We present an online framework to capture and recover from program failures and prevent them from occurring in the future through safe execution perturbations. The perturbations are safe as they respect the semantics of the program. We use a checkpointing/logging mechanism to capture a program

This paper presents a new approach called model-carrying code (MCC) for safe execution of untrusted code. At the heart of MCC is the idea that untrusted code comes equipped with a concise highlevel model of its security-relevant behavior. This model helps bridge the gap between high-level security

that provides automated memory management. In this paper we show how we can safely execute C code on top of a modern runtime (e.g., a Java Virtual Machine) by allocating all data on the managed heap. We reuse the memory management of the runtime, hence, we can ensure spatial and temporal safety with little

Introduction In [7] we presented a type system for controlling the use of resources in a distributed system. The type system guarantees that resource access is always safe, in the sense that, for example, integer channels are always used with integers and boolean channels are always used with booleans

This project has two goals. The first goal is to improve application performance by reducing context switches and data copies. We do this by either running select sections of the application in kernel-mode, or by creating new, more efficient system calls. The second goal is to ensure that kernel safety is not violated when running user-level code in the kernel. We do this by implementing various hardware- and software-based techniques for runtime monitoring of memory buffers, pointers, as well as higher-level, OS-specific constructs such as spinlocks and reference counters; the latter techniques can also be used for code written specifically for the OS. We prototyped several of these techniques. For certain applications, we demonstrate performance improvements as high as 80%. Moreover, our kernel safety checks show overheads that are as little as 2%. 1

propose a new, efficiently implementable language feature -- references which incorporate access control. We introduce a multi-threaded programming language in which an untrusted and unexamined piece of code can be executed with permission to read certain shared data, write to other locations, and yet

In this paper, we present an approach for realizing a safe execution environment (SEE) that enables users to “try out” new software (or configuration changes to existing software) without the fear of damaging the system in any manner. A key property of our SEE is that it faithfully reproduces

This paper describes an efficient and robust approach to provide a safe execution environment for an entire operating system, such as Linux, and all its applications. The approach, which we call Secure Virtual Architecture (SVA), defines a virtual, low-level, typed instruction set suitable

capsules enable the deploy-ment of ad-hoc routing and data aggregation algorithms. Maté's concise, high-level program representation simplifies programming and allows large networks to be frequently re-programmed in an energy-efficient manner; in addition, its safe execution environment suggests a use

Abstract This paper describes a mechanism by which an operating system kernel can determine with certainty that it is safe to execute a binary supplied by an untrusted source. The kernel first defines a safety policy and makes it public. Then, using this policy, an application can provide binaries