Related papers: Safe Sharing of Fast Kernel-Bypass I/O Among Nontrusting Applications

Safe Sharing of Fast Kernel-Bypass I/O Among Nontrusting Applications

URL: http://arxiv.org/abs/2509.02899v1
Date: Tue, 02 Sep 2025 23:53:41 GMT
Title: Safe Sharing of Fast Kernel-Bypass I/O Among Nontrusting Applications
Authors: Alan Beadle, Michael L. Scott, John Criswell,
Abstract summary: protected user-level libraries have been proposed as a way to allow mutually distrusting applications to safely share kernel-bypass services.<n>We show how to move waits outside the library itself, enabling synchronous interaction among processes without the need for polling.<n>We present a set of safety performance guidelines for developers of protected libraries, and a set of recommendations for developers of future protected library operating systems.
Score: 1.4273866043218153
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Protected user-level libraries have been proposed as a way to allow mutually distrusting applications to safely share kernel-bypass services. In this paper, we identify and solve several previously unaddressed obstacles to realizing this design and identify several optimization opportunities. First, to preserve the kernel's ability to reclaim failed processes, protected library functions must complete in modest, bounded time. We show how to move unbounded waits outside the library itself, enabling synchronous interaction among processes without the need for polling. Second, we show how the bounded time requirement can be leveraged to achieve lower and more stable latency for inter-process interactions. Third, we observe that prior work on protected libraries is vulnerable to a buffer unmapping attack; we prevent this attack by preventing applications from removing pages that they share with the protected library. Fourth, we show how a trusted daemon can respond to asynchronous events and dynamically divide work with application threads in a protected library. By extending and improving the protected library model, our work provides a new way to structure OS services, combining the advantages of kernel bypass and microkernels. We present a set of safety and performance guidelines for developers of protected libraries, and a set of recommendations for developers of future protected library operating systems. We demonstrate the convenience and performance of our approach with a prototype version of the DDS communication service. To the best of our knowledge, this prototype represents the first successful sharing of a kernel-bypass NIC among mutually untrusting applications. Relative to the commercial FastDDS implementation, we achieve approximately 50\% lower latency and up to 7x throughput, with lower CPU utilization.

Related papers

HALO: Semantic-Aware Distributed LLM Inference in Lossy Edge Network [50.33808558714122]
Large language models' (LLMs) inference at the edge can facilitate prompt service responsiveness while protecting user privacy.<n>We propose HALO, a novel framework that can boost the distributed LLM inference in lossy edge network.<n> Experimental results from a Raspberry Pi cluster demonstrate that HALO achieves a 3.41x end-to-end speedup for LLaMA-series LLMs under unreliable network conditions.
arXiv Detail & Related papers (2026-01-16T07:37:23Z)
CaMeLs Can Use Computers Too: System-level Security for Computer Use Agents [60.98294016925157]
AI agents are vulnerable to prompt injection attacks, where malicious content hijacks agent behavior to steal credentials or cause financial loss.<n>We introduce Single-Shot Planning for CUAs, where a trusted planner generates a complete execution graph with conditional branches before any observation of potentially malicious content.<n>Although this architectural isolation successfully prevents instruction injections, we show that additional measures are needed to prevent Branch Steering attacks.
arXiv Detail & Related papers (2026-01-14T23:06:35Z)
The Trojan Knowledge: Bypassing Commercial LLM Guardrails via Harmless Prompt Weaving and Adaptive Tree Search [58.8834056209347]
Large language models (LLMs) remain vulnerable to jailbreak attacks that bypass safety guardrails to elicit harmful outputs.<n>We introduce the Correlated Knowledge Attack Agent (CKA-Agent), a dynamic framework that reframes jailbreaking as an adaptive, tree-structured exploration of the target model's knowledge base.
arXiv Detail & Related papers (2025-12-01T07:05:23Z)
TICAL: Trusted and Integrity-protected Compilation of AppLications [0.24919281650930603]
Tical is a framework for trusted compilation that provides integrity protection and confidentiality in build pipelines from source code to the final executable.<n>Our approach harnesses TEEs as runtime protection but enriches TEEs with file system shielding and an immutable audit log with version history to provide accountability.<n>Our evaluation shows that Tical can protect the confidentiality and integrity of whole CI/CD pipelines with an acceptable performance overhead.
arXiv Detail & Related papers (2025-11-21T09:19:41Z)
DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
arXiv Detail & Related papers (2025-06-13T05:01:09Z)
LIAR: Leveraging Inference Time Alignment (Best-of-N) to Jailbreak LLMs in Seconds [98.20826635707341]
Jailbreak attacks expose vulnerabilities in safety-aligned LLMs by eliciting harmful outputs through carefully crafted prompts.<n>We frame jailbreaks as inference-time misalignment and introduce LIAR, a fast, black-box, best-of-$N$ sampling attack requiring no training.<n>We also introduce a theoretical "safety net against jailbreaks" metric to quantify safety alignment strength and derive suboptimality bounds.
arXiv Detail & Related papers (2024-12-06T18:02:59Z)
A Scheduling-Aware Defense Against Prefetching-Based Side-Channel Attacks [16.896693436047137]
Speculative loading of memory, called prefetching, is common in real-world CPUs. Prefetching can be exploited to bypass process isolation and leak secrets, such as keys used in RSA, AES, and ECDH implementations. We implement our countermeasure for an x86_64 and an ARM processor.
arXiv Detail & Related papers (2024-10-01T07:12:23Z)
CRISP: Confidentiality, Rollback, and Integrity Storage Protection for Confidential Cloud-Native Computing [0.757843972001219]
Cloud-native applications rely on orchestration and have their services frequently restarted. During restarts, attackers can revert the state of confidential services to a previous version that may aid their malicious intent. This paper presents CRISP, a rollback protection mechanism that uses an existing runtime for Intel SGX and transparently prevents rollback.
arXiv Detail & Related papers (2024-08-13T11:29:30Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version) [1.2687030176231846]
Capacity is a novel hardware-assisted intra-process access control design that embraces capability-based security principles. With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references. We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains.
arXiv Detail & Related papers (2023-09-20T08:57:02Z)
Citadel: Simple Spectre-Safe Isolation For Real-World Programs That Share Memory [8.414722884952525]
We introduce a new security property we call relaxed microarchitectural isolation (RMI)<n>RMI allows sensitive programs that are not-constant-time to share memory with an attacker while restricting the information leakage to that of non-speculative execution.<n>Our end-to-end prototype, Citadel, consists of an FPGA-based multicore processor that boots Linux and runs secure applications.
arXiv Detail & Related papers (2023-06-26T17:51:23Z)
Analyzing Maintenance Activities of Software Libraries [55.2480439325792]
Industrial applications heavily integrate open-source software libraries nowadays.<n>I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities.
arXiv Detail & Related papers (2023-06-09T16:51:25Z)
ByzSecAgg: A Byzantine-Resistant Secure Aggregation Scheme for Federated Learning Based on Coded Computing and Vector Commitment [61.540831911168226]
ByzSecAgg is an efficient secure aggregation scheme for federated learning.<n>ByzSecAgg is resistant to Byzantine attacks and privacy leakages.
arXiv Detail & Related papers (2023-02-20T11:15:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.