
Secure Virtual Architecture – Safe execution for commodity OS's [pdf] (2007) - nickpsecurity
http://llvm.org/pubs/2007-SOSP-SVA.pdf
======
nickpsecurity
This leverages and extends LLVM bytecode as a sort of virtual, instruction set
to help compiler enforce safety, control-flow integrity, and more. They mainly
leverage the SAFEcode system for adding memory safety to regular C programs
via just re-compiling them. They add virtual instructions to handle privileged
operations in OS that might introduce unsafety. The port of Linux kernel to
SAFEcode took between 4,000-5,000 loc in changes.

They expand on the safety of this scheme here in 2009 to add things like MMU
and I/O protections:

[http://llvm.org/pubs/2009-08-12-UsenixSecurity-
SafeSVAOS.pdf](http://llvm.org/pubs/2009-08-12-UsenixSecurity-SafeSVAOS.pdf)

Github for some of this is here:

[https://github.com/jtcriswell/SVA](https://github.com/jtcriswell/SVA)

Other publications are here:

[http://sva.cs.illinois.edu/pubs.html](http://sva.cs.illinois.edu/pubs.html)

