An In-Depth Characterization of Page Fault Handling in Modern Persistent Memory Systems André Libório, Alexandro Baldassin, Daniel Castro, João Barreto, Paolo Romano Concurrency and Computation Practice and Experience, 2026 Recent advancements in Persistent Memory (PM) technologies have enabled the integration of such devices directly into the processor's memory hierarchy, allowing them to be accessed via standard load/store instructions. These developments have revived interest in the design and implementation of systems capable of effectively supporting PM. A prominent approach adopted by several PM programming systems involves leveraging DRAM as a shadow memory to enable the use of modern hardware transactional mechanisms. While this technique offers performance benefits, it presents a critical limitation: when the available DRAM capacity is significantly smaller than that of the PM device, system performance may deteriorate due to excessive paging. Despite its practical implications, this issue remains underexplored in the literature. This article presents, to the best of our knowledge, the first comprehensive performance evaluation of PM systems under constrained DRAM availability. We begin by introducing a user‐level page management framework that underpins our experimental methodology. Subsequently, we conduct a comparative analysis between traditional swap‐based paging mechanisms and more advanced approaches that leverage the redo logs mechanisms of PM systems. Using the TPC‐C suite as a representative benchmark, our experimental results demonstrate that specialized paging strategies can significantly mitigate performance degradation caused by excessive paging. In particular, we observe a decrease in performance loss of up to 3.5× in read‐dominant workloads and up to 2.5× in write‐intensive ones.
Prompt-to-SQL Injections in LLM-Integrated Web Applications: Risks and Defenses Rodrigo Pedro, Miguel E. Coimbra, Daniel Castro, Paulo Carreira, Nuno Santos Proceedings International Conference on Software Engineering, 2025 Large Language Models (LLMs) have found widespread applications in various domains, including web applications with chatbot interfaces. Aided by an LLM-integration middleware such as LangChain, user prompts are translated into SQL queries used by the LLM to provide meaningful responses to users. However, unsanitized user prompts can lead to SQL injection attacks, potentially compromising the security of the database. In this paper, we present a comprehensive examination of prompt-to-SQL ($\\mathbf{P}_{2} \\mathbf{S Q L}$) injections targeting web applications based on frameworks such as LangChain and LlamaIndex. We characterize $\\mathrm{P}_{2} \\text{SQL}$ injections, exploring their variants and impact on application security through multiple concrete examples. We evaluate seven state-of-the-art LLMs, demonstrating the risks of $P_{2}$ SQL attacks across language models. By employing both manual and automated methods, we discovered $\\mathrm{P}_{2} \\text{SQL}$ vulnerabilities in five real-world applications. Our findings indicate that LLMintegrated applications are highly susceptible to $\\mathrm{P}_{2} \\text{SQL}$ injection attacks, warranting the adoption of robust defenses. To counter these attacks, we propose four effective defense techniques that can be integrated as extensions to the LangChain framework.
PIM-STM: Software Transactional Memory for Processing-In-Memory Systems André Lopes, Daniel Castro, Paolo Romano International Conference on Architectural Support for Programming Languages and Operating Systems ASPLOS, 2024 Processing-In-Memory (PIM) is a novel approach that augments existing DRAM memory chips with lightweight logic. By allowing to offload computations to the PIM system, this architecture allows for circumventing the data-bottleneck problem that affects many modern workloads. This work tackles the problem of how to build efficient software implementations of the Transactional Memory (TM) abstraction by introducing PIM-STM, a library that provides a range of diverse TM implementations for UPMEM, the first commercial PIM system. Via an extensive study we assess the efficiency of alternative choices in the design space of TM algorithms on this emerging architecture. We further quantify the impact of using different memory tiers of the UPMEM system (having different trade-offs for what concerns latency vs capacity) to store the metadata used by different TM implementations. Finally, we assess the gains achievable in terms of performance and memory efficiency when using PIM-STM to accelerate TM applications originally conceived for conventional CPU-based systems.
TIGER: Tor Traffic Generator for Realistic Experiments Daniela Lopes, Daniel Castro, Diogo Barradas, Nuno Santos Wpes 2023 Proceedings of the 22nd Workshop on Privacy in the Electronic Society, 2023 Tor is the most widely adopted anonymity network, helping safeguard the privacy of Internet users, including journalists and human rights activists. However, effective attacks aimed at deanonymizing Tor users' remains a significant threat. Unfortunately, evaluating the impact such attacks by collecting realistic Tor traffic without gathering real users' data poses a significant challenge. This paper introduces TIGER (Tor traffIc GEnerator for Realistic experiments), a novel framework that automates the generation of realistic Tor traffic datasets towards improving our understanding of the robustness of Tor's privacy mechanisms. To this end, TIGER allows researchers to design large-scale testbeds and collect data on the live Tor network while responsibly avoiding the need to collect real users' traffic. We motivate the usefulness of TIGER by collecting a preliminary dataset with applicability to the evaluation of traffic confirmation attacks and defenses.
An Analytical Model of Hardware Transactional Memory Daniel Castro, Paolo Romano, Diego Didona, Willy Zwaenepoel Proceedings 25th IEEE International Symposium on Modeling Analysis and Simulation of Computer and Telecommunication Systems Mascots 2017, 2017
