Operating Systems
OS design, scheduling, virtualization, and systems software
20 papers indexed
Pomegranate: A Lightweight Compartmentalization Architecture using Virtualization Extensions
Pomegranate is a novel framework that uses hardware-assisted virtualization and Extended Page Tables to securely compartmentalize existing operating systems with minimal source code modification, enab…
Agent libOS: A Library-OS-Inspired Runtime for Long-Running, Capability-Controlled LLM Agents
Agent libOS introduces a library-OS-inspired runtime substrate that treats LLM agents as schedulable processes, providing explicit capability control and robust auditing for long-running, stateful age…
Multi-target Coverage-based Greybox Fuzzing
The paper proposes MTCFuzz, a multi-target coverage-based greybox fuzzer, to deeply explore vulnerabilities in modern system architectures where an operating system and firmware cooperate.
CTF as a Service: A reproducible and scalable infrastructure for cybersecurity training
This paper introduces and evaluates a scalable, reproducible 'CTF as a Service' (CaaS) platform designed to simplify the infrastructure management required for cybersecurity training.
A UEFI System with SPDM to Protect Against Unauthorized Device Connections
The paper proposes a UEFI system utilizing SPDM to authenticate connected PCIe and USB devices, successfully demonstrating that this enhanced security mechanism introduces an acceptable processing ove…
Formal Verification of Secure Encrypted Virtualization
This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.
Formal Verification of Secure Encrypted Virtualization
This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.
Kumo: A Security-Focused Serverless Cloud Simulator
Wei Shao, Khaled Khasawneh, Setareh Rafatirad, Houman Homayoun +1 more
The paper introduces Kumo, a novel security-focused simulator that enables controlled analysis of resource sharing and scheduling risks in serverless cloud environments, demonstrating that scheduler c…
AgentVisor: Defending LLM Agents Against Prompt Injection via Semantic Virtualization
Zonghao Ying, Haozheng Wang, Jiangfan Liu, Quanchen Zou +4 more
AgentVisor is a novel defense framework that uses semantic virtualization, inspired by OS principles, to significantly reduce LLM agent vulnerability to prompt injection while maintaining high utility…
unix-ctf: Procedural Environments for Unix-Competence Reinforcement Learning
The paper introduces unix-ctf, a procedural generator for capture-the-flag tasks, demonstrating that Unix competence is a separable and trainable skill distinct from general programming ability.
unix-ctf: Procedural Environments for Unix-Competence Reinforcement Learning
The paper introduces unix-ctf, a procedural generator for capture-the-flag tasks, demonstrating that Unix competence is a separable and trainable skill distinct from general programming ability.
Speed Kills: Exploring Confused Deputy Attacks Through Edge AI Accelerators
This paper investigates Confused Deputy Attacks (CDAs) on AI Accelerators (AIAs) and finds that CDA is feasible on most major vendor AIAs, impacting a vast number of devices.
GPIR: Enabling Practical Private Information Retrieval with GPUs
Hyesung Ji, Hyunah Yu, Jongmin Kim, Wonseok Choi +2 more
GPIR is a GPU-accelerated Private Information Retrieval (PIR) system that significantly boosts throughput by introducing a stage-aware hybrid execution model and optimizing data layouts for modern GPU…
Agent Operating Systems (AOS): Integrating Agentic Control Planes into, and Beyond, Traditional Operating Systems
The paper proposes the concept of an Agent Operating System (AOS) to provide a rigorous, controllable, and accountable systems foundation for running complex, probabilistic, and goal-directed AI agent…
Agent Operating Systems (AOS): Integrating Agentic Control Planes into, and Beyond, Traditional Operating Systems
The paper proposes the concept of an Agent Operating System (AOS) to provide a necessary systems foundation for managing the unique, non-deterministic, and goal-directed execution characteristics of m…
Agentic AI and the Industrialization of Cyber Offense: Forecast, Consequences, and Defensive Priorities for Enterprises and the Mittelstand
The paper forecasts that agentic AI will compress the cyber attack lifecycle by lowering the cost of multiple attack stages, necessitating immediate operational security upgrades for enterprises and t…
How Far Can Disaggregation Go? A Design-Space Exploration of Attention-FFN Disaggregation for Efficient MoE LLM Serving
The paper systematically analyzes the benefits and limits of Attention-FFN Disaggregation (AFD) for Mixture-of-Experts (MoE) LLM serving, demonstrating that AFD is crucial for achieving high throughpu…
VCAO: Verifier-Centered Agentic Orchestration for Strategic OS Vulnerability Discovery
The paper introduces VCAO, a novel verifier-centered agentic orchestration framework that models OS vulnerability discovery as a Bayesian Stackelberg game, significantly improving vulnerability discov…
A Core-Structure-Based Automated Analysis Tool for Commercial Virtualization Obfuscation Deobfuscation
The paper introduces VMPredator, an automated tool that analyzes and deobfuscates virtualization obfuscation in malware by extracting semantic units, successfully restoring program functionality with…
Enforcing Attestable Workflows across Untrusted Networks
The paper proposes extit{codename}, an architecture that enforces verifiable workflows across untrusted networks by combining hardware-isolated control and kernel-resident data planes, achieving low-…