Provably-Safe Multilingual Software Sandboxing using WebAssembly
WebAssembly’s safety guarantees are only as strong as the implementation enforcing them. We show two approaches to provably sandbox Wasm code, using formal verification and Rust.
Authors: Jay Bosamiya, Wen Shih Lim, Bryan Parno
Article shepherded by: Rik Farrow
The Sticky Problem of Measuring Passwords
Designing a tool that can take measurements on password has many challenges. We describe the process behind designing Gossamer, a framework for securely measuring passwords.
Authors: Marina Sanusi Bohuk, Mazharul Islam, Thomas Ristenpart, Rahul Chatterjee
Article shepherded by: Rik Farrow
Transcending POSIX: The End of an Era?
We provide a holistic view of the POSIX abstractions by a systematic review of the key factors that drove their evolution, and discuss our perspective of the future.
Authors: Pekka Enberg, Ashwin Rao, Jon Crowcroft, Sasu Tarkoma
Article shepherded by: Rik Farrow
Three Years of Crowdsourcing Smart Home Network Traffic
Examining the security and privacy of thousands of real-world smart home networks using IoT Inspector
Authors: Danny Yuxing Huang
Article shepherded by: Rik Farrow
Musings, July 2022
There is lots of evidence that there are few really good programmers, and Copilot isn't the solution.
Authors: Rik Farrow
Article shepherded by: Rik Farrow
Investigating Managed Language Runtime Performance
We instrumented and benchmarked Python and Node.js, finding out just how much slower they can be than Java, Go or C++ and why
Authors: David Lion, Adrian Chiu, Michael Stumm, Ding Yuan
Article shepherded by: Rik Farrow
Redesigning Hardware to Support Security: CHERI
Over a decade of research has resulted in a tool chain and RISC hardware that change pointers from integers to their own, safe, type
Authors: Rik Farrow
Article shepherded by: Rik Farrow
Metastable Failures in the Wild
We find that metastable failures are universally observed and provide an insider view of how they happen at Twitter
Authors: Lexiang Huang, Matthew Magnusson, Abishek Bangalore Muralikrishna, Salman Estyak, Rebecca Isaacs, Abutalib Aghayev, Timothy Zhu, Aleksey Charapko
Article shepherded by: Rik Farrow
What SRE Could Be
SRE could be - should be - much more than it is today. Please help.
Authors: Niall Murphy
Article shepherded by: Laura Nolan
Computer Security and the Internet
This is a security text book that covers a very broad set of topics concisely and clearly.
Authors: Rik Farrow
Article shepherded by: Rik Farrow
Jurassic Cloud
Large parts of our “modern” stack are 30+ years old, just like its architectural principles. The result - software dinosaurs roaming the Jurassic Cloud, out of place, out of time.
Authors: Avishai Ish-Shalom
Article shepherded by: Effie Mouzeli
Revisiting B+-tree vs. LSM-tree
LSM-trees have been preferred over B+-trees for some database storage but in-storage transparent compression effectively closes their gap
Authors: Yifan Qiao, Xubin Chen, Ning Zheng, Jiangpeng Li, Yang Liu, Tong Zhang
Article shepherded by: Rik Farrow
Understanding Software Dynamics
Uncovering the causes of long tail latency, while learning about about the quirks of compilers, CPUs, systems, and how best to observe your systems.
Authors: Rik Farrow
Article shepherded by: Rik Farrow
Ferret: Automatically Finding RFC Compliance Bugs in DNS Nameservers
Our SCALE approach jointly generates zone files and corresponding queries to cover RFC behaviors specified by an executable model of DNS resolution
Authors: Siva Kesava Reddy Kakarla, Ryan Beckett, Todd Millstein, George Varghese
Article shepherded by: Sangeetha Abdu Jyothi
An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy
Automated tools can lessen the burden of threat modeling for security and privacy, but picking a tool is difficult without insight into functionality and user experience.
Authors: Kristen Tan, Vaibhav Garg
Article shepherded by: Rik Farrow
How to Start on Formal Methods and Share It
You might have heard of formal methods. we decided to learn a thing or two about formal method and try to use it in some way in general software development.
Authors: Melby Sjamsuddin, Meimei Liang
Article shepherded by: Rik Farrow
ctFS: Converting File Index Traversals to Hardware Memory Translation through Contiguous File Allocation for Persistent Memory
A Persistent Memory Filesystem that uses virtual memory mapping to physical memory to speed up file access
Authors: Ruibin Li, Xiang Ren, Xu Zhao, Siwei He, Michael Stumm, Ding Yuan
Article shepherded by: Alexandra Fedorova
Lessons Learned in 10 Years of SRE: Part 1 - Starting SRE
It is vital to have clear motivations, align with business goals, have the right kind of expertise, to pay attention to culture, and to build trust.
Authors: Andrea Spadaccini
Article shepherded by: Laura Nolan
