{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T13:06:34Z","timestamp":1770987994942,"version":"3.50.1"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2021,9,29]],"date-time":"2021-09-29T00:00:00Z","timestamp":1632873600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"name":"DARPA under the System Security Integrated Through Hardware and Firmware (SSITH) program","award":["HR0011-18-C-0011"],"award-info":[{"award-number":["HR0011-18-C-0011"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["J. Emerg. Technol. Comput. Syst."],"published-print":{"date-parts":[[2022,1,31]]},"abstract":"<jats:p>We present Secure Compartments Automatically Learned and Protected by Execution using Lightweight metadata (SCALPEL), a tool for automatically deriving compartmentalization policies and lowering them to a tagged architecture for hardware-accelerated enforcement. SCALPEL allows a designer to explore high-quality points in the privilege-reduction vs. performance overhead tradeoff space using analysis tools and a detailed knowledge of the target architecture to make best use of the available hardware. SCALPEL automatically implements hundreds of compartmentalization strategies across the privilege-performance tradeoff space, all without manual tagging or code restructuring. SCALPEL uses two novel optimizations for achieving highly performant policies: the first is an algorithm for packing policies into working sets of rules for favorable rule cache characteristics, and the second is a rule prefetching system that allows it to exploit the highly predictable nature of compartmentalization rules. To create policies, SCALPEL introduces a quantitative privilege metric (the Overprivilege Ratio) that is used to drive its algorithmic compartment generation. We implement SCALPEL on a FreeRTOS stack and target a tag-extended RISC-V core. Our results show that SCALPEL-created policies can reduce overprivilege by orders of magnitude with hundreds of logical compartments while imposing low overheads (&lt;5%).<\/jats:p>","DOI":"10.1145\/3461673","type":"journal-article","created":{"date-parts":[[2021,9,29]],"date-time":"2021-09-29T19:16:42Z","timestamp":1632943002000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["SCALPEL: Exploring the Limits of Tag-enforced Compartmentalization"],"prefix":"10.1145","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9298-8444","authenticated-orcid":false,"given":"Nick","family":"Roessler","sequence":"first","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9177-7699","authenticated-orcid":false,"given":"Andr\u00e9","family":"DeHon","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,9,29]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00013"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-009-5103-0"},{"key":"e_1_2_1_3_1","unstructured":"Anmibe. 2010. CPU Features: Non-Executable Memory. Retrieved from https:\/\/wiki.ubuntu.com\/Security\/CPUFeatures.  Anmibe. 2010. CPU Features: Non-Executable Memory. Retrieved from https:\/\/wiki.ubuntu.com\/Security\/CPUFeatures."},{"key":"e_1_2_1_4_1","unstructured":"ARM. 2016. TrustZone technology for ARM v8-M Architecture. Retrieved from https:\/\/developer.arm.com\/documentation\/100690\/latest\/.  ARM. 2016. TrustZone technology for ARM v8-M Architecture. Retrieved from https:\/\/developer.arm.com\/documentation\/100690\/latest\/."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.55"},{"key":"e_1_2_1_7_1","unstructured":"Ian Beer. [n.d.]. An iOS zero-click radio proximity exploit odyssey. Retrieved from https:\/\/googleprojectzero.blogspot.com\/2020\/12\/an-ios-zero-click-radio-proximity.html.  Ian Beer. [n.d.]. An iOS zero-click radio proximity exploit odyssey. Retrieved from https:\/\/googleprojectzero.blogspot.com\/2020\/12\/an-ios-zero-click-radio-proximity.html."},{"key":"e_1_2_1_8_1","unstructured":"Ian Beer. 2019. In-the-wild iOS Exploit Chain 1. Retrieved from https:\/\/googleprojectzero.blogspot.com\/2019\/08\/in-wild-ios-exploit-chain-1.html.  Ian Beer. 2019. In-the-wild iOS Exploit Chain 1. Retrieved from https:\/\/googleprojectzero.blogspot.com\/2019\/08\/in-wild-ios-exploit-chain-1.html."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/1387589.1387611"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1394608.1382153"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/3277203.3277210"},{"key":"e_1_2_1_12_1","volume-title":"curl: command line tool and library. Retrieved","author":"The","year":"2020","unstructured":"The curl project. [n.d.]. curl: command line tool and library. Retrieved 15 Oct , 2020 from https:\/\/curl.se\/. The curl project. [n.d.]. curl: command line tool and library. Retrieved 15 Oct, 2020 from https:\/\/curl.se\/."},{"key":"e_1_2_1_13_1","volume-title":"Transparent Computing. Retrieved","author":"DARPA.","year":"2020","unstructured":"DARPA. [n.d.]. Transparent Computing. Retrieved 1 Oct , 2020 from https:\/\/www.darpa.mil\/program\/transparent-computing. DARPA. [n.d.]. Transparent Computing. Retrieved 1 Oct, 2020 from https:\/\/www.darpa.mil\/program\/transparent-computing."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/2354410.2355153"},{"key":"e_1_2_1_15_1","volume-title":"CVE Details: Libxml2 Vulnerability Statistics. Retrieved","author":"Details CVE","year":"2020","unstructured":"CVE Details . [n.d.]. CVE Details: Libxml2 Vulnerability Statistics. Retrieved 5 Oct , 2020 from https:\/\/www.cvedetails.com\/product\/3311\/Xmlsoft-Libxml2.html?vendor_id=1962. CVE Details. [n.d.]. CVE Details: Libxml2 Vulnerability Statistics. Retrieved 5 Oct, 2020 from https:\/\/www.cvedetails.com\/product\/3311\/Xmlsoft-Libxml2.html?vendor_id=1962."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435264.2435298"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786763.2694383"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_5"},{"key":"e_1_2_1_19_1","volume-title":"Dovecot Mail Server. Retrieved","year":"2020","unstructured":"Dovecot. [n.d.]. Dovecot Mail Server. Retrieved 12 Oct , 2020 from https:\/\/github.com\/dovecot\/core. Dovecot. [n.d.]. Dovecot Mail Server. Retrieved 12 Oct, 2020 from https:\/\/github.com\/dovecot\/core."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522720"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/143371.143493"},{"key":"e_1_2_1_22_1","volume-title":"The MONDIAL Database. Retrieved","author":"Institute for Informatics Georg-August-Universitat Gottingen. 1999.","year":"2020","unstructured":"Institute for Informatics Georg-August-Universitat Gottingen. 1999. The MONDIAL Database. Retrieved 25 Oct , 2020 from https:\/\/www.dbis.informatik.uni-goettingen.de\/Mondial. Institute for Informatics Georg-August-Universitat Gottingen. 1999. The MONDIAL Database. Retrieved 25 Oct, 2020 from https:\/\/www.dbis.informatik.uni-goettingen.de\/Mondial."},{"key":"e_1_2_1_23_1","volume-title":"The LLVM Compiler Infrastructure. Retrieved from","author":"Foundation LLVM","year":"2020","unstructured":"LLVM Foundation . [n.d.]. The LLVM Compiler Infrastructure. Retrieved from 4 Oct , 2020 https:\/\/llvm.org\/. LLVM Foundation. [n.d.]. The LLVM Compiler Infrastructure. Retrieved from 4 Oct, 2020 https:\/\/llvm.org\/."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2014.6835922"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813611"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"e_1_2_1_27_1","volume-title":"MultiZone Security Reference Manual. HEX-Five. Retrieved on","year":"2020","unstructured":"HEX-Five. 2020. MultiZone Security Reference Manual. HEX-Five. Retrieved on 14 Oct , 2020 from https:\/\/github.com\/hex-five\/multizone-sdk\/blob\/master\/manual.pdf. HEX-Five. 2020. MultiZone Security Reference Manual. HEX-Five. Retrieved on 14 Oct, 2020 from https:\/\/github.com\/hex-five\/multizone-sdk\/blob\/master\/manual.pdf."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978327"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23107"},{"key":"e_1_2_1_30_1","volume-title":"Hope-tools Github Repository. Retrieved","author":"Laboratory Draper","year":"2019","unstructured":"Draper Laboratory . [n.d.]. Hope-tools Github Repository. Retrieved 1 June , 2019 from https:\/\/github.com\/draperlaboratory\/hope-src. Draper Laboratory. [n.d.]. Hope-tools Github Repository. Retrieved 1 June, 2019 from https:\/\/github.com\/draperlaboratory\/hope-src."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/224057.224075"},{"key":"e_1_2_1_32_1","volume-title":"Arm Cortex-A53 Specification. Retrieved","author":"Limited Arm","year":"2020","unstructured":"Arm Limited . 2013. Arm Cortex-A53 Specification. Retrieved 5 Oct , 2020 from https:\/\/developer.arm.com\/ip-products\/processors\/cortex-a\/cortex-a53. Arm Limited. 2013. Arm Cortex-A53 Specification. Retrieved 5 Oct, 2020 from https:\/\/developer.arm.com\/ip-products\/processors\/cortex-a\/cortex-a53."},{"key":"e_1_2_1_33_1","volume-title":"ARMv8-M Architecture Reference Manual. Retrieved","author":"Limited Arm","year":"2020","unstructured":"Arm Limited . 2016. ARMv8-M Architecture Reference Manual. Retrieved 6 Oct , 2020 from https:\/\/developer.arm.com\/documentation\/ddi0553\/ab\/. Arm Limited. 2016. ARMv8-M Architecture Reference Manual. Retrieved 6 Oct, 2020 from https:\/\/developer.arm.com\/documentation\/ddi0553\/ab\/."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354218"},{"key":"e_1_2_1_35_1","unstructured":"Canonical Ltd.[n.d.]. AppArmor. Retrieved 11 Sept 2020 from https:\/\/wiki.ubuntu.com\/AppArmor.  Canonical Ltd.[n.d.]. AppArmor. Retrieved 11 Sept 2020 from https:\/\/wiki.ubuntu.com\/AppArmor."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2907071"},{"key":"e_1_2_1_37_1","volume-title":"Introduction to SPARC M7 and Application Data Integrity (ADI). Retrieved","year":"2019","unstructured":"Oracle. [n.d.]. Introduction to SPARC M7 and Application Data Integrity (ADI). Retrieved 3 Dec , 2019 from https:\/\/swisdev.oracle.com\/_files\/What-Is-ADI.html. Oracle. [n.d.]. Introduction to SPARC M7 and Application Data Integrity (ADI). Retrieved 3 Dec, 2019 from https:\/\/swisdev.oracle.com\/_files\/What-Is-ADI.html."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.61"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064216"},{"key":"e_1_2_1_40_1","volume-title":"The XML C Parser and toolkit of Gnome. Retrieved","author":"Project The GNOME","year":"2020","unstructured":"The GNOME Project . [n.d.]. The XML C Parser and toolkit of Gnome. Retrieved 4 Oct , 2020 from http:\/\/www.xmlsoft.org\/. The GNOME Project. [n.d.]. The XML C Parser and toolkit of Gnome. Retrieved 4 Oct, 2020 from http:\/\/www.xmlsoft.org\/."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/800216.806593"},{"key":"e_1_2_1_42_1","unstructured":"Nick Roessler. 2018. Exploiting LaTeX with CVE-2018-17407. Retrieved from https:\/\/nickroessler.com\/latex-cve-2018-17407\/.  Nick Roessler. 2018. Exploiting LaTeX with CVE-2018-17407. Retrieved from https:\/\/nickroessler.com\/latex-cve-2018-17407\/."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00066"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_2_1_46_1","unstructured":"NXP Semiconductors. 2018. NXP Selects Dover Microsystems\u2019 State-of-the-Art CoreGuard Cybersecurity Technology for Future Embedded Platforms. Retrieved from https:\/\/media.nxp.com\/news-releases\/news-release-details\/nxp-selects-dover-microsystems-state-art-coreguard-cybersecurity.  NXP Semiconductors. 2018. NXP Selects Dover Microsystems\u2019 State-of-the-Art CoreGuard Cybersecurity Technology for Future Embedded Platforms. Retrieved from https:\/\/media.nxp.com\/news-releases\/news-release-details\/nxp-selects-dover-microsystems-state-art-coreguard-cybersecurity."},{"key":"e_1_2_1_47_1","volume-title":"HTTP Web Server Example. Retrieved","author":"Services Amazon Web","year":"2020","unstructured":"Amazon Web Services . [n.d.]. HTTP Web Server Example. Retrieved 30 Sept , 2020 from https:\/\/freertos.org\/FreeRTOS-Plus\/FreeRTOS_Plus_TCP\/HTTP_web_Server.html. Amazon Web Services. [n.d.]. HTTP Web Server Example. Retrieved 30 Sept, 2020 from https:\/\/freertos.org\/FreeRTOS-Plus\/FreeRTOS_Plus_TCP\/HTTP_web_Server.html."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2003.1261391"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2013.474"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2017.7943502"},{"key":"e_1_2_1_52_1","volume-title":"Workshop on Foundations of Computer Security. 1\u201314","author":"Tsampas Stylianos","year":"2017","unstructured":"Stylianos Tsampas , Akram El-Korashy , Marco Patrignani , Dominique Devriese , Deepak Garg , and Frank Piessens . 2017 . Towards automatic compartmentalization of C programs on capability machines . In Workshop on Foundations of Computer Security. 1\u201314 . Stylianos Tsampas, Akram El-Korashy, Marco Patrignani, Dominique Devriese, Deepak Garg, and Frank Piessens. 2017. Towards automatic compartmentalization of C programs on capability machines. In Workshop on Foundations of Computer Security. 1\u201314."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2016.84"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095814"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2678373.2665740"}],"container-title":["ACM Journal on Emerging Technologies in Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3461673","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3461673","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:49:05Z","timestamp":1750193345000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3461673"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,29]]},"references-count":52,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1,31]]}},"alternative-id":["10.1145\/3461673"],"URL":"https:\/\/doi.org\/10.1145\/3461673","relation":{},"ISSN":["1550-4832","1550-4840"],"issn-type":[{"value":"1550-4832","type":"print"},{"value":"1550-4840","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,29]]},"assertion":[{"value":"2020-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-09-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}