{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,21]],"date-time":"2025-12-21T06:26:04Z","timestamp":1766298364135,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,10,4]],"date-time":"2010-10-04T00:00:00Z","timestamp":1286150400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,10,4]]},"DOI":"10.1145\/1866307.1866332","type":"proceedings-article","created":{"date-parts":[[2010,10,5]],"date-time":"2010-10-05T14:38:23Z","timestamp":1286289503000},"page":"212-223","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Retaining sandbox containment despite bugs in privileged memory-safe code"],"prefix":"10.1145","author":[{"given":"Justin","family":"Cappos","sequence":"first","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Armon","family":"Dadgar","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jeff","family":"Rasley","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Justin","family":"Samuel","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ivan","family":"Beschastnikh","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cosmin","family":"Barsan","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arvind","family":"Krishnamurthy","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Anderson","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2010,10,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"SSYM'00: Proceedings of the 9th conference on USENIX Security Symposium","author":"Acharya A.","year":"2000","unstructured":"}} A. Acharya and M. Raje . MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications . In SSYM'00: Proceedings of the 9th conference on USENIX Security Symposium , Berkeley, CA, USA , 2000 . USENIX Association. }}A. Acharya and M. Raje. MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications. In SSYM'00: Proceedings of the 9th conference on USENIX Security Symposium, Berkeley, CA, USA, 2000. USENIX Association."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1178597.1178599"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/581571.581573"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/822076.822431"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251229.1251252"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_3_2_1_7_1","volume-title":"ContainmentInSeattle - Seattle - Trac. https:\/\/seattle.cs.washington.edu\/wiki\/ContainmentInSeattle. Accessed","author":"Barsan C.","year":"2010","unstructured":"}} C. Barsan and J. Cappos . ContainmentInSeattle - Seattle - Trac. https:\/\/seattle.cs.washington.edu\/wiki\/ContainmentInSeattle. Accessed April 3, 2010 . }}C. Barsan and J. Cappos. ContainmentInSeattle - Seattle - Trac. https:\/\/seattle.cs.washington.edu\/wiki\/ContainmentInSeattle. Accessed April 3, 2010."},{"key":"e_1_3_2_1_9_1","first-page":"165","volume-title":"TRON: Process-Specific File Protection for the UNIX Operating System. In In Proceedings of the USENIX 1995 Technical Conference","author":"Berman A.","year":"1995","unstructured":"}} A. Berman , V. Bourassa , and E. Selberg . TRON: Process-Specific File Protection for the UNIX Operating System. In In Proceedings of the USENIX 1995 Technical Conference , pages 165 -- 175 , 1995 . }}A. Berman, V. Bourassa, and E. Selberg. TRON: Process-Specific File Protection for the UNIX Operating System. In In Proceedings of the USENIX 1995 Technical Conference, pages 165--175, 1995."},{"key":"e_1_3_2_1_10_1","first-page":"309","volume-title":"NSDI'08","author":"Bittau A.","year":"2008","unstructured":"}} A. Bittau , P. Marchenko , M. Handley , and B. Karp . Wedge: splitting applications into reduced-privilege compartments . In NSDI'08 , pages 309 -- 322 , Berkeley, CA, USA , 2008 . USENIX Association. }}A. Bittau, P. Marchenko, M. Handley, and B. Karp. Wedge: splitting applications into reduced-privilege compartments. In NSDI'08, pages 309--322, Berkeley, CA, USA, 2008. USENIX Association."},{"key":"e_1_3_2_1_11_1","volume-title":"http:\/\/boinc.berkeley.edu\/. Accessed","author":"BOINC.","year":"2010","unstructured":"}} BOINC. http:\/\/boinc.berkeley.edu\/. Accessed April 2, 2010 . }}BOINC. http:\/\/boinc.berkeley.edu\/. Accessed April 2, 2010."},{"key":"e_1_3_2_1_12_1","volume-title":"http:\/\/sunsolve.sun.com\/search\/document.do?assetkey=1--26--244991--1. Accessed","author":"Java Runtime A","year":"2010","unstructured":"}} A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow privileges to be escalated. http:\/\/sunsolve.sun.com\/search\/document.do?assetkey=1--26--244991--1. Accessed April 8, 2010 . }}A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow privileges to be escalated. http:\/\/sunsolve.sun.com\/search\/document.do?assetkey=1--26--244991--1. Accessed April 8, 2010."},{"key":"e_1_3_2_1_13_1","volume-title":"Accessed","author":"Cannon B.","year":"2010","unstructured":"}} B. Cannon and E. Wohlstadter . Controlling Access to Resources Within The Python Interpreter. http:\/\/www.cs.ubc.ca\/~drifty\/papers\/python_security.pdf . Accessed July 19, 2010 . }}B. Cannon and E. Wohlstadter. Controlling Access to Resources Within The Python Interpreter. http:\/\/www.cs.ubc.ca\/~drifty\/papers\/python_security.pdf. Accessed July 19, 2010."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1509239.1509275"},{"key":"e_1_3_2_1_15_1","volume-title":"Proc. 16th USENIX Security","author":"Chong S.","year":"2007","unstructured":"}} S. Chong , K. Vikram , A. Myers , : Enforcing confidentiality and integrity in web applications . In Proc. 16th USENIX Security , 2007 . }}S. Chong, K. Vikram, A. Myers, et al. SIF: Enforcing confidentiality and integrity in web applications. In Proc. 16th USENIX Security, 2007."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/353171.353195"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/504282.504292"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/525080.884266"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/363095.363143"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095813"},{"key":"e_1_3_2_1_22_1","volume-title":"http:\/\/wiki.developers.facebook.com\/index.php\/FBJS. Accessed","author":"FBJS","year":"2010","unstructured":"}} FBJS - Facebook developers wiki. http:\/\/wiki.developers.facebook.com\/index.php\/FBJS. Accessed April 2, 2010 . }}FBJS - Facebook developers wiki. http:\/\/wiki.developers.facebook.com\/index.php\/FBJS. Accessed April 2, 2010."},{"volume-title":"Accessed","year":"2010","key":"e_1_3_2_1_23_1","unstructured":"}}Pwn2own 2010 : interview with charlie miller. http:\/\/www.oneitsecurity.it\/01\/03\/2010\/interview-with-charlie-miller-pwn2own\/ . Accessed July 26, 2010. }}Pwn2own 2010: interview with charlie miller. http:\/\/www.oneitsecurity.it\/01\/03\/2010\/interview-with-charlie-miller-pwn2own\/. Accessed July 26, 2010."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/FITS.2003.1264946"},{"key":"e_1_3_2_1_25_1","volume-title":"https:\/\/seattle.cs.washington.edu\/wiki\/FutureRepyAPI. Accessed","author":"Seattle API","year":"2010","unstructured":"}}FutureRepy API - Seattle . https:\/\/seattle.cs.washington.edu\/wiki\/FutureRepyAPI. Accessed April 15, 2010 . }}FutureRepyAPI - Seattle. https:\/\/seattle.cs.washington.edu\/wiki\/FutureRepyAPI. Accessed April 15, 2010."},{"key":"e_1_3_2_1_26_1","volume-title":"NDSS'03","author":"Garfinkel T.","year":"2003","unstructured":"}} T. Garfinkel . Traps and pitfalls: Practical problems in system call interposition based security tools . In NDSS'03 . Citeseer , 2003 . }}T. Garfinkel. Traps and pitfalls: Practical problems in system call interposition based security tools. In NDSS'03. Citeseer, 2003."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945464"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267569.1267570"},{"key":"e_1_3_2_1_29_1","first-page":"22","volume-title":"USENIX ATC'98","author":"Hawblitzel C.","year":"1998","unstructured":"}} C. Hawblitzel , C.-C. Chang , G. Czajkowski , D. Hu , and T. von Eicken . Implementing multiple protection domains in Java . In USENIX ATC'98 , pages 22 -- 22 , Berkeley, CA, USA , 1998 . USENIX Association. }}C. Hawblitzel, C.-C. Chang, G. Czajkowski, D. Hu, and T. von Eicken. Implementing multiple protection domains in Java. In USENIX ATC'98, pages 22--22, Berkeley, CA, USA, 1998. USENIX Association."},{"volume-title":"Accessed","year":"2010","key":"e_1_3_2_1_30_1","unstructured":"}}Learn about Java technology. http:\/\/www.java.com\/en\/about\/ , Accessed April 8, 2010 . }}Learn about Java technology. http:\/\/www.java.com\/en\/about\/, Accessed April 8, 2010."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.106971"},{"key":"e_1_3_2_1_32_1","volume-title":"http:\/\/slightlyrandombrokenthoughts.blogspot.com\/2008\/12\/calendar-bug.html. Accessed","author":"Koivu S.","year":"2010","unstructured":"}} S. Koivu . Calendar bug. http:\/\/slightlyrandombrokenthoughts.blogspot.com\/2008\/12\/calendar-bug.html. Accessed April 8, 2010 . }}S. Koivu. Calendar bug. http:\/\/slightlyrandombrokenthoughts.blogspot.com\/2008\/12\/calendar-bug.html. Accessed April 8, 2010."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.17"},{"key":"e_1_3_2_1_34_1","volume-title":"Butterworth-Heinemann","author":"Levy H. M.","year":"1984","unstructured":"}} H. M. Levy . Capability-Based Computer Systems . Butterworth-Heinemann , Newton, MA, USA , 1984 . }}H. M. Levy. Capability-Based Computer Systems. Butterworth-Heinemann, Newton, MA, USA, 1984."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653716"},{"key":"e_1_3_2_1_36_1","first-page":"29","volume-title":"USENIX ATC'01","author":"Loscocco P.","year":"2001","unstructured":"}} P. Loscocco and S. Smalley . Integrating flexible support for security policies into the Linux operating system . In USENIX ATC'01 , pages 29 -- 40 , 2001 . }}P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In USENIX ATC'01, pages 29--40, 2001."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89330-1_22"},{"key":"e_1_3_2_1_38_1","volume-title":"Network and Distributed Systems Symposium. Internet Society","author":"Mettler A.","year":"2010","unstructured":"}} A. Mettler , D. Wagner , and T. Close . Joe-E: A security-oriented subset of Java . In Network and Distributed Systems Symposium. Internet Society , 2010 . }}A. Mettler, D. Wagner, and T. Close. Joe-E: A security-oriented subset of Java. In Network and Distributed Systems Symposium. Internet Society, 2010."},{"key":"e_1_3_2_1_40_1","volume-title":"Jif: Java information Flow. Software release at http:\/\/www.cs.cornell.edu\/jif. Accessed","author":"Myers A.","year":"2010","unstructured":"}} A. Myers , L. Zheng , S. Zdancewic , S. Chong , and N. Nystrom . Jif: Java information Flow. Software release at http:\/\/www.cs.cornell.edu\/jif. Accessed April 3, 2010 . }}A. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif: Java information Flow. Software release at http:\/\/www.cs.cornell.edu\/jif. Accessed April 3, 2010."},{"key":"e_1_3_2_1_41_1","unstructured":"}}S. Oaks. Java Security. O'Reilly and Associates Inc. Sebastopol CA USA 2001.   }}S. Oaks. Java Security. O'Reilly and Associates Inc. Sebastopol CA USA 2001."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.02.003"},{"volume-title":"http:\/\/www.planet-lab.org. Accessed","year":"2010","key":"e_1_3_2_1_43_1","unstructured":"}}PlanetLab. http:\/\/www.planet-lab.org. Accessed April 2, 2010 . }}PlanetLab. http:\/\/www.planet-lab.org. Accessed April 2, 2010."},{"key":"e_1_3_2_1_44_1","first-page":"10","volume-title":"Proceedings of the 12th USENIX Security Symposium","volume":"1","author":"Provos N.","unstructured":"}} N. Provos . Improving host security with system call policies . In Proceedings of the 12th USENIX Security Symposium , volume 1 , page 10 . Washington, DC, 2003. }}N. Provos. Improving host security with system call policies. In Proceedings of the 12th USENIX Security Symposium, volume 1, page 10. Washington, DC, 2003."},{"volume-title":"http:\/\/en.wikipedia.org\/wiki\/Ptrace. Accessed","year":"2010","key":"e_1_3_2_1_45_1","unstructured":"}}PTrace. http:\/\/en.wikipedia.org\/wiki\/Ptrace. Accessed April 2, 2010 . }}PTrace. http:\/\/en.wikipedia.org\/wiki\/Ptrace. Accessed April 2, 2010."},{"key":"e_1_3_2_1_46_1","volume-title":"Accessed","author":"API","year":"2010","unstructured":"}}Fujitsu Java Runtime Environment reflection API vulnerability. http:\/\/jvndb.jvn.jp\/en\/contents\/2005\/JVNDB-2005-000705.html , Accessed April 8, 2010 . }}Fujitsu Java Runtime Environment reflection API vulnerability. http:\/\/jvndb.jvn.jp\/en\/contents\/2005\/JVNDB-2005-000705.html, Accessed April 8, 2010."},{"key":"e_1_3_2_1_47_1","volume-title":"Accessed","author":"API","year":"2010","unstructured":"}}Sun Java Runtime Environment reflection API privilege elevation vulnerabilities. http:\/\/www.kb.cert.org\/vuls\/id\/974188 , Accessed April 8, 2010 . }}Sun Java Runtime Environment reflection API privilege elevation vulnerabilities. http:\/\/www.kb.cert.org\/vuls\/id\/974188, Accessed April 8, 2010."},{"volume-title":"http:\/\/www.securingjava.com\/chapter-two\/chapter-two-5.html. Accessed","year":"2010","key":"e_1_3_2_1_48_1","unstructured":"}}Section 5 - the three parts of the default sandbox. http:\/\/www.securingjava.com\/chapter-two\/chapter-two-5.html. Accessed April 8, 2010 . }}Section 5 - the three parts of the default sandbox. http:\/\/www.securingjava.com\/chapter-two\/chapter-two-5.html. Accessed April 8, 2010."},{"key":"e_1_3_2_1_49_1","unstructured":"}}Seattle: Open peer-to-peer computing. http:\/\/seattle.cs.washington.edu\/. Accessed April 3 2010.  }}Seattle: Open peer-to-peer computing. http:\/\/seattle.cs.washington.edu\/. Accessed April 3 2010."},{"key":"e_1_3_2_1_50_1","first-page":"152","volume-title":"Proceedings of the First APPSEM-II workshop","author":"Simonet V.","year":"2003","unstructured":"}} V. Simonet and I. Rocquencourt . Flow Caml in a nutshell . In Proceedings of the First APPSEM-II workshop , pages 152 -- 165 . Citeseer , 2003 . }}V. Simonet and I. Rocquencourt. Flow Caml in a nutshell. In Proceedings of the First APPSEM-II workshop, pages 152--165. Citeseer, 2003."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1217935.1217951"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/319151.319165"},{"key":"e_1_3_2_1_54_1","first-page":"365","volume-title":"Proceedings of the USENIX Security Symposium","author":"Tan G.","year":"2008","unstructured":"}} G. Tan and J. Croft . An empirical security study of the native code in the JDK . In Proceedings of the USENIX Security Symposium , pages 365 -- 377 , Berkeley, CA, USA , 2008 . USENIX Association. }}G. Tan and J. Croft. An empirical security study of the native code in the JDK. In Proceedings of the USENIX Security Symposium, pages 365--377, Berkeley, CA, USA, 2008. USENIX Association."},{"issue":"2","key":"e_1_3_2_1_55_1","first-page":"31","article-title":"Applying aspect-oriented programming to security","volume":"14","author":"Viega J.","year":"2001","unstructured":"}} J. Viega , J. Bloch , and P. Chandra . Applying aspect-oriented programming to security . Cutter IT Journal , 14 ( 2 ): 31 -- 39 , 2001 . }}J. Viega, J. Bloch, and P. Chandra. Applying aspect-oriented programming to security. Cutter IT Journal, 14(2):31--39, 2001.","journal-title":"Cutter IT Journal"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_3_2_1_57_1","first-page":"1","volume-title":"WOOT'07","author":"Watson R. N. M.","year":"2007","unstructured":"}} R. N. M. Watson . Exploiting concurrency vulnerabilities in system call wrappers . In WOOT'07 , pages 1 -- 8 , Berkeley, CA , USA, 2007 . USENIX Association . }}R. N. M. Watson. Exploiting concurrency vulnerabilities in system call wrappers. In WOOT'07, pages 1--8, Berkeley, CA, USA, 2007. USENIX Association."},{"volume-title":"http:\/\/www.adsafe.org\/. Accessed","year":"2010","key":"e_1_3_2_1_58_1","unstructured":"}}Making JavaScript safe for advertising. http:\/\/www.adsafe.org\/. Accessed April 2, 2010 . }}Making JavaScript safe for advertising. http:\/\/www.adsafe.org\/. Accessed April 2, 2010."},{"key":"e_1_3_2_1_59_1","first-page":"263","volume-title":"OSDI'06","author":"Zeldovich N.","unstructured":"}} N. Zeldovich , S. Boyd-Wickizer , E. Kohler , and D. Mazi'eres . Making information flow explicit in HiStar . In OSDI'06 , pages 263 -- 278 . }}N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazi'eres. Making information flow explicit in HiStar. In OSDI'06, pages 263--278."}],"event":{"name":"CCS '10: 17th ACM Conference on Computer and Communications Security 2010","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Chicago Illinois USA","acronym":"CCS '10"},"container-title":["Proceedings of the 17th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866332","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1866307.1866332","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:09:07Z","timestamp":1750248547000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866332"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,10,4]]},"references-count":55,"alternative-id":["10.1145\/1866307.1866332","10.1145\/1866307"],"URL":"https:\/\/doi.org\/10.1145\/1866307.1866332","relation":{},"subject":[],"published":{"date-parts":[[2010,10,4]]},"assertion":[{"value":"2010-10-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}