{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T14:50:14Z","timestamp":1777733414526,"version":"3.51.4"},"reference-count":60,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2023,7,1]]},"DOI":"10.1109\/tdsc.2022.3192524","type":"journal-article","created":{"date-parts":[[2022,7,21]],"date-time":"2022-07-21T19:31:51Z","timestamp":1658431911000},"page":"3251-3268","source":"Crossref","is-referenced-by-count":5,"title":["Harnessing the x86 Intermediate Rings for Intra-Process Isolation"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5344-6266","authenticated-orcid":false,"given":"Hojoon","family":"Lee","sequence":"first","affiliation":[{"name":"Department of Computer Science Engineering, Sungkyunkwan University, Seoul, South Korea"}]},{"given":"Chihyun","family":"Song","sequence":"additional","affiliation":[{"name":"Graduate School of Information Security, KAIST, Daejeon, South Korea"}]},{"given":"Brent Byunghoon","family":"Kang","sequence":"additional","affiliation":[{"name":"Graduate School of Information Security, KAIST, Daejeon, South Korea"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2014.217"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"ref3","first-page":"16","article-title":"Preventing privilege escalation","volume-title":"Proc. 12th Conf. USENIX Secur. Symp.","author":"Provos"},{"key":"ref4","first-page":"273","article-title":"Privman: A library for partitioning applications","volume-title":"Proc. USENIX Ann. Tech. Conf.","author":"Kilpatrick"},{"key":"ref5","first-page":"5","article-title":"Privtrans: Automatically partitioning programs for privilege separation","volume-title":"Proc. 13th Conf. USENIX Secur. Symp.","author":"Brumley"},{"key":"ref6","first-page":"309","article-title":"Wedge: Splitting applications into reduced-privilege compartments","volume-title":"Proc. 5th USENIX Symp. Netw. Syst. Des. Implementation","author":"Bittau"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978327"},{"key":"ref8","first-page":"361","article-title":"Between mutual trust and mutual distrust: Practical fine-grained privilege separation in multithreaded applications","volume-title":"Proc. USENIX Conf. Usenix Annu. Tech.","author":"Wang"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.12"},{"key":"ref10","article-title":"Intel software guard extensions (intel sgx)","author":"Corperation","year":"2018"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"ref12","article-title":"Introduction to intel\u00ae memory protection extensions","author":"Corperation","year":"2018"},{"key":"ref13","article-title":"Memory protection keys","author":"Corbet","year":"2015"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1353536.1346284"},{"key":"ref16","first-page":"973","article-title":"Meltdown: Reading kernel memory from user space","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Lipp"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"ref18","first-page":"1221","article-title":"ERIM: Secure, efficient in-process isolation with protection keys (MPK)","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Vahldiek-Oberwagner"},{"key":"ref19","first-page":"489","article-title":"Hodor: Intra-process isolation for high-throughput data plane libraries","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Hedayati"},{"key":"ref20","article-title":"Building a secure system using trustzone\u00ae technolog","year":"2019"},{"key":"ref21","first-page":"523","article-title":"Hacking in darkness: Return-oriented programming against secure enclaves","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Lee"},{"key":"ref22","article-title":"White Paper: AMD Memory Encryption","author":"David Kaplan","year":"2016"},{"key":"ref24","article-title":"System v application binary interface","year":"2018"},{"key":"ref25","article-title":"The linux kernel archives","year":"2018"},{"key":"ref26","article-title":"Kernel page-table isolation merged","year":"2017"},{"key":"ref27","article-title":"Kaiser: Hiding the kernel from user space","year":"2017"},{"key":"ref28","article-title":"Nginx","year":"2018"},{"key":"ref29","article-title":"Libressl","year":"2017"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2786763.2694386"},{"key":"ref31","first-page":"335","article-title":"Dune: Safe user-level access to privileged CPU features","volume-title":"Proc. 10th USENIX Conf. Operating Syst. Des. Implementation","author":"Belay"},{"key":"ref32","article-title":"Intel 64 and IA-32 architectures software developers manual","year":"2016"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"ref35","article-title":"Virtualbox technical documentation","year":"2017"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2382553.2382554"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"key":"ref38","first-page":"293","article-title":"Vx32: Lightweight user-level sandboxing on the x86","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Ford"},{"key":"ref39","first-page":"1","article-title":"Adapting software fault isolation to contemporary CPU architectures","volume-title":"Proc. 19th USENIX Conf. Secur.","author":"Sehr"},{"key":"ref41","first-page":"241","article-title":"libmpk: Software abstraction for intel memory protection keys (intel MPK)","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Park"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2499368.2451146"},{"key":"ref43","first-page":"409","article-title":"Minibox: A two-way sandbox for x86 native code","volume-title":"Proc. USENIX Ann. Tech. Conf.","author":"Li"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.17"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346267"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/2954680.2872372"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/sp40000.2020.00041"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00087"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134066"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382280"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"ref52","first-page":"75","article-title":"XFI: Software guards for system address spaces","volume-title":"Proc. 7th Symp. Operating Syst. Des. Implementation","author":"Erlingsson"},{"key":"ref53","article-title":"Evaluating SFI for a cisc architecture","volume-title":"Proc. 15th Conf. USENIX Secur. Symp.","author":"McCamant"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254111"},{"key":"ref55","article-title":"Webassembly","year":"2021"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052983"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3302424.3303952"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00082"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23327"},{"key":"ref61","first-page":"285","article-title":"Automatic application partitioning for intel SGX","volume-title":"Proc. USENIX Ann. Tech. Conf.","author":"Lind","year":"2017"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833650"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660316"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10177761\/09836974.pdf?arnumber=9836974","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,1]],"date-time":"2024-02-01T09:27:26Z","timestamp":1706779646000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9836974\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,1]]},"references-count":60,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2022.3192524","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,1]]}}}