{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T17:37:27Z","timestamp":1770226647161,"version":"3.49.0"},"reference-count":84,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179284","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"2956-2973","source":"Crossref","is-referenced-by-count":10,"title":["\u03bcSwitch: Fast Kernel Context Isolation with Implicit Context Switches"],"prefix":"10.1109","author":[{"given":"Dinglan","family":"Peng","sequence":"first","affiliation":[{"name":"Purdue University"}]},{"given":"Congyu","family":"Liu","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Tapti","family":"Palit","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Pedro","family":"Fonseca","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Anjo","family":"Vahldiek-Oberwagner","sequence":"additional","affiliation":[{"name":"Intel Labs"}]},{"given":"Mona","family":"Vij","sequence":"additional","affiliation":[{"name":"Intel Labs"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Site isolation \u2013 the chromium projects"},{"key":"ref2","article-title":"Site isolation: Process separation for web sites within the browser","volume-title":"Proceedings of the USENIX Conference on Security Symposium","author":"Reis"},{"key":"ref3","article-title":"Retrofitting fine grain isolation in the Firefox renderer","volume-title":"Proceedings of the USENIX Conference on Security Symposium","author":"Narayan"},{"key":"ref4","article-title":"ERIM: Secure, efficient in-process isolation with protection keys (MPK)","volume-title":"Proceedings of the USENIX Conference on Security Symposium","author":"Vahldiek-Oberwagner"},{"key":"ref5","article-title":"Enforcing least privilege memory views for multi-threaded applications","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Hsu"},{"key":"ref6","article-title":"Light-Weight contexts: An OS abstraction for safety and performance","volume-title":"Proceedings of the USENIX Conference on Operating Systems Design and Implementation (OSDI)","author":"Litton"},{"key":"ref7","article-title":"Memory protection keys","author":"Corbet","year":"2015"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/173668.168635"},{"key":"ref9","article-title":"PKU pitfalls: Attacks on PKU-based memory isolation systems","volume-title":"Proceedings of the USENIX Conference on Security Symposium","author":"Connor"},{"key":"ref10","article-title":"CVE-2017-14632"},{"key":"ref11","article-title":"CVE-2019-9232"},{"key":"ref12","article-title":"WebAssembly and Back Again: Fine-Grained Sandboxing in Firefox 95","author":"Holley-Mozilla","year":"2019"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3140587.3062363"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446727"},{"key":"ref15","article-title":"libmpk: Software abstraction for Intel Memory Protection Keys (Intel MPK)","volume-title":"Proceedings of the USENIX Conference on USENIX Annual Technical Conference (ATC)","author":"Park"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446731"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3380786.3391398"},{"key":"ref18","article-title":"Standardizing WASI: A system interface to run WebAssembly outside the web","author":"Clark","year":"2019"},{"key":"ref19","article-title":"The endokernel: Fast, secure, and programmable subprocess virtualization","author":"Im","year":"2021"},{"key":"ref20","article-title":"Docker: lightweight linux containers for consistent development and deployment","author":"Merkel","year":"2014","journal-title":"Linux journal"},{"key":"ref21","article-title":"namespaces(7) \u2014 linux manual page","author":"Kerrisk"},{"key":"ref22","article-title":"cgroups(7) \u2014 linux manual page","author":"Kerrisk"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519553"},{"key":"ref25","article-title":"seccomp(2) \u2014 linux manual page","author":"Kerrisk"},{"key":"ref26","article-title":"Efficiently mitigating transient execution attacks using the unmapped speculation contract","volume-title":"Proceedings of the USENIX Conference on Operating Systems Design and Implementation (OSDI)","author":"Behrens"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064183"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132748"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314590"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483549"},{"key":"ref32","article-title":"SKI: Exposing kernel concurrency bugs through systematic schedule exploration","volume-title":"Proceedings of the USENIX Conference on Operating Systems Design and Implementation (OSDI)","author":"Fonseca"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3575693.3575731"},{"key":"ref34","article-title":"SHARD: Fine-Grained kernel specialization with Context-Aware hardening","volume-title":"Proceedings of the USENIX Conference on Security Symposium","author":"Abubakar"},{"key":"ref35","article-title":"Linux containers"},{"key":"ref36","article-title":"Podman"},{"key":"ref37","article-title":"Open-sourcing gvisor, a sandboxed container runtime"},{"key":"ref38","article-title":"Not so fast: Analyzing the performance of WebAssembly vs. native code","volume-title":"Proceedings of the USENIX Conference on USENIX Annual Technical Conference (ATC)","author":"Jangda"},{"key":"ref39","article-title":"Hodor: Intra-Process isolation for High-Throughput data plane libraries","volume-title":"Proceedings of the USENIX Conference on USENIX Annual Technical Conference (ATC)","author":"Hedayati"},{"key":"ref40","article-title":"Donky: Domain keys \u2013 efficient In-Process isolation for RISC-V and x86","volume-title":"Proceedings of the USENIX Conference on Security Symposium","author":"Schrammel"},{"key":"ref41","article-title":"Jenny: Securing syscalls for PKU-based memory isolation systems","volume-title":"Proceedings of the USENIX Conference on Security Symposium","author":"Schrammel"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519560"},{"key":"ref43","article-title":"Rlbox github repository","author":"Narayan"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"key":"ref45","article-title":"CVE-2019-0211"},{"key":"ref46","article-title":"Sample http server","author":"Mathewson"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"ref48","article-title":"Intel architecture instruction set extensions and future features"},{"key":"ref49","first-page":"4","article-title":"Completely fair scheduler","volume":"2009","author":"Pabla","year":"2009","journal-title":"Linux Journal"},{"key":"ref50","article-title":"Talos"},{"key":"ref51","article-title":"Intel analysis of speculative execution side channels"},{"key":"ref52","article-title":"No provisioned concurrency: Fast RDMA-codesigned remote fork for serverless computing","author":"Wei","year":"2022"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3447786.3456258"},{"key":"ref54","article-title":"Cloud programming simplified: A berkeley view on serverless computing","volume-title":"Tech. Rep. UCB\/EECS-2019-3","author":"Jonas","year":"2019"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3357223.3362711"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3458336.3465305"},{"key":"ref57","article-title":"Meshwa: The case for a memory-safe software and hardware architecture for serverless computing","volume-title":"Proceedings of the Workshop On Resource Disaggregation and Serverless Computing (WORDS)","author":"Vahldiek-Oberwagner"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629581"},{"key":"ref59","article-title":"XFI: Software guards for system address spaces","volume-title":"Proceedings of the USENIX Conference on Operating Systems Design and Implementation (OSDI)","author":"Erlingsson"},{"key":"ref60","article-title":"Dune: Safe user-level access to privileged CPU features","volume-title":"Proceedings of the USENIX Conference on Operating Systems Design and Implementation (OSDI)","author":"Belay"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2786763.2694386"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446728"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519582"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"ref65","article-title":"Faastlane: Accelerating Function-as-a-Service workflows","volume-title":"Proceedings of the USENIX Conference on USENIX Annual Technical Conference (ATC)","author":"Kotni"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"ref67","article-title":"EPK: Scalable and efficient memory protection keys","volume-title":"Proceedings of the USENIX Conference on USENIX Annual Technical Conference (ATC)","author":"Gu"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.12"},{"key":"ref69","article-title":"Glamdring: Automatic application partitioning for Intel SGX","volume-title":"Proceedings of the USENIX Conference on USENIX Annual Technical Conference (ATC)","author":"Lind"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24057"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559344"},{"key":"ref72","article-title":"IMIX: In-Process memory isolation EXtension","volume-title":"Proceedings of the USENIX Conference on Security Symposium","author":"Frassetto"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304042"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3466752.3480076"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3458336.3465292"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3488019"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471849"},{"key":"ref78","article-title":"Practical and effective sandboxing for non-root users","volume-title":"Proceedings of the USENIX Conference on USENIX Annual Technical Conference (ATC)","author":"Kim"},{"key":"ref79","article-title":"Wedge: Splitting applications into Reduced-Privilege compartments","volume-title":"Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI)","author":"Bittau"},{"key":"ref80","article-title":"UMCG early preview\/RFC patchset"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132774"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483542"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483548"},{"key":"ref84","volume-title":"musl libc"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2023,5,21]]},"end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179284.pdf?arnumber=10179284","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:15:40Z","timestamp":1721452540000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179284\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":84,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179284","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}