{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:16:50Z","timestamp":1763468210816,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,11,3]],"date-time":"2014-11-03T00:00:00Z","timestamp":1414972800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,11,3]]},"DOI":"10.1145\/2660267.2660331","type":"proceedings-article","created":{"date-parts":[[2014,11,11]],"date-time":"2014-11-11T13:40:05Z","timestamp":1415713205000},"page":"1366-1377","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["A Tale of Two Kernels"],"prefix":"10.1145","author":[{"given":"Anil","family":"Kurmus","sequence":"first","affiliation":[{"name":"IBM Research - Zurich, Ruschlikon, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robby","family":"Zippel","sequence":"additional","affiliation":[{"name":"IBM Research - Zurich, Ruschlikon, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2014,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","DOI":"10.21236\/AD0772806","volume-title":"Computer Security Technology Planning Study","author":"Anderson James P","year":"1972","unstructured":"James P Anderson . Computer Security Technology Planning Study . Volume 2 . Technical report. DTIC Document , 1972 . James P Anderson. Computer Security Technology Planning Study. Volume 2. Technical report. DTIC Document, 1972."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519085"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/258915.258928"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/504390.504408"},{"key":"e_1_3_2_1_6_1","unstructured":"Phil Blundell. Econet: fix CVE-2010--3848. http:\/\/git.kernel.org\/cgit\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=a27e13d370415add34879.  Phil Blundell. Econet: fix CVE-2010--3848. http:\/\/git.kernel.org\/cgit\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=a27e13d370415add34879."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103799.2103805"},{"key":"e_1_3_2_1_8_1","unstructured":"Kees Cook. Kernel exploitation via uninitialized stack. DefCon 19https:\/\/www.defcon.org\/images\/defcon-19\/dc-19-presentations\/Cook\/DEFCON-19-Cook-Kernel- Exploitation.pdf.  Kees Cook. Kernel exploitation via uninitialized stack. DefCon 19https:\/\/www.defcon.org\/images\/defcon-19\/dc-19-presentations\/Cook\/DEFCON-19-Cook-Kernel- Exploitation.pdf."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/0096-0551(93)90005-L"},{"key":"e_1_3_2_1_10_1","unstructured":"Intel Corp. Intel Architecture Instruction Set Extensions Programming Reference. http:\/\/software.intel.com\/sites\/default\/files\/319433-014.pdf. 2012.  Intel Corp. Intel Architecture Instruction Set Extensions Programming Reference. http:\/\/software.intel.com\/sites\/default\/files\/319433-014.pdf. 2012."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294295"},{"key":"e_1_3_2_1_12_1","unstructured":"Nelson Elhage. Econet local privilege escalation. http:\/\/www.exploit-db.com\/exploits\/15704\/.  Nelson Elhage. Econet local privilege escalation. http:\/\/www.exploit-db.com\/exploits\/15704\/."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/224056.224076"},{"key":"e_1_3_2_1_14_1","first-page":"75 47","volume-title":"7th Symposium on Operating System Design andImplementation (OSDI'06)","author":"Erlingsson \u00dalfar","year":"2006","unstructured":"\u00dalfar Erlingsson , Mart\u00edn Abadi , Michael Vrable , Mihai Budiu , and George C. Necula . \"XFI: Software Guards for System Address Spaces \". In: 7th Symposium on Operating System Design andImplementation (OSDI'06) . (Seattle, WA, USA). 2006 , pages 75 -- 88 .ISBN: 1-931971- 47 - 41 . \u00dalfar Erlingsson, Mart\u00edn Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. \"XFI: Software Guards for System Address Spaces\". In: 7th Symposium on Operating System Design andImplementation (OSDI'06). (Seattle, WA, USA). 2006, pages 75--88.ISBN: 1-931971-47-1."},{"key":"e_1_3_2_1_15_1","unstructured":"Chris Evans. Pwnium 3 and Pwn2Own Results. http:\/\/blog.chromium.org\/2013\/03\/pwnium-3-and-pwn2own-results.html. 2012.  Chris Evans. Pwnium 3 and Pwn2Own Results. http:\/\/blog.chromium.org\/2013\/03\/pwnium-3-and-pwn2own-results.html. 2012."},{"key":"e_1_3_2_1_16_1","volume-title":"Fischer. Supervisor Mode Execution Protection. NSA Trusted Computing Conference and Exposition. https:\/\/www.ncsi.com\/nsatc11\/presentations\/wednesday\/emerging_technologies\/fischer.pdf.","author":"Stephen","year":"2011","unstructured":"Stephen Fischer. Supervisor Mode Execution Protection. NSA Trusted Computing Conference and Exposition. https:\/\/www.ncsi.com\/nsatc11\/presentations\/wednesday\/emerging_technologies\/fischer.pdf. 2011 . Stephen Fischer. Supervisor Mode Execution Protection. NSA Trusted Computing Conference and Exposition. https:\/\/www.ncsi.com\/nsatc11\/presentations\/wednesday\/emerging_technologies\/fischer.pdf. 2011."},{"key":"e_1_3_2_1_17_1","first-page":"39","volume-title":"GCC Developers' Summit.","author":"Fursin Grigori","year":"2007","unstructured":"Grigori Fursin , Cupertino Miranda , Sebastian Pop , Albert Cohen , and Olivier Temam . \" Practical Run-time Adaptation with Procedure Cloning to Enable Continuous Collective Compilation\". In: GCC Developers' Summit. 2007 , page 39 . Grigori Fursin, Cupertino Miranda, Sebastian Pop, Albert Cohen, and Olivier Temam. \"Practical Run-time Adaptation with Procedure Cloning to Enable Continuous Collective Compilation\". In: GCC Developers' Summit. 2007, page 39."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/2362793.2362833"},{"key":"e_1_3_2_1_19_1","unstructured":"Google. AddressSanitizer for the Linux kernel. http:\/\/bit.ly\/TdRoab. 2014.  Google. AddressSanitizer for the Linux kernel. http:\/\/bit.ly\/TdRoab. 2014."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/IISWC.2011.6114205"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1151374.1151391"},{"key":"e_1_3_2_1_22_1","first-page":"39","volume-title":"Proceedings of the 21st USENIX Conference on Security Symposium. Security'12","author":"Kemerlis Vasileios P.","year":"2012","unstructured":"Vasileios P. Kemerlis , Georgios Portokalidis , and Angelos D. Keromytis . \"kGuard: Lightweight Kernel Protection Against Return-to-user Attacks \". In: Proceedings of the 21st USENIX Conference on Security Symposium. Security'12 . 2012 , pages 39 -- 39 . Vasileios P. Kemerlis, Georgios Portokalidis, and Angelos D. Keromytis. \"kGuard: Lightweight Kernel Protection Against Return-to-user Attacks\". In: Proceedings of the 21st USENIX Conference on Security Symposium. Security'12. 2012, pages 39--39."},{"key":"e_1_3_2_1_23_1","first-page":"212","volume-title":"Proceedings of the 11th DIMVA Conference.","author":"Kurmus Anil","year":"2014","unstructured":"Anil Kurmus , Sergej Dechand , and R\u00fcdiger Kapitza . \" Quantifiable Run-Time Kernel Attack Surface Reduction\". In: Proceedings of the 11th DIMVA Conference. 2014 , pages 212 -- 234 . Anil Kurmus, Sergej Dechand, and R\u00fcdiger Kapitza. \"Quantifiable Run-Time Kernel Attack Surface Reduction\". In: Proceedings of the 11th DIMVA Conference. 2014, pages 212--234."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755934"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920301"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/224056.224075"},{"key":"e_1_3_2_1_27_1","unstructured":"LTP -- Linux Test Project. https:\/\/linux-test-project.github.io\/.  LTP -- Linux Test Project. https:\/\/linux-test-project.github.io\/."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1272996.1273031"},{"key":"e_1_3_2_1_29_1","unstructured":"MITRE. CWE-457: Use of Uninitialized Variable. https:\/\/cwe.mitre.org\/data\/definitions\/457.html.  MITRE. CWE-457: Use of Uninitialized Variable. https:\/\/cwe.mitre.org\/data\/definitions\/457.html."},{"key":"e_1_3_2_1_30_1","unstructured":"Vegard Nossum. Documentation of the Linux kernel kmemcheck configuration option. https:\/\/www.kernel.org\/doc\/ Documentation\/kmemcheck.txt.  Vegard Nossum. Documentation of the Linux kernel kmemcheck configuration option. https:\/\/www.kernel.org\/doc\/ Documentation\/kmemcheck.txt."},{"key":"e_1_3_2_1_31_1","first-page":"16","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium -","volume":"12","author":"Provos Niels","year":"2003","unstructured":"Niels Provos , Markus Friedl , and Peter Honeyman . \" Preventing Privilege Escalation\". In: Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 . 2003 , pages 16 -- 16 . Niels Provos, Markus Friedl, and Peter Honeyman. \"Preventing Privilege Escalation\". In: Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12. 2003, pages 16--16."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_3_2_1_33_1","first-page":"28","volume-title":"Proceedings of the 2012 USENIX Conference on Annual Technical Conference. USENIX ATC'12.","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany , Derek Bruening , Alexander Potapenko , and Dmitry Vyukov . \"AddressSanitizer : A Fast Address Sanity Checker \". In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference. USENIX ATC'12. 2012 , pages 28 -- 28 . Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. \"AddressSanitizer: A Fast Address Sanity Checker\". In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference. USENIX ATC'12. 2012, pages 28--28."},{"key":"e_1_3_2_1_34_1","volume-title":"NAI Labs Report","author":"Smalley Stephen","year":"2001","unstructured":"Stephen Smalley , Chris Vance , and Wayne Salamon . Implementing SELinux as a Linux security module. Technical report . NAI Labs Report , 2001 . Stephen Smalley, Chris Vance, and Wayne Salamon. Implementing SELinux as a Linux security module. Technical report. NAI Labs Report, 2001."},{"key":"e_1_3_2_1_35_1","unstructured":"Brad Spengler and PaX team. grsecurity kernel patches. www.grsecurity.net.  Brad Spengler and PaX team. grsecurity kernel patches. www.grsecurity.net."},{"key":"e_1_3_2_1_36_1","first-page":"279","volume-title":"Proceedings of the 7th Symposium on Operating Systems Design and Implementation. OSDI'06. 2006","author":"Ta-Min Richard","year":"1971","unstructured":"Richard Ta-Min , Lionel Litty , and David Lie . \" Splitting Interfaces : Making Trust Between Applications and Operating Systems Configurable \". In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation. OSDI'06. 2006 , pages 279 -- 292 . ISBN: 1--93 1971 --47--1. Richard Ta-Min, Lionel Litty, and David Lie. \"Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable\". In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation. OSDI'06. 2006, pages 279--292. ISBN: 1--931971--47--1."},{"key":"e_1_3_2_1_37_1","unstructured":"PaX team. Future direction of PaX. pax.grsecurity.net\/docs\/pax-future.txt.  PaX team. Future direction of PaX. pax.grsecurity.net\/docs\/pax-future.txt."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_5"},{"key":"e_1_3_2_1_39_1","volume-title":"Ottawa Linux Symposium.","volume":"8032","author":"Wright Chris","year":"2002","unstructured":"Chris Wright , Crispin Cowan , James Morris , Stephen Smalley , and Greg Kroah-Hartman . \"Linux security module framework \". In: Ottawa Linux Symposium. Volume 8032 . 2002 . Chris Wright, Crispin Cowan, James Morris, Stephen Smalley, and Greg Kroah-Hartman. \"Linux security module framework\". In: Ottawa Linux Symposium. Volume 8032. 2002."}],"event":{"name":"CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Scottsdale Arizona USA","acronym":"CCS'14"},"container-title":["Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660331","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2660267.2660331","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:56:10Z","timestamp":1750229770000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660331"}},"subtitle":["Towards Ending Kernel Hardening Wars with Split Kernel"],"short-title":[],"issued":{"date-parts":[[2014,11,3]]},"references-count":39,"alternative-id":["10.1145\/2660267.2660331","10.1145\/2660267"],"URL":"https:\/\/doi.org\/10.1145\/2660267.2660331","relation":{},"subject":[],"published":{"date-parts":[[2014,11,3]]},"assertion":[{"value":"2014-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}