Enabling Lightweight Privilege Separation in Applications with MicroGuards / Oct 2023
Paper on MicroGuards memory API at ACNSW with Zahra Tarkhani. MicroGuards provides lightweight kernel modifications and APIs for fine-grained in-process memory protection and privilege separation in multithreaded applications. Taking advantage of tagged memory support in modern CPUs, MicroGuards enables compartmentalization even on resource-constrained mobile devices with minimal overhead (less than 3.5%) - addressing the challenge of securing applications without requiring heavyweight isolation mechanisms.