Jails, Sandboxes and other isolation mechanisms limit the damage from untrusted programs by reducing a process’s privileges to the minimum. Sandboxing is designed to thwart such...
We present e-NeXSh, a novel security approach that utilises kernel and LIBC support for efficiently defending systems against process-subversion attacks. Such attacks exploit vul...
—Quantitative information-flow analysis (QIF) is an emerging technique for establishing information-theoretic confidentiality properties. Automation of QIF is an important step...
The issue of information security has attracted increasing attention in recent years. In network attack and defense scenarios, attackers and defenders constantly change their resp...
Robustness links confidentiality and integrity properties of a computing system and has been identified as a useful property for characterizing and enforcing security. Previous ...