{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,27]],"date-time":"2025-08-27T16:31:53Z","timestamp":1756312313666,"version":"3.37.3"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030004699"},{"type":"electronic","value":"9783030004705"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-00470-5_17","type":"book-chapter","created":{"date-parts":[[2018,9,6]],"date-time":"2018-09-06T06:43:19Z","timestamp":1536216199000},"page":"359-379","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["MicroStache: A Lightweight Execution Context for In-Process Safe Region Isolation"],"prefix":"10.1007","author":[{"given":"Lucian","family":"Mogosanu","sequence":"first","affiliation":[]},{"given":"Ashay","family":"Rane","sequence":"additional","affiliation":[]},{"given":"Nathan","family":"Dautenhahn","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,7]]},"reference":[{"key":"17_CR1","unstructured":"Arnautov, S., et al.: SCONE: secure Linux containers with Intel SGX (2016)"},{"key":"17_CR2","doi-asserted-by":"crossref","unstructured":"Azab, A.M., et al.: Hypervision across worlds: real-time kernel protection from the ARM TrustZone secure world. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014)","DOI":"10.1145\/2660267.2660350"},{"issue":"3","key":"17_CR3","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1145\/2799647","volume":"33","author":"A Baumann","year":"2015","unstructured":"Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with Haven. ACM Trans. Comput. Syst. (TOCS) 33(3), 8 (2015)","journal-title":"ACM Trans. Comput. Syst. (TOCS)"},{"issue":"2","key":"17_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2024716.2024718","volume":"39","author":"N Binkert","year":"2011","unstructured":"Binkert, N.: The gem5 simulator. ACM SIGARCH Comput. Archit. News 39(2), 1\u20137 (2011)","journal-title":"ACM SIGARCH Comput. Archit. News"},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"17_CR6","unstructured":"Buchanan, E., Roemer, R., Savage, S., Shacham, H.: Return-oriented programming: exploitation without code injection. Black Hat 8 (2008)"},{"key":"17_CR7","unstructured":"Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity. In: USENIX Security Symposium (2015)"},{"key":"17_CR8","doi-asserted-by":"publisher","unstructured":"Carr, S.A., Payer, M.: DataShield: configurable data confidentiality and integrity. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (2017). https:\/\/doi.org\/10.1145\/3052973.3052983","DOI":"10.1145\/3052973.3052983"},{"key":"17_CR9","unstructured":"Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 147\u2013160. USENIX Association (2006)"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Christoulakis, N., Christou, G., Athanasopoulos, E., Ioannidis, S.: HCFI: hardware-enforced control-flow integrity. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (2016)","DOI":"10.1145\/2857705.2857722"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Crane, S., et al.: Readactor: practical code randomization resilient to memory disclosure. In: IEEE Symposium on Security and Privacy (2015)","DOI":"10.1109\/SP.2015.52"},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"Criswell, J., Lenharth, A., Dhurjati, D., Adve, V.: Secure virtual architecture: a safe execution environment for commodity operating systems. In: ACM SIGOPS Operating Systems Review (2007)","DOI":"10.1145\/1294261.1294295"},{"issue":"4","key":"17_CR13","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1145\/2775054.2694386","volume":"50","author":"N Dautenhahn","year":"2015","unstructured":"Dautenhahn, N., Kasampalis, T., Dietz, W., Criswell, J., Adve, V.: Nested kernel: an operating system architecture for intra-kernel privilege separation. ACM SIGPLAN Not. 50(4), 191\u2013206 (2015)","journal-title":"ACM SIGPLAN Not."},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 40\u201351. ACM (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Devietti, J., Blundell, C., Martin, M.M., Zdancewic, S.: HardBound: architectural support for spatial safety of the C programming language. In: ACM SIGARCH Computer Architecture News (2008)","DOI":"10.1145\/1346281.1346295"},{"issue":"1","key":"17_CR16","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1145\/2786763.2694383","volume":"43","author":"U Dhawan","year":"2015","unstructured":"Dhawan, U., et al.: Architectural support for software-defined metadata processing. SIGARCH Comput. Archit. News 43(1), 487\u2013502 (2015). https:\/\/doi.org\/10.1145\/2786763.2694383","journal-title":"SIGARCH Comput. Archit. News"},{"key":"17_CR17","doi-asserted-by":"crossref","unstructured":"Evans, I., et al.: Missing the point (er): on the effectiveness of code pointer integrity. In: IEEE Symposium on Security and Privacy (2015)","DOI":"10.1109\/SP.2015.53"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: 49th Annual IEEE\/ACM International Symposium on Microarchitecture (2016)","DOI":"10.1109\/MICRO.2016.7783743"},{"key":"17_CR19","unstructured":"Frassetto, T., Jauernig, P., Liebchen, C., Sadeghi, A.R.: IMIX: in-process memory isolation extension. In: 27th USENIX Security Symposium (USENIX Security 2018). USENIX Association, Baltimore (2018). https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/frassetto"},{"key":"17_CR20","unstructured":"Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: USENIX Security Symposium, pp. 475\u2013490 (2012)"},{"key":"17_CR21","doi-asserted-by":"publisher","unstructured":"Gras, B., Razavi, K., Bosman, E., Bos, H., Guiffrida, C.: ASLR on the line: practical cache attacks on the MMU. In: Network and Distributed System Security Symposium (2017). https:\/\/doi.org\/10.14722\/ndss.2017.23271","DOI":"10.14722\/ndss.2017.23271"},{"key":"17_CR22","doi-asserted-by":"crossref","unstructured":"Gruss, D., Maurice, C., Fogh, A., Lipp, M., Mangard, S.: Prefetch side-channel attacks: bypassing SMAP and kernel ASLR. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016)","DOI":"10.1145\/2976749.2978356"},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"Guan, L., Lin, J., Luo, B., Jing, J., Wang, J.: Protecting private keys against memory disclosure attacks using hardware transactional memory. In: IEEE Symposium on Security and Privacy (2015)","DOI":"10.1109\/SP.2015.8"},{"key":"17_CR24","doi-asserted-by":"crossref","unstructured":"Guan, L., et al.: TrustShadow: secure execution of unmodified applications with ARM TrustZone. arXiv preprint arXiv:1704.05600 (2017)","DOI":"10.1145\/3081333.3081349"},{"key":"17_CR25","doi-asserted-by":"crossref","unstructured":"Hu, H., Shinde, S., Sendroiu, A., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: IEEE Symposium on Security and Privacy (2016)","DOI":"10.1109\/SP.2016.62"},{"issue":"4","key":"17_CR26","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1145\/1391729.1391730","volume":"40","author":"IF Ilyas","year":"2008","unstructured":"Ilyas, I.F., Beskales, G., Soliman, M.A.: A survey of top-k query processing techniques in relational database systems. ACM Comput. Surv. (CSUR) 40(4), 11 (2008)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"17_CR27","unstructured":"Kim, T., Peinado, M., Mainar-Ruiz, G.: STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. Presented as part of the 21st USENIX Security Symposium (USENIX Security 2012), pp. 189\u2013204. USENIX, Bellevue (2012). https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/kim"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Koning, K., Chen, X., Bos, H., Giuffrida, C., Athanasopoulos, E.: No need to hide: protecting safe regions on commodity hardware. In: Proceedings of the Twelfth European Conference on Computer Systems (2017)","DOI":"10.1145\/3064176.3064217"},{"key":"17_CR29","doi-asserted-by":"crossref","unstructured":"Kuvaiskii, D., et al.: SGXBOUNDS: memory safety for shielded execution. In: Proceedings of the Twelfth European Conference on Computer Systems (2017)","DOI":"10.1145\/3064176.3064192"},{"key":"17_CR30","unstructured":"Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: 11th USENIX Symposium on Operating Systems Design and Implementation (2014)"},{"key":"17_CR31","doi-asserted-by":"crossref","unstructured":"Li, W., Xia, Y., Chen, H., Zang, B., Guan, H.: Reducing world switches in virtualized environment with flexible cross-world calls. In: ACM\/IEEE 42nd Annual International Symposium on Computer Architecture (2015)","DOI":"10.1145\/2749469.2750406"},{"issue":"1","key":"17_CR32","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/2786763.2694385","volume":"43","author":"C Liu","year":"2015","unstructured":"Liu, C., Harris, A., Maas, M., Hicks, M., Tiwari, M., Shi, E.: GhostRider: a hardware-software system for memory trace oblivious computation. ACM SIGARCH Comput. Archit. News 43(1), 87\u2013101 (2015)","journal-title":"ACM SIGARCH Comput. Archit. News"},{"key":"17_CR33","doi-asserted-by":"crossref","unstructured":"Liu, F., et al.: CATalyst: defeating last-level cache side channel attacks in cloud computing. In: IEEE International Symposium on High Performance Computer Architecture (2016)","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"17_CR34","doi-asserted-by":"crossref","unstructured":"Nagarakatte, S., Martin, M.M., Zdancewic, S.: WatchdogLite: hardware-accelerated compiler-based pointer checking. In: Proceedings of Annual IEEE\/ACM International Symposium on Code Generation and Optimization (2014)","DOI":"10.1145\/2581122.2544147"},{"issue":"6","key":"17_CR35","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1145\/1543135.1542504","volume":"44","author":"S Nagarakatte","year":"2009","unstructured":"Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. ACM SIGPLAN Not. 44(6), 245\u2013258 (2009)","journal-title":"ACM SIGPLAN Not."},{"key":"17_CR36","unstructured":"Rane, A., Lin, C., Tiwari, M.: Raccoon: closing digital side-channels through obfuscated execution. In: USENIX Security Symposium (2015)"},{"key":"17_CR37","unstructured":"Rane, A., Lin, C., Tiwari, M.: Secure, precise, and fast floating-point operations on x86 processors. In: USENIX Security Symposium (2016)"},{"key":"17_CR38","doi-asserted-by":"publisher","unstructured":"Roessler, N., DeHon, A.: Protecting the stack with metadata policies and tagged hardware. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 1072\u20131089 (2018). https:\/\/doi.org\/10.1109\/SP.2018.00066","DOI":"10.1109\/SP.2018.00066"},{"key":"17_CR39","unstructured":"Sehr, D., et al.: Adapting software fault isolation to contemporary CPU architectures. In: USENIX Security Symposium (2010)"},{"issue":"1","key":"17_CR40","first-page":"93","volume":"43","author":"MS Simpson","year":"2013","unstructured":"Simpson, M.S., Barua, R.K.: MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Softw.: Pract. Exp. 43(1), 93\u2013128 (2013)","journal-title":"Softw.: Pract. Exp."},{"key":"17_CR41","doi-asserted-by":"crossref","unstructured":"Song, C., et al.: HDFI: hardware-assisted data-flow isolation. In: IEEE Symposium on Security and Privacy (2016)","DOI":"10.1109\/SP.2016.9"},{"key":"17_CR42","first-page":"1201","volume":"11","author":"SVN Vishwanathan","year":"2010","unstructured":"Vishwanathan, S.V.N., Schraudolph, N.N., Kondor, R., Borgwardt, K.M.: Graph kernels. J. Mach. Learn. Res. 11, 1201\u20131242 (2010)","journal-title":"J. Mach. Learn. Res."},{"key":"17_CR43","doi-asserted-by":"crossref","unstructured":"Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: ACM SIGOPS Operating Systems Review (1994)","DOI":"10.1145\/168619.168635"},{"key":"17_CR44","doi-asserted-by":"publisher","unstructured":"Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: Proceedings of the 34th Annual International Symposium on Computer Architecture, ISCA 2007, pp. 494\u2013505. ACM, New York (2007). https:\/\/doi.org\/10.1145\/1250662.1250723","DOI":"10.1145\/1250662.1250723"},{"key":"17_CR45","doi-asserted-by":"crossref","unstructured":"Wilander, J., Nikiforakis, N., Younan, Y., Kamkar, M., Joosen, W.: RIPE: runtime intrusion prevention evaluator. In: Proceedings of the 27th Annual Computer Security Applications Conference (2011)","DOI":"10.1145\/2076732.2076739"},{"key":"17_CR46","doi-asserted-by":"crossref","unstructured":"Yee, B., et al.: Native client: a sandbox for portable, untrusted x86 native code. In: 30th IEEE Symposium on Security and Privacy (2009)","DOI":"10.1109\/SP.2009.25"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-00470-5_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,23]],"date-time":"2019-10-23T16:38:53Z","timestamp":1571848733000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-00470-5_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030004699","9783030004705"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-00470-5_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}