{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T18:21:34Z","timestamp":1763058094876,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,28]],"date-time":"2017-10-28T00:00:00Z","timestamp":1509148800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,28]]},"DOI":"10.1145\/3144555.3144563","type":"proceedings-article","created":{"date-parts":[[2017,10,31]],"date-time":"2017-10-31T12:31:37Z","timestamp":1509453097000},"page":"43-50","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Towards Fine-grained, Automated Application Compartmentalization"],"prefix":"10.1145","author":[{"given":"Nikos","family":"Vasilakis","sequence":"first","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ben","family":"Karel","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nick","family":"Roessler","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nathan","family":"Dautenhahn","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andr\u00e9","family":"DeHon","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jonathan M.","family":"Smith","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,10,28]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420952"},{"key":"e_1_3_2_1_2_1","volume-title":"skcsirt-sa-20170909-pypi. (Sep","author":"Slovakia's National Security Authority. 2017.","year":"2017","unstructured":"Slovakia's National Security Authority. 2017. skcsirt-sa-20170909-pypi. (Sep 2017). http:\/\/www.nbu.gov.sk\/skcsirt-sa-20170909-pypi\/ ccessed: 2017-09-15."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/1610564.1610573"},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI'08)","author":"Bittau Andrea","year":"2008","unstructured":"Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI'08). USENIX Association, Berkeley, CA, USA, 309--322. http:\/\/dl.acm.org\/citation.cfm?id=1387589.1387611"},{"key":"e_1_3_2_1_5_1","volume-title":"Looks like this npm package is stealing env variables on install. (Aug","author":"Bolmsten Oscar","year":"2017","unstructured":"Oscar Bolmsten. 2017. Looks like this npm package is stealing env variables on install. (Aug 2017). https:\/\/twiter.com\/o_cee\/status\/892306836199800836 Accessed: 2017-08-11."},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI'08)","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI'08). USENIX Association, Berkeley, CA, USA, 209--224. http:\/\/dl.acm.org\/citation.cfm?id=1855741.1855756"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081868"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103799.2103805"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium -","volume":"12","author":"Scott","unstructured":"Scott A. Crosby and Dan S. Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (SSYM'03). USENIX Association, Berkeley, CA, USA, 3--3. http:\/\/dl.acm.org\/citation.cfm?id=1251353.1251356"},{"volume-title":"Selected writings on computing: a personal perspective","author":"Dijkstra Edsger W","key":"e_1_3_2_1_10_1","unstructured":"Edsger W Dijkstra. 1982. On the role of scientific thought. In Selected writings on computing: a personal perspective. Springer, 60--66."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2525528.2525538"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2429069.2429114"},{"key":"e_1_3_2_1_13_1","unstructured":"Martin Fowler and James Lewis. 2014. Microservices. (2014). http:\/\/martinfowler.com\/articles\/microservices.html Accessed: 2015-02-17."},{"volume-title":"Ghost Publishing Platform","key":"e_1_3_2_1_14_1","unstructured":"Ghost. Ghost Publishing Platform. http:\/\/ghost.org\/. (????). Accessed: 2017-01-01."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813611"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2008.09.019"},{"volume-title":"Serverless Computation with OpenLambda. In 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 16)","author":"Hendrickson Scott","key":"e_1_3_2_1_17_1","unstructured":"Scott Hendrickson, Stephen Sturdevant, Tyler Harter, Venkateshwaran Venkataramani, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2016. Serverless Computation with OpenLambda. In 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 16). USENIX Association, Denver, CO. https:\/\/www.usenix.org\/conference\/hotcloud16\/workshop-program\/presentation\/hendrickson"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1151374.1151391"},{"key":"e_1_3_2_1_19_1","volume-title":"Mach: A New Kernel Foundation for UNIX Development. In USENIX Summer Technical Conference. Usenix, 93--113","author":"Accetta Michael J.","year":"1986","unstructured":"Michael J. Accetta, Robert Baron, William J. Bolosky, David B. Golub, Richard F. Rashid, Avadis Tevanian, and Michael Wayne Young. 1986. Mach: A New Kernel Foundation for UNIX Development. In USENIX Summer Technical Conference. Usenix, 93--113. http:\/\/www.cs.ubc.ca\/~norm\/508\/2009W1\/mach_usenix86.pdf"},{"key":"e_1_3_2_1_20_1","volume-title":"13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)","author":"Kuppusamy Trishank Karthik","year":"2016","unstructured":"Trishank Karthik Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos. 2016. Diplomat: Using Delegations to Protect Community Repositories. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16). USENIX Association, Santa Clara, CA, 567--581. https:\/\/www.usenix.org\/conference\/nsdi16\/technical-sessions\/presentation\/kuppusamy"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23414"},{"volume-title":"Capability-Based Computer Systems. Butterworth-Heinemann","author":"Levy Henry M.","key":"e_1_3_2_1_22_1","unstructured":"Henry M. Levy. 1984. Capability-Based Computer Systems. Butterworth-Heinemann, Newton, MA, USA. http:\/\/www.cs.washington.edu\/homes\/levy\/capabook\/"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/HOTOS.1997.595177"},{"key":"e_1_3_2_1_24_1","volume-title":"Light-Weight Contexts: An OS Abstraction for Safety and Performance. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16)","author":"Litton James","year":"2016","unstructured":"James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, GA, 49--64. https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/liton"},{"key":"e_1_3_2_1_25_1","unstructured":"Jeremy Long. 2015. OWASP Dependency Check. (2015). https:\/\/www.owasp.org\/index.php\/OWASP_Dependency_Check Accessed: 2017-02-17."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/647054.715771"},{"key":"e_1_3_2_1_28_1","first-page":"2600241","article-title":"Docker","volume":"2600239","author":"Merkel Dirk","year":"2014","unstructured":"Dirk Merkel. 2014. Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux J. 2014, 239, Article 2 (March 2014). http:\/\/dl.acm.org\/citation.cfm?id=2600239.2600241","journal-title":"Lightweight Linux Containers for Consistent Development and Deployment. Linux"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.24"},{"key":"e_1_3_2_1_30_1","volume-title":"Safe active content in sanitized JavaScript. Google","author":"Miller Mark S","year":"2008","unstructured":"Mark S Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. 2008. Safe active content in sanitized JavaScript. Google, Inc., Tech. Rep (2008)."},{"volume-title":"Building Microservices","author":"Newman Sam","key":"e_1_3_2_1_31_1","unstructured":"Sam Newman. 2015. Building Microservices. O'Reilly Media, Inc."},{"key":"e_1_3_2_1_32_1","unstructured":"npm Inc. 2012. npm-shrinkwrap: Lock down dependency versions. (2012). https:\/\/docs.npmjs.com\/cli\/shrinkwrap Accessed: 2017-02-03."},{"key":"e_1_3_2_1_33_1","unstructured":"Erlend Oftedal et al. 2016. RetireJS. (2016). http:\/\/retirejs.github.io\/retire.js\/ Accessed: 2017-05-18."},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium -","volume":"12","author":"Provos Niels","year":"2003","unstructured":"Niels Provos, Markus Friedl, and Peter Honeyman. 2003. Preventing Privilege Escalation. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (SSYM'03). USENIX Association, Berkeley, CA, USA, 16--16. http:\/\/dl.acm.org\/citation.cfm?id=1251353.1251369"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12130-999-1026-0"},{"key":"e_1_3_2_1_36_1","volume-title":"21st USENIX Security Symposium (USENIX Security 12)","author":"Rizzo Luigi","year":"2012","unstructured":"Luigi Rizzo. 2012. Netmap: a novel framework for fast packet I\/O. In 21st USENIX Security Symposium (USENIX Security 12). 101--112."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/800216.806586"},{"key":"e_1_3_2_1_38_1","unstructured":"Sam Saccone. 2016. npm fails to restrict the actions of malicious npm packages. https:\/\/www.kb.cert.org\/vuls\/id\/319816. (2016). Accessed: 2017-06-05."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_40_1","volume-title":"Schlueter et al","author":"Isaac","year":"2010","unstructured":"Isaac Z. Schlueter et al. 2010. Node Package Manager. (2010). https:\/\/npmjs.com Accessed: 2017-02-17."},{"key":"e_1_3_2_1_41_1","unstructured":"Node Security. 2016. Continuous Security monitoring for your node apps. https:\/\/nodesecurity.io\/. (2016). Accessed: 2017-01-01."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/319151.319163"},{"key":"e_1_3_2_1_43_1","unstructured":"Snyk. 2016. Find fix and monitor for known vulnerabilities in Node.js and Ruby packages. https:\/\/snyk.io\/. (2016). Accessed: 2017-05-18."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/2685048.2685060"},{"volume-title":"Presented as part of the 3rd USENIX Conference on Web Application Development (WebApps 12)","author":"Terrace Jeff","key":"e_1_3_2_1_45_1","unstructured":"Jeff Terrace, Stephen R. Beard, and Naga Praveen Kumar Katta. 2012. JavaScript in JavaScript (js.js): Sandboxing Third-Party Scripts. In Presented as part of the 3rd USENIX Conference on Web Application Development (WebApps 12). USENIX, Boston, MA, 95--100. https:\/\/www.usenix.org\/conference\/webapps12\/technical-sessions\/presentation\/terrace"},{"volume-title":"Typosquatting in Programming Language Package Managers. Bachelor Thesis","author":"Tschacher Nikolai Philipp","key":"e_1_3_2_1_46_1","unstructured":"Nikolai Philipp Tschacher. 2016. Typosquatting in Programming Language Package Managers. Bachelor Thesis. University of Hamburg."},{"volume-title":"15th Workshop on Hot Topics in Operating Systems (HotOS XV). USENIX Association","author":"Vasilakis Nikos","key":"e_1_3_2_1_47_1","unstructured":"Nikos Vasilakis, Ben Karel, and Jonathan M. Smith. 2015. From Lone Dwarfs to Giant Superclusters: Rethinking Operating System Abstractions for the Cloud. In 15th Workshop on Hot Topics in Operating Systems (HotOS XV). USENIX Association, Kartause Ittingen, Switzerland. https:\/\/www.usenix.org\/conference\/hotos15\/workshop-program\/presentation\/vasilakis"},{"volume-title":"Concurrent Programming in ERLANG (2Nd Ed.)","author":"Virding Robert","key":"e_1_3_2_1_48_1","unstructured":"Robert Virding, Claes Wikstr\u00f6m, and Mike Williams. 1996. Concurrent Programming in ERLANG (2Nd Ed.). Prentice Hall International (UK) Ltd., Hertfordshire, UK, UK."},{"key":"e_1_3_2_1_49_1","unstructured":"Ashley G Williams. 2016. Changes to npm's unpublish policy. http:\/\/blog.npmjs.org\/post\/141905368000\/changes-to-npms-unpublish-policy. (2016)."},{"key":"e_1_3_2_1_50_1","unstructured":"Serdar Yegulalp. 2016. How one yanked JavaScript package wreaked havoc. http:\/\/www.infoworld.com\/article\/3047177\/javascript\/how-one-yanked-javascript-package-wreaked-havoc.html. (2016)."}],"event":{"name":"SOSP '17: ACM SIGOPS 26th Symposium on Operating Systems Principles","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems","USENIX Assoc USENIX Assoc"],"location":"Shanghai China","acronym":"SOSP '17"},"container-title":["Proceedings of the 9th Workshop on Programming Languages and Operating Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3144555.3144563","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3144555.3144563","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:22Z","timestamp":1750212682000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3144555.3144563"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,28]]},"references-count":49,"alternative-id":["10.1145\/3144555.3144563","10.1145\/3144555"],"URL":"https:\/\/doi.org\/10.1145\/3144555.3144563","relation":{},"subject":[],"published":{"date-parts":[[2017,10,28]]},"assertion":[{"value":"2017-10-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}