahita-2021-isomempat/","publishdate":"2021-04-15T00:00:00Z","relpermalink":"/publication/sahita-2021-isomempat/","section":"publication","summary":"Example methods and systems are directed to isolating memory in\r\ntrusted execution environments ( TEEs ) . In func tion - as - a - service ( FaaS\r\n) environments , a client makes use of a function executing within a TEE on a\r\nFaaS server . To minimize the trusted code base ( TCB ) for each function , each\r\nfunction may be placed in a separate TEE . However , this causes the overhead of\r\ncreating a TEE to be incurred for each function . As discussed herein , multiple\r\nfunctions may be placed in a single TEE without compromising the data integrity\r\nof each function . For example , by using a different extended page table ( EPT\r\n) for each function , the virtual address spaces of the functions are kept\r\nseparate and map to different ,non - overlapping physical address spaces .\r\nPartial overlap may be permitted to allow functions to share some data while\r\nprotecting other data . Memory for each function may be encrypted using a\r\ndifferent encryption key. ","tags":null,"title":"Isolating memory within trusted execution environments","type":"publication"},{"authors":["Anjo Lucas Vahldiek-Oberwagner","Ravi L Sahita","Mona Vij","Rameshkumar Illikkal","Michael Steiner","Thomas Knauth","Dmitrii Kuvaiskii","Sudha Krishnakumar","Krystof C Zmudzinski","Vincent Scarlata","Francis McKeen"],"categories":null,"content":"","date":1618444800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618444800,"objectID":"9dc687f2e491dd393298f4c0eb3a53fc","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2021-redlatpat/","publishdate":"2021-04-15T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2021-redlatpat/","section":"publication","summary":"Example methods and systems are directed to reducing latency in providing trusted execution environments (TEES). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed. ","tags":null,"title":"Reducing latency of hardware trusted execution environments","type":"publication"},{"authors":["Anjo Lucas Vahldiek-Oberwagner","Ravi L Sahita","Mona Vij","Dayeol Lee","Haidong Xia","Rameshkumar Illikkal","Samuel Ortiz","Kshitij Arun Doshi","Mourad Cherfaoui","Andrzej Kuriata","Teck Joo Goh"],"categories":null,"content":"","date":1618444800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618444800,"objectID":"9c27c1eb97b656aea09a42521e3015d5","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2021-scalableattestpat/","publishdate":"2021-04-15T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2021-scalableattestpat/","section":"publication","summary":"In function-as-a-service (FaaS) environments, a client makes use of a function executing within a trusted execution environment (TEE) on a FaaS server. Multiple tenants of the FaaS platform may provide functions to be executed by the FaaS platform via a gateway. Each tenant may provide code and data for any number of functions to be executed within any number of TEEs on the FaaS platform and accessed via the gateway. Additionally, each tenant may provide code and data for a single surrogate attester TEE. The client devices of the tenant use the surrogate attester TEE to attest each of the other TEEs of the tenant and establish trust with the functions in those TEEs. Once the functions have been attested, the client devices have confidence that the other TEEs of the tenant are running on the same platform as the gateway. ","tags":null,"title":"Scalabe attestation for trusted execution environments","type":"publication"},{"authors":["Shravan Narayan","Craig Disselkoen","Daniel Moghimi","Sunjay Cauligi","Evan Johnson","Zhao Gang","Anjo Vahldiek-Oberwagner","Ravi Sahita","Hovav Shacham","Dean Tullsen","Deian Stefan"],"categories":null,"content":"","date":1614556800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1614556800,"objectID":"67102dcbbeb8051a1640a4d9d51a8b1f","permalink":"https://vahldiek.github.io/publication/narayan-2021/","publishdate":"2021-03-01T00:00:00Z","relpermalink":"/publication/narayan-2021/","section":"publication","summary":"We describe Swivel, a new compiler framework for hardening\r\nWebAssembly (Wasm) against Spectre attacks. Outside the browser, Wasm has become\r\na popular lightweight, in-process sandbox and is, for example, used in\r\nproduction to isolate different clients on edge clouds and function-as-a-service\r\nplatforms. Unfortunately, Spectre attacks can bypass Wasm’s isolation\r\nguarantees. Swivel hardens Wasm against this class of attacks by ensuring that\r\npotentially malicious code can neither use Spectre attacks to break out of the\r\nWasm sandbox nor coerce victim code—another Wasm client or the embedding\r\nprocess—to leak secret data.\r\n\r\nWe describe two Swivel designs, a software-only approach that can be used on\r\nexisting CPUs, and a hardware-assisted approach that uses extension available in\r\nIntel® 11th generation CPUs. For both, we evaluate a randomized approach that\r\nmitigates Spectre and a deterministic approach that eliminates Spectre\r\naltogether. Our randomized implementations impose under 10.3% overhead on the\r\nWasm-compatible subset of SPEC 2006, while our deterministic implementations\r\nimpose overheads between 3.3% and 240.2%. Though high on some benchmarks,\r\nSwivel’s overhead is still between 9× and 36.3× smaller than existing defenses\r\nthat rely on pipeline fences. ","tags":null,"title":"Swivel: Hardening WebAssembly against Spectre","type":"publication"},{"authors":["Dayeol Lee","Dmitrii Kuvaiskii","Anjo Vahldiek-Oberwagner","Mona Vij"],"categories":null,"content":"","date":1599696000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1599696000,"objectID":"a10b66f22373fc3a2dc3e8d62f1e654f","permalink":"https://vahldiek.github.io/publication/lee-2020-ppml/","publishdate":"2020-09-10T00:00:00Z","relpermalink":"/publication/lee-2020-ppml/","section":"publication","summary":"We present a practical framework to deploy privacy-preserving machine learning (PPML) applications in untrusted clouds based on a trusted execution environment (TEE). Specifically, we shield unmodified PyTorch ML applications by running them in Intel SGX enclaves with encrypted model parameters and encrypted input data to protect the confidentiality and integrity of these secrets at rest and during runtime. We use the open-source Graphene library OS with transparent file encryption and SGX-based remote attestation to minimize porting effort and seamlessly provide file protection and attestation. Our approach is completely transparent to the machine learning application: the developer and the end-user do not need to modify the ML application in any way.","tags":null,"title":"Privacy-Preserving Machine Learning in Untrusted Clouds Made Simple","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner","Chia-Che Tsai","Dmitrii Kuvaiskii","Don Porter"],"categories":null,"content":"","date":1599696000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1599696000,"objectID":"c10e63151000023863e5b0910a32c99a","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2020-secdev/","publishdate":"2020-09-10T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2020-secdev/","section":"publication","summary":"In this tutorial, we will walk through the steps of using the Graphene framework to establish a confidential computing environment for protecting the data of an unmodified Linux application on untrusted hosts. Graphene is an open-source project since 2014 and has been ported for Intel SGX, an innovative CPU feature design for confidential computing. Graphene has been maintained by the community and has been actively adopted for prototyping and development. This tutorial will start with an introduction and overview of the Graphene project and architecture, followed by the step-by-step guide for installing, configuring, executing, and debugging the Graphene framework for confidential computing of applications. In particular, this tutorial will deep dive into several latest features of Graphene, including remote attestation, protected FS, Graphene shielded containers.","tags":null,"title":"Tutorial: Graphene: Confidential Computing for Unmodified Linux Applications","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner","Dmitrii Kuvaiskii"],"categories":null,"content":"","date":1593648000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1593648000,"objectID":"fc7580379ee37415bcea2efb6ae984e0","permalink":"https://vahldiek.github.io/publication/vahldiek-2020-lss/","publishdate":"2020-07-02T00:00:00Z","relpermalink":"/publication/vahldiek-2020-lss/","section":"publication","summary":"Computing on secret data is challenging with today’s cloud service provider (CSP)\r\nofferings. CSP have full visibility into their client’s workloads and data while run in a VM or\r\ncontainer and shielding against other tenants. On the contrary, confidential computing (CC)\r\ntechniques (e.g., Intel Software Guard Extension (SGX)) offer a reverse sandbox. These techniques\r\nshield the workload and data from accesses by the underlying system software (e.g., OS or VMM) and\r\nhardware attacks. Thus, preventing CSPs from accessing secrets. In addition, CC provides remote\r\nattestation to verify the integrity of applications.\r\n\r\nIn this talk we will present Graphene Secure Containers, a technique to automatically wrap an\r\nunmodified Linux application packaged in a container image to execute inside Intel SGX using the\r\nGraphene LibraryOS and allow users to verify application integrity via remote attestation. ","tags":null,"title":"Automatically Securing Linux Application Containers in Untrusted Clouds","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner","Eslam Elnikety","Nuno O. Duarte","Michael Sammler","Peter Druschel","Deepak Garg"],"categories":null,"content":"","date":1547424000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1547424000,"objectID":"e35baa3c4ce5ea8876db20f423926be5","permalink":"https://vahldiek.github.io/publication/vahldiek-2018-erim/","publishdate":"2019-01-14T00:00:00Z","relpermalink":"/publication/vahldiek-2018-erim/","section":"publication","summary":"Isolating sensitive data and state can increase the security and robustness of many applications. Examples include protecting cryptographic keys against exploits like OpenSSL's Heartbleed bug or protecting a language runtime from native libraries written in unsafe languages. When runtime references across isolation boundaries occur relatively infrequently, then page-based hardware isolation can be used, because the cost of kernel- or hypervisor-mediated domain switching is tolerable. However, some applications, such as the isolation of cryptographic session keys in network-facing services, require very frequent domain switching. In such applications, the overhead of kernel- or hypervisor-mediated domain switching is prohibitive. In this paper, we present ERIM, a novel technique that provides hardware-enforced isolation with low overhead on x86 CPUs, even at high switching rates (ERIM's measured overhead is less than 1% for 100,000 switches per second). The key idea is to combine protection keys (MPKs), a feature recently added to x86 that allows protection domain switches in userspace, with binary inspection to prevent circumvention. We show that ERIM can be applied with little effort to new and existing applications, doesn't require compiler changes, can run on a stock Linux kernel, and has low runtime overhead even at high domain switching rates. ","tags":null,"title":"ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys","type":"publication"},{"authors":null,"categories":null,"content":"In today’s systems, policies protecting stored data and mechanisms for their enforcement are spread across many software components, increasing the risk of violation due to bugs, vulnerabilities and misconfigurations. We suggest Guardat to addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Thus, policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We show experimentally that the overhead is low.\n","date":1544829887,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1544829887,"objectID":"8c9785daf6f9b03e3a33f7f19964372a","permalink":"https://vahldiek.github.io/project/guardat/","publishdate":"2018-12-15T00:24:47+01:00","relpermalink":"/project/guardat/","section":"project","summary":"Enforcing security policies at the storage layer to reduce attack surface of existing solutions.","tags":["secure storage"],"title":"Protecting Persistent Data","type":"project"},{"authors":null,"categories":null,"content":"Isolating sensitive data and state can increase the security and robustness of many applications. Applications, such as isolating cryptographic session keys in a network-facing application or isolating frequently invoked native libraries in managed runtimes, require very frequent domain switching. In such applications, the overhead of kernel- or hypervisormediated domain switching is prohibitive. We suggest LwCs and ERIM to overcome these costs using novel kernel functionality and hardware-support (e.g., Intel MPK), respectively.\nWasm has become a popular lightweight, in-process sandbox and is, for example, used in production to isolate different clients on edge clouds and function-as-a-service platforms. Unfortunately, Spectre attacks can bypass Wasm’s isolation guarantees. Swivel hardens Wasm against this class of attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code—another Wasm client or the embedding process—to leak secret data. We suggest Swivel, a new compiler framework for hardening WebAssembly (Wasm) against Spectre attacks.\nUsing these findings, we apply in-process memory isolation to legacy cloud deployments allowing symbiotic applications to efficiently communicate and improve performance.\n","date":1544829882,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1544829882,"objectID":"373b4159e343df7487c10b9166fe892e","permalink":"https://vahldiek.github.io/project/erim/","publishdate":"2018-12-15T00:24:42+01:00","relpermalink":"/project/erim/","section":"project","summary":"Providing in-process isolation for sensitive data and state to increase the security and robustness of applications and its use to provide efficient cloud deployments ","tags":["memory isolation","Intel MPK","FaaS"],"title":"Secure In-Process Memory Isolation and Efficient Cloud Deployments","type":"project"},{"authors":null,"categories":null,"content":"Computing on secret data is challenging with today’s cloud service provider (CSP) offerings. CSP have full visibility into their client’s workloads and data while run in a VM or container and shielding against other tenants. On the contrary, confidential computing (CC) techniques (e.g., Intel Software Guard Extension (SGX)) offer a reverse sandbox. These techniques shield the workload and data from accesses by the underlying system software (e.g., OS or VMM) and hardware attacks. Thus, preventing CSPs from accessing secrets. In addition, CC provides remote attestation to verify the integrity of applications.\nProjects in this space focus on popular cloud deployment scenarios and automate the process to deploy applications in confidential compute enclaves.\n","date":1544829882,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1544829882,"objectID":"3f504df4b0c279ec52c54f82157a0c42","permalink":"https://vahldiek.github.io/project/untrustedcloud/","publishdate":"2018-12-15T00:24:42+01:00","relpermalink":"/project/untrustedcloud/","section":"project","summary":"Lift and shift unmodified applications into Intel SGX enclaves to shield them in an untrusted cloud. ","tags":["Intel SGX","Confidential Compute"],"title":"Shielding Applications in an untrusted Cloud","type":"project"},{"authors":["Anjo Lucas Vahldiek-Oberwagner"],"categories":null,"content":"","date":1538352000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1538352000,"objectID":"294b81c2f472d25ada7c4dc3d6d08969","permalink":"https://vahldiek.github.io/publication/vahldiek-2018-thesis/","publishdate":"2018-10-01T00:00:00Z","relpermalink":"/publication/vahldiek-2018-thesis/","section":"publication","summary":"Today computers store and analyze valuable and sensitive data. As a result we need to protect this data against confidentiality and integrity violations that can result in the illicit release, loss, or modification of a user’s and an organization’s sensitive data such as personal media content or client records. Existing techniques protecting confidentiality and integrity lack either efficiency or are vulnerable to malicious attacks. In this thesis we suggest techniques, Guardat and ERIM, to efficiently and robustly protect persistent and in-memory data. To protect the confidentiality and integrity of persistent data, clients specify per-file policies to Guardat declaratively, concisely and separately from code. Guardat enforces policies by mediating I/O in the storage layer. In contrast to prior techniques, we protect against accidental or malicious circumvention of higher software layers. We present the design and prototype implementation, and demonstrate that Guardat efficiently enforces example policies in a web server. To protect the confidentiality and integrity of in-memory data, ERIM isolates sensitive data using Intel Memory Protection Keys (MPK), a recent x86 extension to partition the address space. However, MPK does not protect against malicious attacks by itself. We prevent malicious attacks by combining MPK with call gates to trusted entry points and ahead-of-time binary inspection. In contrast to existing techniques, ERIM efficiently protects frequently-used session keys of web servers, an in-memory reference monitor’s private state, and managed runtimes from native libraries. These use cases result in high switch rates of the order of 10^5 - 10^6 switches/s. Our experiments demonstrate less then 1% runtime overhead per 100,000 switches/s, thus outperforming existing techniques.","tags":null,"title":"Techniques to Protect Confidentiality and Integrity of Persistent and In-Memory Data","type":"publication"},{"authors":["Robert Krahn","Bohdan Trach","Anjo Vahldiek-Oberwagner","Thomas Knauth","Pramod Bhatotia","Christof Fetzer"],"categories":null,"content":"","date":1522540800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1522540800,"objectID":"b55e7fdf07cf827953d3c97470069b53","permalink":"https://vahldiek.github.io/publication/krahn-2018/","publishdate":"2018-04-01T00:00:00Z","relpermalink":"/publication/krahn-2018/","section":"publication","summary":"Third-party storage services pose the risk of integrity and confidentiality violations as the current storage policy enforcement mechanisms are spread across many layers in the system\r\nstack. To mitigate these security vulnerabilities, we present\r\nthe design and implementation of Pesos, a Policy Enhanced\r\nSecure Object Store (Pesos) for untrusted third-party storage\r\nproviders. Pesos allows clients to specify per-object security\r\npolicies, concisely and separately from the storage stack, and\r\nenforces these policies by securely mediating the I/O in the\r\npersistence layer through a single unified enforcement layer.\r\nMore broadly, Pesos exposes a rich set of storage policies\r\nensuring the integrity, confidentiality, and access accounting\r\nfor data storage through a declarative policy language.\r\nPesos enforces these policies on untrusted commodity platforms by leveraging a combination of two trusted computing technologies: Intel SGX for trusted execution environment (TEE) and Kinetic Open Storage for trusted storage. We\r\nhave implemented Pesos as a fully-functional storage system\r\nsupporting many useful end-to-end storage features, and a\r\nrange of effective performance optimizations. We evaluated\r\nPesos using a range of micro-benchmarks, and real-world\r\nuse cases. Our evaluation shows that Pesos incurs reasonable\r\nperformance overheads for the enforcement of policies while\r\nkeeping the trusted computing base (TCB) small.","tags":null,"title":"Pesos: Policy Enhanced Secure Object store","type":"publication"},{"authors":["James Litton","Anjo Vahldiek-Oberwagner","Eslam Elnikety","Deepak Garg","Bobby Bhattacharjee","Peter Druschel"],"categories":null,"content":"","date":1475280000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1475280000,"objectID":"e2a4f4684285c614cafe7ef69d5df8a7","permalink":"https://vahldiek.github.io/publication/litton-2016/","publishdate":"2016-10-01T00:00:00Z","relpermalink":"/publication/litton-2016/","section":"publication","summary":"We introduce a new OS abstraction—light-weight con- texts (lwCs)—that provides independent units of protec- tion, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state), isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating differ- ent user sessions), and privilege separation (in-process reference monitors can arbitrate and control access). lwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclu- sive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll- back, session isolation, sensitive data isolation, and in- process reference monitoring, using Apache, nginx, PHP, and OpenSSL.","tags":["Max Planck Institute for Software Systems","University of Maryland"],"title":"Light-Weight Contexts: An OS Abstraction for Safety and Performance","type":"publication"},{"authors":["Eslam Elnikety","Aastha Mehta","Anjo Vahldiek-oberwagner","Deepak Garg","Peter Druschel"],"categories":null,"content":"","date":1451606400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1451606400,"objectID":"3debed590ff91e91279afca1ba079561","permalink":"https://vahldiek.github.io/publication/elnikety-2016/","publishdate":"2016-01-01T00:00:00Z","relpermalink":"/publication/elnikety-2016/","section":"publication","summary":"Data retrieval systems process data from many sources, each subject to its own data use policy. Ensuring compli-ance with these policies despite bugs, misconfiguration, or operator error in a large, complex, and fast evolving system is a major challenge. Thoth provides an effi-cient, kernel-level compliance layer for data use policies. Declarative policies are attached to the systems' input and output files, key-value tuples, and network connec-tions, and specify the data's integrity and confidential-ity requirements. Thoth tracks the flow of data through the system, and enforces policy regardless of bugs, mis-configurations, compromises in application code, or ac-tions by unprivileged operators. Thoth requires minimal changes to an existing system and has modest overhead, as we show using a prototype Thoth-enabled data re-trieval system based on the popular Apache Lucene.","tags":null,"title":"Thoth : Comprehensive Policy Compliance in Data Retrieval Systems","type":"publication"},{"authors":["Peter Druschel","Rodrigo Rodrigues","Ansley Post","Johannes Gehrke","Anjo Lucas Vahldiek"],"categories":null,"content":"","date":1445299200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1445299200,"objectID":"86d6135edec2c114dd97c4b19647d50f","permalink":"https://vahldiek.github.io/publication/druschel-2015-storagelease/","publishdate":"2015-10-20T00:00:00Z","relpermalink":"/publication/druschel-2015-storagelease/","section":"publication","summary":"Storage leases specify access restrictions and time periods, restricting access to their associated data during the storage lease time period. Storage leases may be assigned to individual data storage blocks or groups of data storage blocks in a data storage device. A data storage device may include any arbitrary number of different storage leases assigned to different portions of its data storage blocks. Storage lease-enabled devices may provide security certificates to verify that data access operations have been performed as requested and that their storage leases are being enforced. Storage lease-enabled devices compare storage lease information for data units with the current time using a clock isolated from access by storage clients or time certificates from one or more trusted time servers... ","tags":null,"title":"Protecting Data Integrity with Storage Leases","type":"publication"},{"authors":["Anjo Vahldiek-Oberwagner","Eslam Elnikety","Aastha Mehta","Deepak Garg","Peter Druschel","Rodrigo Rodrigues","Johannes Gehrke","Ansley Post"],"categories":null,"content":"","date":1429228800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1429228800,"objectID":"b47edddac9be84810077adc48a060580","permalink":"https://vahldiek.github.io/publication/vahldiek-oberwagner-2015/","publishdate":"2015-04-17T00:00:00Z","relpermalink":"/publication/vahldiek-oberwagner-2015/","section":"publication","summary":"In today’s data processing systems, both the policies protecting stored data and the mechanisms for their enforcement are spread over many software components and configuration files, increasing the risk of policy violation due to bugs, vulnerabilities and misconfigurations. Guardat addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We present the design and prototype implementation of Guardat, enforce example policies in a Web server, and show experimentally thatits overhead is low.","tags":null,"title":"Guardat: Enforcing data policies at the storage layer","type":"publication"},{"authors":["Anjo Vahldiek","Eslam Elnikety","Ansley Post","Peter Druschel","Rodrigo Rodrigues"],"categories":null,"content":"","date":1312156800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1312156800,"objectID":"324687ddd9b814e7fe809d29cd7bb411","permalink":"https://vahldiek.github.io/publication/vahldiek-2011/","publishdate":"2011-08-01T00:00:00Z","relpermalink":"/publication/vahldiek-2011/","section":"publication","summary":"We present a storage primitive called a storage lease. Data stored under a lease cannot be written for a pre-determined period. During the lease period, online data is protected from corruption due to security breaches, software errors, or accidental data deletion. Storage leases fill an important gap in the spectrum of data protection options because they combine strong integrity for online data with the ability to eventually reclaim storage. We define the storage lease primitive, show how it can be implemented in storage device firmware, and discuss its applications. A simulation-based evaluation indicates that storage leases have a modest performance cost for most workloads on magnetic disks. Using a small amount of flash memory, this overhead can be reduced to near zero.","tags":null,"title":"Protecting Data Integrity with Storage Leases","type":"publication"},{"authors":["Hernán Baró Graf","Holger Hermanns","Juhi Kulshrestha","Jens Peter","Anjo Vahldiek","Aravind Vasudevan"],"categories":null,"content":"","date":1293840000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1293840000,"objectID":"282e55345bf12f722b9f7d036e1624b8","permalink":"https://vahldiek.github.io/publication/graf-2011-verifiedwireless/","publishdate":"2011-01-01T00:00:00Z","relpermalink":"/publication/graf-2011-verifiedwireless/","section":"publication","summary":"Wireless communication, hard real time requirements and safety criticality do not go together well. This paper reports on the modelling, design, simulation, implementation and deployment of a small exemplary case that possesses all these features. State-of-the-art verification and simulation means are employed to ensure its proper operation.","tags":null,"title":"A verifiedwireless safety critical hard real-time design","type":"publication"}]
\ No newline at end of file
diff --git a/index.xml b/index.xml
index 5d90a1e..384a502 100755
--- a/index.xml
+++ b/index.xml
@@ -19,15 +19,6 @@
       <description></description>
     </item>
     
-    <item>
-      <title>Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication</title>
-      <link>https://vahldiek.github.io/publication/peng-2025/</link>
-      <pubDate>Fri, 20 Sep 2024 00:00:00 +0000</pubDate>
-      
-      <guid>https://vahldiek.github.io/publication/peng-2025/</guid>
-      <description></description>
-    </item>
-    
     <item>
       <title>Artificial intelligence model accuracy validation</title>
       <link>https://vahldiek.github.io/publication/vahldiek-oberwagner-2024-modelaccuracy/</link>
@@ -154,5 +145,14 @@ specialize functionality when needed and strongly isolate components.&lt;/p&gt;
 </description>
     </item>
     
+    <item>
+      <title>MeSHwA: The case for a Memory-Safe Software and Hardware Architecture for Serverless Computing</title>
+      <link>https://vahldiek.github.io/publication/vahldiek-2022-words/</link>
+      <pubDate>Tue, 08 Nov 2022 00:00:00 +0000</pubDate>
+      
+      <guid>https://vahldiek.github.io/publication/vahldiek-2022-words/</guid>
+      <description></description>
+    </item>
+    
   </channel>
 </rss>
diff --git a/project/erim/index.html b/project/erim/index.html
index 6b638ac..97e33f7 100755
--- a/project/erim/index.html
+++ b/project/erim/index.html
@@ -503,54 +503,6 @@ <h1 itemprop="name">Secure In-Process Memory Isolation and Efficient Cloud Deplo
         <h2>Publications</h2>
         
           
-            <div class="pub-list-item" style="margin-bottom: 1rem" itemscope itemtype="http://schema.org/CreativeWork">
-  <i class="far fa-file-alt pub-icon" aria-hidden="true"></i>
-  <a href="/publication/peng-2025/" itemprop="name">Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication</a>
-  <div itemprop="author">
-    Dinglan Peng, Congyu Liu, Tapti Palit, Anjo Vahldiek-Oberwagner, Mona Vij, Pedro Fonseca</div>
-  ACM EuroSys,
-  2024.
-  <p>
-
-
-
-
-
-
-
-  
-
-
-
-
-<button type="button" class="btn btn-outline-primary my-1 mr-1 btn-sm js-cite-modal"
-        data-filename="/publication/peng-2025/peng-2025.bib">
-  Cite
-</button>
-
-
-
-
-
-  
-  
-  
-
-
-
-
-
-
-
-
-
-
-</p>
-</div>
-
-          
-        
-          
             <div class="pub-list-item" style="margin-bottom: 1rem" itemscope itemtype="http://schema.org/CreativeWork">
   <i class="far fa-file-alt pub-icon" aria-hidden="true"></i>
   <a href="/publication/yang-2024-endokernel/" itemprop="name">Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation</a>
diff --git a/publication/index.html b/publication/index.html
index 562034c..1e3f191 100755
--- a/publication/index.html
+++ b/publication/index.html
@@ -506,9 +506,6 @@ <h1 itemprop="name">Publications</h1>
       
         
         
-      
-        
-        
       
         
         
@@ -651,61 +648,6 @@ <h1 itemprop="name">Publications</h1>
 
 
 
-</p>
-</div>
-
-          
-        </div>
-
-        
-
-        
-          
-        
-
-        <div class="grid-sizer col-lg-12 isotope-item pubtype-1 year-2024">
-          
-            <div class="pub-list-item" style="margin-bottom: 1rem" itemscope itemtype="http://schema.org/CreativeWork">
-  <i class="far fa-file-alt pub-icon" aria-hidden="true"></i>
-    Dinglan Peng, Congyu Liu, Tapti Palit, Anjo Vahldiek-Oberwagner, Mona Vij, Pedro Fonseca.
-  <a href="/publication/peng-2025/" itemprop="name">Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication</a>.
-  ACM EuroSys,
-  2024.
-  <p>
-
-
-
-
-
-
-
-  
-
-
-
-
-<button type="button" class="btn btn-outline-primary my-1 mr-1 btn-sm js-cite-modal"
-        data-filename="/publication/peng-2025/peng-2025.bib">
-  Cite
-</button>
-
-
-
-
-
-  
-  
-  
-
-
-
-
-
-
-
-
-
-
 </p>
 </div>
 
diff --git a/publication/index.xml b/publication/index.xml
index 8151c21..d6defb1 100755
--- a/publication/index.xml
+++ b/publication/index.xml
@@ -21,15 +21,6 @@
       <description></description>
     </item>
     
-    <item>
-      <title>Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication</title>
-      <link>https://vahldiek.github.io/publication/peng-2025/</link>
-      <pubDate>Fri, 20 Sep 2024 00:00:00 +0000</pubDate>
-      
-      <guid>https://vahldiek.github.io/publication/peng-2025/</guid>
-      <description></description>
-    </item>
-    
     <item>
       <title>Artificial intelligence model accuracy validation</title>
       <link>https://vahldiek.github.io/publication/vahldiek-oberwagner-2024-modelaccuracy/</link>
diff --git a/publication_types/1/index.html b/publication_types/1/index.html
index f8c4713..67246a6 100755
--- a/publication_types/1/index.html
+++ b/publication_types/1/index.html
@@ -122,7 +122,7 @@
   <meta property="og:description" content="I’m interested in analyzing, desiging, building and evaluating computer systems in particular secure systems."><meta property="og:image" content="https://vahldiek.github.io/img/portrait.jpg">
   <meta property="og:locale" content="en-us">
   
-  <meta property="og:updated_time" content="2024-09-20T00:00:00&#43;00:00">
+  <meta property="og:updated_time" content="2024-08-14T00:00:00&#43;00:00">
   
 
   
@@ -395,19 +395,6 @@ <h1 itemprop="name">1</h1>
 
   
   
-  <div>
-    <h2><a href="/publication/peng-2025/">Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication</a></h2>
-    <div class="article-style">
-      
-      Modern software architectures in cloud computing are highly reliant
-on interconnected local and remote services.
-Popular architectures, such as the service mesh,
-rely on the use of independent services or sidecars for
-a single application. While …
-      
-    </div>
-  </div>
-  
   <div>
     <h2><a href="/publication/yang-2024-endokernel/">Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation</a></h2>
     <div class="article-style">
@@ -498,6 +485,15 @@ <h2><a href="/publication/lee-2022/">Cerberus: A Formal Approach to Secure and E
     </div>
   </div>
   
+  <div>
+    <h2><a href="/publication/malik-2022-aehpc/">Expanding the Scope of Artifact Evaluation at HPC Conferences: Experience of SC21</a></h2>
+    <div class="article-style">
+      
+      A scientific paper consists of a constellation of artifacts that extend beyond the document itself: software, hardware, evaluation data and documentation, raw survey results, mechanized proofs, models, test suites, benchmarks, and so on. In some …
+      
+    </div>
+  </div>
+  
 
   
 <nav>
diff --git a/publication_types/1/index.xml b/publication_types/1/index.xml
index b6b9f26..f73547e 100755
--- a/publication_types/1/index.xml
+++ b/publication_types/1/index.xml
@@ -7,20 +7,11 @@
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
     <copyright>&amp;copy; 2018</copyright>
-    <lastBuildDate>Fri, 20 Sep 2024 00:00:00 +0000</lastBuildDate>
+    <lastBuildDate>Wed, 14 Aug 2024 00:00:00 +0000</lastBuildDate>
     
 	<atom:link href="https://vahldiek.github.io/publication_types/1/index.xml" rel="self" type="application/rss+xml" />
     
     
-    <item>
-      <title>Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication</title>
-      <link>https://vahldiek.github.io/publication/peng-2025/</link>
-      <pubDate>Fri, 20 Sep 2024 00:00:00 +0000</pubDate>
-      
-      <guid>https://vahldiek.github.io/publication/peng-2025/</guid>
-      <description></description>
-    </item>
-    
     <item>
       <title>Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation</title>
       <link>https://vahldiek.github.io/publication/yang-2024-endokernel/</link>
diff --git a/publication_types/1/page/2/index.html b/publication_types/1/page/2/index.html
index 9e69483..938fc25 100644
--- a/publication_types/1/page/2/index.html
+++ b/publication_types/1/page/2/index.html
@@ -122,7 +122,7 @@
   <meta property="og:description" content="I’m interested in analyzing, desiging, building and evaluating computer systems in particular secure systems."><meta property="og:image" content="https://vahldiek.github.io/img/portrait.jpg">
   <meta property="og:locale" content="en-us">
   
-  <meta property="og:updated_time" content="2022-06-30T00:00:00&#43;00:00">
+  <meta property="og:updated_time" content="2021-03-01T00:00:00&#43;00:00">
   
 
   
@@ -395,15 +395,6 @@ <h1 itemprop="name">1</h1>
 
   
   
-  <div>
-    <h2><a href="/publication/malik-2022-aehpc/">Expanding the Scope of Artifact Evaluation at HPC Conferences: Experience of SC21</a></h2>
-    <div class="article-style">
-      
-      A scientific paper consists of a constellation of artifacts that extend beyond the document itself: software, hardware, evaluation data and documentation, raw survey results, mechanized proofs, models, test suites, benchmarks, and so on. In some …
-      
-    </div>
-  </div>
-  
   <div>
     <h2><a href="/publication/narayan-2021/">Swivel: Hardening WebAssembly against Spectre</a></h2>
     <div class="article-style">
diff --git a/publication_types/index.html b/publication_types/index.html
index 2d0cdae..15fa9c4 100755
--- a/publication_types/index.html
+++ b/publication_types/index.html
@@ -122,7 +122,7 @@
   <meta property="og:description" content="I’m interested in analyzing, desiging, building and evaluating computer systems in particular secure systems."><meta property="og:image" content="https://vahldiek.github.io/img/portrait.jpg">
   <meta property="og:locale" content="en-us">
   
-  <meta property="og:updated_time" content="2024-09-20T00:00:00&#43;00:00">
+  <meta property="og:updated_time" content="2024-08-14T00:00:00&#43;00:00">
   
 
   
diff --git a/publication_types/index.xml b/publication_types/index.xml
index adb5b14..f6aff7a 100755
--- a/publication_types/index.xml
+++ b/publication_types/index.xml
@@ -7,7 +7,7 @@
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
     <copyright>&amp;copy; 2018</copyright>
-    <lastBuildDate>Fri, 20 Sep 2024 00:00:00 +0000</lastBuildDate>
+    <lastBuildDate>Wed, 14 Aug 2024 00:00:00 +0000</lastBuildDate>
     
 	<atom:link href="https://vahldiek.github.io/publication_types/index.xml" rel="self" type="application/rss+xml" />
     
@@ -15,7 +15,7 @@
     <item>
       <title>1</title>
       <link>https://vahldiek.github.io/publication_types/1/</link>
-      <pubDate>Fri, 20 Sep 2024 00:00:00 +0000</pubDate>
+      <pubDate>Wed, 14 Aug 2024 00:00:00 +0000</pubDate>
       
       <guid>https://vahldiek.github.io/publication_types/1/</guid>
       <description></description>
diff --git a/sitemap.xml b/sitemap.xml
index 1eb4de0..c31acd2 100755
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -10,14 +10,6 @@
     
   
     
-    <url>
-    
-      <loc>https://vahldiek.github.io/publication/peng-2025/</loc>
-      <lastmod>2024-09-20T00:00:00+00:00</lastmod>
-    </url>
-    
-  
-    
     <url>
     
       <loc>https://vahldiek.github.io/publication/vahldiek-oberwagner-2024-modelaccuracy/</loc>
@@ -381,7 +373,7 @@
     <url>
     
       <loc>https://vahldiek.github.io/publication_types/1/</loc>
-      <lastmod>2024-09-20T00:00:00+00:00</lastmod>
+      <lastmod>2024-08-14T00:00:00+00:00</lastmod>
     </url>
     
   
@@ -492,7 +484,7 @@
     <url>
     
       <loc>https://vahldiek.github.io/publication_types/</loc>
-      <lastmod>2024-09-20T00:00:00+00:00</lastmod>
+      <lastmod>2024-08-14T00:00:00+00:00</lastmod>
     </url>