Nick Roessler scite author profile

Nick Roessler

5Publications

50Citation Statements Received

80Citation Statements Given

How they've been cited

How they cite others

124

Affiliations

California University of Pennsylvania, University of Pennsylvania, Hewlett-Packard (United States)

Publications

Order By: Most citations

BreakApp: Automated, Flexible Application Compartmentalization

Vasilakis

Karel

Roessler

et al. 2018

View full text Add to dashboard Cite

Developers of large-scale software systems may use third-party modules to reduce costs and accelerate release cycles, at some risk to safety and security. BREAKAPP exploits module boundaries to automate compartmentalization of systems and enforce security policies, enhancing reliability and security. BREAKAPP transparently spawns modules in protected compartments while preserving their original behavior. Optional high-level policies decouple security assumptions made during development from requirements imposed for module composition and use. These policies allow fine-tuning trade-offs such as security and performance based on changing threat models or load patterns. Evaluation of BREAKAPP with a prototype implementation for JavaScript demonstrates feasibility by enabling simplified security hardening of existing systems with low performance overhead.

show abstract

Protecting the Stack with Metadata Policies and Tagged Hardware

Roessler

DeHon

2018

View full text Add to dashboard Cite

The program call stack is a major source of exploitable security vulnerabilities in low-level, unsafe languages like C. In conventional runtime implementations, the underlying stack data is exposed and unprotected, allowing programming errors to turn into security violations. In this work, we design novel metadata-tag based, stack-protection security policies for a general-purpose tagged architecture. Our policies specifically exploit the natural locality of dynamic program call graphs to achieve cacheability of the metadata rules that they require. Our simple Return Address Protection policy has a performance overhead of 1.2% but just protects return addresses. The two richer policies we present, Static Authorities and Depth Isolation, provide object-level protection for all stack objects. When enforcing memory safety, our Static Authorities policy has a performance overhead of 5.7% and our Depth Isolation policy has a performance overhead of 4.5%. When enforcing dataflow integrity (DFI), in which we only detect a violation when a corrupted value is read, our Static Authorities policy has a performance overhead of 3.6% and our Depth Isolation policy has a performance overhead of 2.4%. To characterize our policies, we provide a stack threat taxonomy and show which threats are prevented by both prior work protection mechanisms and our policies.

show abstract

Towards Fine-grained, Automated Application Compartmentalization

Vasilakis

Karel

Roessler

et al. 2017

View full text Add to dashboard Cite

New Instruments for High Throughput Receptor Binding Assays

Roessler

Englert

Neumann

1993

Journal of Receptor Research

View full text Add to dashboard Cite

The TopCount Microplate Scintillation Counter and the Matrix 9600 Direct Beta Counter are microplate compatible instruments developed to meet the needs of investigators using radioisotope assays adapted for very high throughput. This paper describes these instruments and their application to receptor binding assays. When combined with the appropriate sample handling equipment and filter media, use of these multi-detector instruments improves sample handling efficiency and shortens overall counting time. The assay protocols including filtration through glass fiber mats and membrane filters have been investigated. Results obtained from these new instruments are compared to standard techniques using conventional liquid scintillation and gamma counting.

show abstract

μSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts

Roessler

Atayde

Palmer³

et al. 2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Nick Roessler

BreakApp: Automated, Flexible Application Compartmentalization

Protecting the Stack with Metadata Policies and Tagged Hardware

Towards Fine-grained, Automated Application Compartmentalization

New Instruments for High Throughput Receptor Binding Assays

μSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts

Contact Info

Product

Resources

About