{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,25]],"date-time":"2026-04-25T08:33:47Z","timestamp":1777106027286,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":91,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,3,17]],"date-time":"2020-03-17T00:00:00Z","timestamp":1584403200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1840197"],"award-info":[{"award-number":["1840197"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,3,17]]},"DOI":"10.1145\/3381052.3381328","type":"proceedings-article","created":{"date-parts":[[2020,3,3]],"date-time":"2020-03-03T18:06:14Z","timestamp":1583258774000},"page":"157-171","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":32,"title":["Lightweight kernel isolation with virtualization and VM functions"],"prefix":"10.1145","author":[{"given":"Vikram","family":"Narayanan","sequence":"first","affiliation":[{"name":"University of California, Irvine"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yongzhe","family":"Huang","sequence":"additional","affiliation":[{"name":"Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gang","family":"Tan","sequence":"additional","affiliation":[{"name":"Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[{"name":"Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anton","family":"Burtsev","sequence":"additional","affiliation":[{"name":"University of California, Irvine"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,3,17]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Bareflank Hypervisor SDK. http:\/\/bareflank.github.io\/hypervisor\/.  Bareflank Hypervisor SDK. http:\/\/bareflank.github.io\/hypervisor\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Code-Pointer Integrity in Clang\/LLVM. https:\/\/github.com\/cpi-llvm\/compiler-rt.  Code-Pointer Integrity in Clang\/LLVM. https:\/\/github.com\/cpi-llvm\/compiler-rt."},{"key":"e_1_3_2_1_3_1","unstructured":"LKDDb: Linux Kernel Driver DataBase. https:\/\/cateee.net\/lkddb\/. Accessed on 04.23.2019.  LKDDb: Linux Kernel Driver DataBase. https:\/\/cateee.net\/lkddb\/. Accessed on 04.23.2019."},{"key":"e_1_3_2_1_4_1","unstructured":"seL4 performance. https:\/\/sel4.systems\/About\/Performance\/.  seL4 performance. https:\/\/sel4.systems\/About\/Performance\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Intel 64 and IA-32 Architectures Software Developer's Manual 2017. https:\/\/software.intel.com\/sites\/default\/files\/managed\/39\/c5\/325462-sdm-vol-1-2abcd-3abcd.pdf. Intel 64 and IA-32 Architectures Software Developer's Manual 2017. https:\/\/software.intel.com\/sites\/default\/files\/managed\/39\/c5\/325462-sdm-vol-1-2abcd-3abcd.pdf."},{"key":"e_1_3_2_1_6_1","volume-title":"Technical report","author":"Appavoo Jonathan","year":"2002","unstructured":"Jonathan Appavoo , Marc Auslander , Dilma DaSilva , David Edelsohn , Orran Krieger , Michal Ostrowski , Bryan Rosenburg , R Wisniewski , and Jimi Xenidis . Utilizing Linux kernel components in K42. Technical report , Technical report , IBM Watson Research , 2002 . Jonathan Appavoo, Marc Auslander, Dilma DaSilva, David Edelsohn, Orran Krieger, Michal Ostrowski, Bryan Rosenburg, R Wisniewski, and Jimi Xenidis. Utilizing Linux kernel components in K42. Technical report, Technical report, IBM Watson Research, 2002."},{"key":"e_1_3_2_1_7_1","volume-title":"Please stop naming vulnerabilities: Exploring 6 previously unknown remote kernel bugs affecting android phones. https:\/\/pleasestopnamingvulnerabilities.com","author":"Bauer Scott","year":"2017","unstructured":"Scott Bauer . Please stop naming vulnerabilities: Exploring 6 previously unknown remote kernel bugs affecting android phones. https:\/\/pleasestopnamingvulnerabilities.com , 2017 . Scott Bauer. Please stop naming vulnerabilities: Exploring 6 previously unknown remote kernel bugs affecting android phones. https:\/\/pleasestopnamingvulnerabilities.com, 2017."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629579"},{"issue":"6","key":"e_1_3_2_1_9_1","first-page":"912","volume":"63","author":"Boettner D. W.","year":"1975","unstructured":"D. W. Boettner and M. T. Alexander . The Michigan Terminal System. Proceedings of the IEEE , 63 ( 6 ): 912 -- 918 , June 1975 . D. W. Boettner and M. T. Alexander. The Michigan Terminal System. Proceedings of the IEEE, 63(6):912--918, June 1975.","journal-title":"The Michigan Terminal System. Proceedings of the IEEE"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/646405.692230"},{"key":"e_1_3_2_1_11_1","first-page":"9","volume-title":"USENIX ATC","author":"Boyd-Wickizer Silas","year":"2010","unstructured":"Silas Boyd-Wickizer and Nickolai Zeldovich . Tolerating malicious device drivers in Linux . In USENIX ATC , pages 9 -- 9 , 2010 . Silas Boyd-Wickizer and Nickolai Zeldovich. Tolerating malicious device drivers in Linux. In USENIX ATC, pages 9--9, 2010."},{"key":"e_1_3_2_1_12_1","volume-title":"Bromium micro-virtualization","year":"2010","unstructured":"Bromium. Bromium micro-virtualization , 2010 . http:\/\/www.bromium.com\/misc\/BromiumMicrovirtualization.pdf. Bromium. Bromium micro-virtualization, 2010. http:\/\/www.bromium.com\/misc\/BromiumMicrovirtualization.pdf."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/265924.265930"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629581"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451145"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.25"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103799.2103805"},{"key":"e_1_3_2_1_18_1","unstructured":"CloudLab testbed. http:\/\/cloudlab.us\/.  CloudLab testbed. http:\/\/cloudlab.us\/."},{"key":"e_1_3_2_1_19_1","volume-title":"Supervisor mode access prevention. https:\/\/lwn.net\/Articles\/517475\/","author":"Corbet Jonathan","year":"2012","unstructured":"Jonathan Corbet . Supervisor mode access prevention. https:\/\/lwn.net\/Articles\/517475\/ , 2012 . Jonathan Corbet. Supervisor mode access prevention. https:\/\/lwn.net\/Articles\/517475\/, 2012."},{"key":"e_1_3_2_1_20_1","volume-title":"Jonathan Walpole. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In USENIX Security Symposium","author":"Cowan Crispin","year":"1998","unstructured":"Crispin Cowan , Calton Pu , Dave Maier , Heather Hinton , and Jonathan Walpole. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In USENIX Security Symposium , 1998 . Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, and Jonathan Walpole. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In USENIX Security Symposium, 1998."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522714"},{"key":"e_1_3_2_1_22_1","unstructured":"DDEKit and DDE for linux. http:\/\/os.inf.tu-dresden.de\/ddekit\/.  DDEKit and DDE for linux. http:\/\/os.inf.tu-dresden.de\/ddekit\/."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/258915.258921"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30102-8_21"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522720"},{"key":"e_1_3_2_1_26_1","first-page":"75","volume-title":"Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI '06","author":"Erlingsson \u00dclfar","year":"2006","unstructured":"\u00dclfar Erlingsson , Mart\u00edn Abadi , Michael Vrable , Mihai Budiu , and George C. Necula . Xfi: Software guards for system address spaces . In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI '06 , pages 75 -- 88 , Berkeley, CA, USA , 2006 . USENIX Association. \u00dclfar Erlingsson, Mart\u00edn Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. Xfi: Software guards for system address spaces. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI '06, pages 75--88, Berkeley, CA, USA, 2006. USENIX Association."},{"key":"e_1_3_2_1_27_1","volume-title":"Techn","author":"Helmuth N.","year":"2007","unstructured":"Feske, N. and Helmuth , C . Design of the Bastei OS architecture . Techn . Univ., Fakult\u00e4t Informatik , 2007 . Feske, N. and Helmuth, C. Design of the Bastei OS architecture. Techn. Univ., Fakult\u00e4t Informatik, 2007."},{"key":"e_1_3_2_1_28_1","volume-title":"NSA Trusted Computing Conference","author":"Fischer Stephen","year":"2011","unstructured":"Stephen Fischer . Supervisor mode execution protection . NSA Trusted Computing Conference , 2011 . Stephen Fischer. Supervisor mode execution protection. NSA Trusted Computing Conference, 2011."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/268998.266642"},{"key":"e_1_3_2_1_30_1","volume-title":"Carnegie-Mellon University. Department of Computer Science","author":"Forin Alessandro","year":"1991","unstructured":"Alessandro Forin , David Golub , and Brian N Bershad . An I\/O system for Mach 3.0. Carnegie-Mellon University. Department of Computer Science , 1991 . Alessandro Forin, David Golub, and Brian N Bershad. An I\/O system for Mach 3.0. Carnegie-Mellon University. Department of Computer Science, 1991."},{"key":"e_1_3_2_1_31_1","volume-title":"1st Workshop on Operating System and Architectural Support for the on demand IT InfraStructure (OASIS)","author":"Fraser Keir","year":"2004","unstructured":"Keir Fraser , Steven Hand , Rolf Neugebauer , Ian Pratt , Andrew Warfield , and Mark Williamson . Safe hardware access with the Xen virtual machine monitor . In 1st Workshop on Operating System and Architectural Support for the on demand IT InfraStructure (OASIS) , 2004 . Keir Fraser, Steven Hand, Rolf Neugebauer, Ian Pratt, Andrew Warfield, and Mark Williamson. Safe hardware access with the Xen virtual machine monitor. In 1st Workshop on Operating System and Architectural Support for the on demand IT InfraStructure (OASIS), 2004."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346303"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1145\/945445.945464","volume-title":"SOSP","author":"Garfinkel Tal","year":"2003","unstructured":"Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , and Dan Boneh . Terra : a virtual machine-based platform for trusted computing . In SOSP , pages 193 -- 206 , 2003 . Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: a virtual machine-based platform for trusted computing. In SOSP, pages 193--206, 2003."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/566726.566751"},{"key":"e_1_3_2_1_35_1","first-page":"65","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Goel Shantanu","year":"1996","unstructured":"Shantanu Goel and Dan Duchamp . Linux device driver emulation in Mach . In Proceedings of the USENIX Annual Technical Conference , pages 65 -- 74 , 1996 . Shantanu Goel and Dan Duchamp. Linux device driver emulation in Mach. In Proceedings of the USENIX Annual Technical Conference, pages 65--74, 1996."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/645698.665603"},{"key":"e_1_3_2_1_37_1","unstructured":"Google. Fuchsia project. https:\/\/fuchsia.dev\/fuchsia-src\/getting_started.md.  Google. Fuchsia project. https:\/\/fuchsia.dev\/fuchsia-src\/getting_started.md."},{"key":"e_1_3_2_1_38_1","unstructured":"Google. Protocol buffers. https:\/\/developers.google.com\/protocol-buffers\/.  Google. Protocol buffers. https:\/\/developers.google.com\/protocol-buffers\/."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2248487.2151020"},{"key":"e_1_3_2_1_40_1","volume-title":"Iskios: Lightweight defense against kernel-level code-reuse attacks. arXiv preprint arXiv:1903.04654","author":"Gravani Spyridoula","year":"2019","unstructured":"Spyridoula Gravani , Mohammad Hedayati , John Criswell , and Michael L Scott . Iskios: Lightweight defense against kernel-level code-reuse attacks. arXiv preprint arXiv:1903.04654 , 2019 . Spyridoula Gravani, Mohammad Hedayati, John Criswell, and Michael L Scott. Iskios: Lightweight defense against kernel-level code-reuse attacks. arXiv preprint arXiv:1903.04654, 2019."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-62105-0_11"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251503.1251507"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2048066.2048134"},{"key":"e_1_3_2_1_44_1","volume-title":"TU Dresden","author":"H\u00e4rtig Hermann","year":"2003","unstructured":"Hermann H\u00e4rtig ,, Jork L\u00f6ser , Frank Mehnert , Lars Reuther , Martin Pohlack , and Alexander Warg . An I\/O architecture for microkernel-based operating systems. Technical report , TU Dresden , Dresden, Germany , 2003 . Hermann H\u00e4rtig,, Jork L\u00f6ser, Frank Mehnert, Lars Reuther, Martin Pohlack, and Alexander Warg. An I\/O architecture for microkernel-based operating systems. Technical report, TU Dresden, Dresden, Germany, 2003."},{"key":"e_1_3_2_1_45_1","first-page":"489","volume-title":"2019 USENIX Annual Technical Conference (USENIX ATC 19)","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati , Spyridoula Gravani , Ethan Johnson , John Criswell , Michael L. Scott , Kai Shen , and Mike Marty . Hodor : Intra-process isolation for high-throughput data plane libraries . In 2019 USENIX Annual Technical Conference (USENIX ATC 19) , pages 489 -- 504 , Renton, WA , July 2019 . USENIX Association. Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L. Scott, Kai Shen, and Mike Marty. Hodor: Intra-process isolation for high-throughput data plane libraries. In 2019 USENIX Annual Technical Conference (USENIX ATC 19), pages 489--504, Renton, WA, July 2019. USENIX Association."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1278901.1278904"},{"key":"e_1_3_2_1_47_1","volume-title":"Minix 3: A highly reliable, self-repairing operating system. ACM SIGOPS Operating Systems Review, 40(3):80--89","author":"Herder Jorrit N","year":"2006","unstructured":"Jorrit N Herder , Herbert Bos , Ben Gras , Philip Homburg , and Andrew S Tanenbaum . Minix 3: A highly reliable, self-repairing operating system. ACM SIGOPS Operating Systems Review, 40(3):80--89 , 2006 . Jorrit N Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S Tanenbaum. Minix 3: A highly reliable, self-repairing operating system. ACM SIGOPS Operating Systems Review, 40(3):80--89, 2006."},{"key":"e_1_3_2_1_48_1","first-page":"22","volume-title":"Proceedings of the 11th workshop on ACM SIGOPS European workshop","author":"Peter M.","unstructured":"Hohmuth, M. and Peter , M . and H\u00e4rtig, H. and Shapiro, J.S. Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors . In Proceedings of the 11th workshop on ACM SIGOPS European workshop , page 22 . ACM, 2004. Hohmuth, M. and Peter, M. and H\u00e4rtig, H. and Shapiro, J.S. Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors. In Proceedings of the 11th workshop on ACM SIGOPS European workshop, page 22. ACM, 2004."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_3_2_1_50_1","first-page":"255","volume-title":"Presented as part of the 2013 USENIX Annual Technical Conference (USENIX ATC'13)","author":"Hruby Tomas","year":"2013","unstructured":"Tomas Hruby , Herbert Bos , and Andrew S Tanenbaum . When slower is faster: On heterogeneous multicores for reliable systems . In Presented as part of the 2013 USENIX Annual Technical Conference (USENIX ATC'13) , pages 255 -- 266 , 2013 . Tomas Hruby, Herbert Bos, and Andrew S Tanenbaum. When slower is faster: On heterogeneous multicores for reliable systems. In Presented as part of the 2013 USENIX Annual Technical Conference (USENIX ATC'13), pages 255--266, 2013."},{"key":"e_1_3_2_1_51_1","first-page":"255","volume-title":"2018 USENIX Annual Technical Conference (USENIX ATC'18)","author":"Hua Zhichao","year":"2018","unstructured":"Zhichao Hua , Dong Du , Yubin Xia , Haibo Chen , and Binyu Zang . EPTI : Efficient defence against meltdown attack for unpatched vms . In 2018 USENIX Annual Technical Conference (USENIX ATC'18) , pages 255 -- 266 , 2018 . Zhichao Hua, Dong Du, Yubin Xia, Haibo Chen, and Binyu Zang. EPTI: Efficient defence against meltdown attack for unpatched vms. In 2018 USENIX Annual Technical Conference (USENIX ATC'18), pages 255--266, 2018."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1243418.1243424"},{"key":"e_1_3_2_1_53_1","unstructured":"INTEGRITY Real-Time Operating System. http:\/\/www.ghs.com\/products\/rtos\/integrity.html.  INTEGRITY Real-Time Operating System. http:\/\/www.ghs.com\/products\/rtos\/integrity.html."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243739"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"e_1_3_2_1_57_1","first-page":"147","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Kuznetsov Volodymyr","year":"2014","unstructured":"Volodymyr Kuznetsov , L\u00e1szl\u00f3 Szekeres , Mathias Payer , George Candea , R. Sekar , and Dawn Song . Code-pointer integrity . In USENIX Symposium on Operating Systems Design and Implementation (OSDI) , pages 147 -- 163 , 2014 . Volodymyr Kuznetsov, L\u00e1szl\u00f3 Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. Code-pointer integrity. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 147--163, 2014."},{"key":"e_1_3_2_1_58_1","first-page":"2","volume-title":"Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation -","volume":"6","author":"LeVasseur Joshua","year":"2004","unstructured":"Joshua LeVasseur , Volkmar Uhlig , Jan Stoess , and Stefan G\u00f6tz . Unmodified device driver reuse and improved system dependability via virtual machines . In Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation - Volume 6 , OSDI'04, pages 2 -- 2 , Berkeley, CA, USA , 2004 . USENIX Association. Joshua LeVasseur, Volkmar Uhlig, Jan Stoess, and Stefan G\u00f6tz. Unmodified device driver reuse and improved system dependability via virtual machines. In Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation - Volume 6, OSDI'04, pages 2--2, Berkeley, CA, USA, 2004. USENIX Association."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.5555\/2663392"},{"key":"e_1_3_2_1_60_1","volume-title":"Germany","author":"Liedtke Jochen","year":"1995","unstructured":"Jochen Liedtke . Improved address-space switching on Pentium processors by transparently multiplexing user address spaces. Technical report, GMD SET-RS, Schlo Birlinghoven, 53754 Sankt Augustin , Germany , 1995 . Jochen Liedtke. Improved address-space switching on Pentium processors by transparently multiplexing user address spaces. Technical report, GMD SET-RS, Schlo Birlinghoven, 53754 Sankt Augustin, Germany, 1995."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/122120.122124"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043568"},{"key":"e_1_3_2_1_65_1","volume-title":"verifiable binary sandboxing for a CISC architecture","author":"McCamant Stephen","year":"2005","unstructured":"Stephen McCamant and Greg Morrisett . Efficient , verifiable binary sandboxing for a CISC architecture . 2005 . Stephen McCamant and Greg Morrisett. Efficient, verifiable binary sandboxing for a CISC architecture. 2005."},{"key":"e_1_3_2_1_66_1","unstructured":"Mellanox. Connectx-6 single\/dual-port adapter supporting 200gb\/s with vpi. http:\/\/www.mellanox.com\/page\/products_dyn?product_family=265&mtag=connectx_6_vpi_card 2019.  Mellanox. Connectx-6 single\/dual-port adapter supporting 200gb\/s with vpi. http:\/\/www.mellanox.com\/page\/products_dyn?product_family=265&mtag=connectx_6_vpi_card 2019."},{"key":"e_1_3_2_1_67_1","volume-title":"Proc. NDSS","author":"Mettler Adrian","year":"2010","unstructured":"Adrian Mettler , David Wagner , and Tyler Close . Joe-E : A security-oriented subset ofJava . In Proc. NDSS , February-March 2010 . Adrian Mettler, David Wagner, and Tyler Close. Joe-E: A security-oriented subset ofJava. In Proc. NDSS, February-March 2010."},{"key":"e_1_3_2_1_68_1","first-page":"9","volume-title":"Proceedings of the Fourteenth EuroSys Conference","author":"Mi Zeyu","year":"2019","unstructured":"Zeyu Mi , Dingji Li , Zihan Yang , Xinran Wang , and Haibo Chen . Skybridge : Fast and secure inter-process communication for microkernels . In Proceedings of the Fourteenth EuroSys Conference 2019 , page 9 . ACM, 2019. Zeyu Mi, Dingji Li, Zihan Yang, Xinran Wang, and Haibo Chen. Skybridge: Fast and secure inter-process communication for microkernels. In Proceedings of the Fourteenth EuroSys Conference 2019, page 9. ACM, 2019."},{"key":"e_1_3_2_1_70_1","first-page":"1","volume-title":"Workshop on Memory Systems Performance and Correctness","author":"Daniel Hackenberg Daniel Molka","year":"2014","unstructured":"Daniel Molka Daniel Hackenberg , and Robert Sch\u00f6ne . Main memory and cache performance of Intel Sandy Bridge and AMD Bulldozer . In Workshop on Memory Systems Performance and Correctness , pages 4: 1 -- 4 :10, 2014 . Daniel Molka Daniel Hackenberg, and Robert Sch\u00f6ne. Main memory and cache performance of Intel Sandy Bridge and AMD Bulldozer. In Workshop on Memory Systems Performance and Correctness, pages 4:1--4:10, 2014."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/PACT.2009.22"},{"key":"e_1_3_2_1_72_1","volume-title":"2019 USENIX Annual Technical Conference (USENIX ATC 19)","author":"Narayanan Vikram","year":"2019","unstructured":"Vikram Narayanan , Abhiram Balasubramanian , Charlie Jacobsen , Sarah Spall , Scott Bauer , Michael Quigley , Aftab Hussain , Abdullah Younis , Junjie Shen , Moinak Bhattacharyya , and Anton Burtsev . LXDs : Towards isolation of kernel subsystems . In 2019 USENIX Annual Technical Conference (USENIX ATC 19) , 2019 . Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scott Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, and Anton Burtsev. LXDs : Towards isolation of kernel subsystems. In 2019 USENIX Annual Technical Conference (USENIX ATC 19), 2019."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522719"},{"key":"e_1_3_2_1_74_1","first-page":"241","volume-title":"2019 USENIX Annual Technical Conference (USENIX ATC 19)","author":"Park Soyeon","year":"2019","unstructured":"Soyeon Park , Sangho Lee , Wen Xu , HyunGon Moon , and Taesoo Kim . libmpk : Software abstraction for Intel Memory Protection Keys (Intel MPK) . In 2019 USENIX Annual Technical Conference (USENIX ATC 19) , pages 241 -- 254 , Renton, WA , July 2019 . USENIX Association. Soyeon Park, Sangho Lee, Wen Xu, HyunGon Moon, and Taesoo Kim. libmpk: Software abstraction for Intel Memory Protection Keys (Intel MPK). In 2019 USENIX Annual Technical Conference (USENIX ATC 19), pages 241--254, Renton, WA, July 2019. USENIX Association."},{"key":"e_1_3_2_1_75_1","unstructured":"Phoronix Test Suite: An automated open-source testing framework. http:\/\/www.phoronix-test-suite.com\/.  Phoronix Test Suite: An automated open-source testing framework. http:\/\/www.phoronix-test-suite.com\/."},{"key":"e_1_3_2_1_76_1","unstructured":"Octavian Purdila. Linux kernel library. https:\/\/lwn.net\/Articles\/662953\/.  Octavian Purdila. Linux kernel library. https:\/\/lwn.net\/Articles\/662953\/."},{"key":"e_1_3_2_1_77_1","volume-title":"USENIX Annual Technical Conference","author":"Renzelmann Matthew J","year":"2009","unstructured":"Matthew J Renzelmann and Michael M Swift . Decaf : Moving device drivers to a modern language . In USENIX Annual Technical Conference , 2009 . Matthew J Renzelmann and Michael M Swift. Decaf: Moving device drivers to a modern language. In USENIX Annual Technical Conference, 2009."},{"key":"e_1_3_2_1_78_1","volume-title":"December","author":"Ricci Robert","year":"2014","unstructured":"Robert Ricci , Eric Eide , and The CloudLab Team . Introducing Cloud-Lab: Scientific infrastructure for advancing cloud architectures and applications. USENIX ;login:, 39(6) , December 2014 . Robert Ricci, Eric Eide, and The CloudLab Team. Introducing Cloud-Lab: Scientific infrastructure for advancing cloud architectures and applications. USENIX ;login:, 39(6), December 2014."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_81_1","volume-title":"Adapting software fault isolation to contemporary CPU architectures","author":"Sehr David","year":"2010","unstructured":"David Sehr , Robert Muth , Cliff L Biffle , Victor Khimenko , Egor Pasko , Bennet Yee , Karl Schimpf , and Brad Chen . Adapting software fault isolation to contemporary CPU architectures . 2010 . David Sehr, Robert Muth, Cliff L Biffle, Victor Khimenko, Egor Pasko, Bennet Yee, Karl Schimpf, and Brad Chen. Adapting software fault isolation to contemporary CPU architectures. 2010."},{"key":"e_1_3_2_1_82_1","first-page":"1","volume-title":"OSDI","author":"Soares Livio","year":"2010","unstructured":"Livio Soares and Michael Stumm . FlexSC : flexible system call scheduling with exception-less system calls . In OSDI , pages 1 -- 8 , 2010 . Livio Soares and Michael Stumm. FlexSC: flexible system call scheduling with exception-less system calls. In OSDI, pages 1--8, 2010."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2013.6575348"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133373.1133393"},{"key":"e_1_3_2_1_85_1","unstructured":"Hajime Tazaki. An introduction of library operating system for Linux (LibOS). https:\/\/lwn.net\/Articles\/637658\/.  Hajime Tazaki. An introduction of library operating system for Linux (LibOS). https:\/\/lwn.net\/Articles\/637658\/."},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/2731186.2731189"},{"key":"e_1_3_2_1_87_1","first-page":"1221","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno O Duarte , Michael Sammler , Peter Druschel , and Deepak Garg . ERIM : Secure, efficient in-process isolation with protection keys (MPK) . In 28th USENIX Security Symposium (USENIX Security 19) , pages 1221 -- 1238 , 2019 . Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. ERIM: Secure, efficient in-process isolation with protection keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19), pages 1221--1238, 2019."},{"key":"e_1_3_2_1_88_1","unstructured":"Arjan van de Ven. New Security Enhancements in Red Hat Enterprise Linux v.8 update 3. https:\/\/static.redhat.com\/legacy\/f\/pdf\/rhel\/WHP0006US_Execshield.pdf.  Arjan van de Ven. New Security Enhancements in Red Hat Enterprise Linux v.8 update 3. https:\/\/static.redhat.com\/legacy\/f\/pdf\/rhel\/WHP0006US_Execshield.pdf."},{"key":"e_1_3_2_1_89_1","volume-title":"The Fluke device driver framework. Master's thesis","author":"Van Maren Kevin Thomas","year":"1999","unstructured":"Kevin Thomas Van Maren . The Fluke device driver framework. Master's thesis , The University of Utah , 1999 . Kevin Thomas Van Maren. The Fluke device driver framework. Master's thesis, The University of Utah, 1999."},{"key":"e_1_3_2_1_90_1","volume-title":"USA","author":"Wagner David A.","year":"1999","unstructured":"David A. Wagner . Janus : An approach for confinement of untrusted applications. Technical report, Berkeley, CA , USA , 1999 . David A. Wagner. Janus: An approach for confinement of untrusted applications. Technical report, Berkeley, CA, USA, 1999."},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855741.1855758"},{"key":"e_1_3_2_1_93_1","volume-title":"27th Usenix Security Symposium","author":"Wu Wei","year":"2018","unstructured":"Wei Wu , Yueqi Chen , Jun Xu , Xinyu Xing , Xiaorui Gong , and Wei Zou . FUZE : Towards facilitating exploit generation for kernel use-after-free vulnerabilities . In 27th Usenix Security Symposium , 2018 . Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, and Wei Zou. FUZE: Towards facilitating exploit generation for kernel use-after-free vulnerabilities. In 27th Usenix Security Symposium, 2018."},{"key":"e_1_3_2_1_94_1","first-page":"79","volume-title":"30th IEEE Symposium on Security and Privacy","author":"Yee Bennet","year":"2009","unstructured":"Bennet Yee , David Sehr , Gregory Dardyk , J Bradley Chen , Robert Muth , Tavis Ormandy , Shiki Okasaka , Neha Narula , and Nicholas Fullagar . Native client : A sandbox for portable, untrusted x86 native code . In 30th IEEE Symposium on Security and Privacy , pages 79 -- 93 , 2009 . Bennet Yee, David Sehr, Gregory Dardyk, J Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. Native client: A sandbox for portable, untrusted x86 native code. In 30th IEEE Symposium on Security and Privacy, pages 79--93, 2009."}],"event":{"name":"VEE '20: 16th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments","location":"Lausanne Switzerland","acronym":"VEE '20","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 16th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3381052.3381328","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3381052.3381328","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3381052.3381328","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:59Z","timestamp":1750203899000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3381052.3381328"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,17]]},"references-count":91,"alternative-id":["10.1145\/3381052.3381328","10.1145\/3381052"],"URL":"https:\/\/doi.org\/10.1145\/3381052.3381328","relation":{},"subject":[],"published":{"date-parts":[[2020,3,17]]},"assertion":[{"value":"2020-03-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}