{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T17:42:23Z","timestamp":1770226943902,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,6]],"date-time":"2021-10-06T00:00:00Z","timestamp":1633478400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["HR0011-18-C-0011, HR001119S0089-AMP-FP-034"],"award-info":[{"award-number":["HR0011-18-C-0011, HR001119S0089-AMP-FP-034"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1513687, TWC-1513854, CNS-1801601, CNS-16-57534, CNS-17-50024, CNS-2008867"],"award-info":[{"award-number":["CNS-1513687, TWC-1513854, CNS-1801601, CNS-16-57534, CNS-17-50024, CNS-2008867"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["BAAN00014-17-S-B010"],"award-info":[{"award-number":["BAAN00014-17-S-B010"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["StG 850868"],"award-info":[{"award-number":["StG 850868"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,6]]},"DOI":"10.1145\/3471621.3471839","type":"proceedings-article","created":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T14:50:46Z","timestamp":1633618246000},"page":"296-311","source":"Crossref","is-referenced-by-count":16,"title":["\u03bcSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts"],"prefix":"10.1145","author":[{"given":"Nick","family":"Roessler","sequence":"first","affiliation":[{"name":"University of Pennsylvania, USA"}]},{"given":"Lucas","family":"Atayde","sequence":"additional","affiliation":[{"name":"Rice University, USA"}]},{"given":"Imani","family":"Palmer","sequence":"additional","affiliation":[{"name":"Null Hat Security, USA"}]},{"given":"Derrick","family":"McKee","sequence":"additional","affiliation":[{"name":"Purdue University, USA"}]},{"given":"Jai","family":"Pandey","sequence":"additional","affiliation":[{"name":"Nvidia, USA"}]},{"given":"Vasileios P.","family":"Kemerlis","sequence":"additional","affiliation":[{"name":"Brown University, USA"}]},{"given":"Mathias","family":"Payer","sequence":"additional","affiliation":[{"name":"EPFL, Switzerland"}]},{"given":"Adam","family":"Bates","sequence":"additional","affiliation":[{"name":"University of Illinois, US"}]},{"given":"Jonathan M.","family":"Smith","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, US"}]},{"given":"Andre","family":"DeHon","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, United States"}]},{"given":"Nathan","family":"Dautenhahn","sequence":"additional","affiliation":[{"name":"Rice University, US"}]}],"member":"320","published-online":{"date-parts":[[2021,10,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. The Linux Kernel Open Source Project on Open Hub. https:\/\/www.openhub.net\/p\/linux.  [n.d.]. The Linux Kernel Open Source Project on Open Hub. https:\/\/www.openhub.net\/p\/linux."},{"key":"e_1_3_2_1_2_1","unstructured":"[n.d.]. SELinux Project. https:\/\/selinuxproject.org\/.  [n.d.]. SELinux Project. https:\/\/selinuxproject.org\/."},{"key":"e_1_3_2_1_3_1","unstructured":"2018. Linux Test Project. https:\/\/linux-test-project.github.io.  2018. Linux Test Project. https:\/\/linux-test-project.github.io."},{"key":"e_1_3_2_1_4_1","unstructured":"2018. perf: Linux profiling with performance counters. https:\/\/perf.wiki.kernel.org\/index.php\/Main_Page.  2018. perf: Linux profiling with performance counters. https:\/\/perf.wiki.kernel.org\/index.php\/Main_Page."},{"key":"e_1_3_2_1_5_1","unstructured":"2018. Phoronix Test Suite. https:\/\/www.phoronix-test-suite.com.  2018. Phoronix Test Suite. https:\/\/www.phoronix-test-suite.com."},{"key":"e_1_3_2_1_6_1","volume-title":"Proc. USENIX. 93\u2013112","author":"Accetta Mike","year":"1986","unstructured":"Mike Accetta , Robert Baron , William Bolosky , David Golub , Richard Rashid , Avadis Tevanian , and Michael Young . 1986 . Mach: A New Kernel Foundation for UNIX Development . In Proc. USENIX. 93\u2013112 . Mike Accetta, Robert Baron, William Bolosky, David Golub, Richard Rashid, Avadis Tevanian, and Michael Young. 1986. Mach: A New Kernel Foundation for UNIX Development. In Proc. USENIX. 93\u2013112."},{"key":"e_1_3_2_1_7_1","volume-title":"NP-hardness of Euclidean sum-of-squares clustering. Machine Learning 75, 2 (01","author":"Aloise Daniel","year":"2009","unstructured":"Daniel Aloise , Amit Deshpande , Pierre Hansen , and Preyas Popat . 2009. NP-hardness of Euclidean sum-of-squares clustering. Machine Learning 75, 2 (01 May 2009 ), 245\u2013248. https:\/\/doi.org\/10.1007\/s10994-009-5103-0 Daniel Aloise, Amit Deshpande, Pierre Hansen, and Preyas Popat. 2009. NP-hardness of Euclidean sum-of-squares clustering. Machine Learning 75, 2 (01 May 2009), 245\u2013248. https:\/\/doi.org\/10.1007\/s10994-009-5103-0"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"V.R. Basili and B.T. Perricone. 1984. Software Errors and Complexity: An Empirical Investigation. (1984) 42\u201352.  V.R. Basili and B.T. Perricone. 1984. Software Errors and Complexity: An Empirical Investigation. (1984) 42\u201352.","DOI":"10.1145\/69605.2085"},{"key":"e_1_3_2_1_10_1","unstructured":"Ian Beer. 2020. An iOS zero-click radio proximity exploit odyssey. https:\/\/googleprojectzero.blogspot.com\/2020\/12\/an-ios-zero-click-radio-proximity.html?m=1.  Ian Beer. 2020. An iOS zero-click radio proximity exploit odyssey. https:\/\/googleprojectzero.blogspot.com\/2020\/12\/an-ios-zero-click-radio-proximity.html?m=1."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3265723.3265733"},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation(NSDI\u201908)","author":"Bittau Andrea","year":"2008","unstructured":"Andrea Bittau , Petr Marchenko , Mark Handley , and Brad Karp . 2008 . Wedge: Splitting Applications into Reduced-Privilege Compartments . In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation(NSDI\u201908) . USENIX Association, Berkeley, CA, USA, 309\u2013322. Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-Privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation(NSDI\u201908). USENIX Association, Berkeley, CA, USA, 309\u2013322."},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 13th Conference on USENIX Security Symposium -","volume":"5","author":"Brumley David","year":"2004","unstructured":"David Brumley and Dawn Song . 2004 . Privtrans: Automatically Partitioning Programs for Privilege Separation . In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13(SSYM\u201904). USENIX Association, Berkeley, CA, USA, 5\u2013 5 . David Brumley and Dawn Song. 2004. Privtrans: Automatically Partitioning Programs for Privilege Separation. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13(SSYM\u201904). USENIX Association, Berkeley, CA, USA, 5\u20135."},{"key":"e_1_3_2_1_14_1","volume-title":"Shreds: Fine-Grained Execution Units with Private Memory. In IEEE Symposium on Security and Privacy, SP 2016","author":"Chen Yaohui","year":"2016","unstructured":"Yaohui Chen , Sebassujeen Reymondjohnson , Zhichuang Sun , and Long Lu . 2016 . Shreds: Fine-Grained Execution Units with Private Memory. In IEEE Symposium on Security and Privacy, SP 2016 , San Jose, CA, USA , May 22-26, 2016. IEEE Computer Society, 56\u201371. https:\/\/doi.org\/10.1109\/SP.2016.12 Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, and Long Lu. 2016. Shreds: Fine-Grained Execution Units with Private Memory. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016. IEEE Computer Society, 56\u201371. https:\/\/doi.org\/10.1109\/SP.2016.12"},{"key":"e_1_3_2_1_15_1","volume-title":"ACES: Automatic Compartments for Embedded Systems. In 27th USENIX Security Symposium (USENIX Security","author":"Clements A.","year":"2018","unstructured":"Abraham\u00a0 A. Clements , Naif\u00a0Saleh Almakhdhub , Saurabh Bagchi , and Mathias Payer . 2018 . ACES: Automatic Compartments for Embedded Systems. In 27th USENIX Security Symposium (USENIX Security 2018). USENIX Association, 65\u201382. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/clements Abraham\u00a0A. Clements, Naif\u00a0Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer. 2018. ACES: Automatic Compartments for Embedded Systems. In 27th USENIX Security Symposium (USENIX Security 2018). USENIX Association, 65\u201382. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/clements"},{"key":"e_1_3_2_1_16_1","unstructured":"Intel Corporation. [n.d.]. 4.10.1 Paging Modes and Control Bits. https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/manuals\/64-ia-32-architectures-software-developer-vol-3a-part-1-manual.pdf  Intel Corporation. [n.d.]. 4.10.1 Paging Modes and Control Bits. https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/manuals\/64-ia-32-architectures-software-developer-vol-3a-part-1-manual.pdf"},{"key":"e_1_3_2_1_17_1","unstructured":"Intel Corporation. [n.d.]. Intel 64 and IA-32 Architectures Optimization Reference Manual.  Intel Corporation. [n.d.]. Intel 64 and IA-32 Architectures Optimization Reference Manual."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294295"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786763.2694386"},{"key":"e_1_3_2_1_20_1","unstructured":"David Howells. [n.d.]. Credentials in Linux. https:\/\/www.kernel.org\/doc\/Documentation\/security\/credentials.txt.  David Howells. [n.d.]. Credentials in Linux. https:\/\/www.kernel.org\/doc\/Documentation\/security\/credentials.txt."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346295"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786763.2694383"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_5"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Petros Efstathopoulos Maxwell Krohn Steve VanDeBogart Cliff Frey David Ziegler Eddie Kohler David Mazieres Frans Kaashoek and Robert Morris. 2005. Labels and event processes in the Asbestos operating system. In ACM SIGOPS Operating Systems Review Vol.\u00a039. ACM 17\u201330.  Petros Efstathopoulos Maxwell Krohn Steve VanDeBogart Cliff Frey David Ziegler Eddie Kohler David Mazieres Frans Kaashoek and Robert Morris. 2005. Labels and event processes in the Asbestos operating system. In ACM SIGOPS Operating Systems Review Vol.\u00a039. ACM 17\u201330.","DOI":"10.1145\/1095809.1095813"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522720"},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 7th symposium on Operating systems design and implementation. USENIX Association, 75\u201388","author":"Erlingsson Ulfar","year":"2006","unstructured":"Ulfar Erlingsson , Mart\u00edn Abadi , Michael Vrable , Mihai Budiu , and George\u00a0 C. Necula . 2006 . XFI: Software guards for system address spaces . In Proceedings of the 7th symposium on Operating systems design and implementation. USENIX Association, 75\u201388 . Ulfar Erlingsson, Mart\u00edn Abadi, Michael Vrable, Mihai Budiu, and George\u00a0C. Necula. 2006. XFI: Software guards for system address spaces. In Proceedings of the 7th symposium on Operating systems design and implementation. USENIX Association, 75\u201388."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).","author":"Ghosn Adrien","year":"2020","unstructured":"Adrien Ghosn , Marios Kogias , Mathias Payer , James\u00a0 R. Larus , and Edouard Bugnion . 2020 . Enclosure: language-based restriction of untrusted libraries . In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Adrien Ghosn, Marios Kogias, Mathias Payer, James\u00a0R. Larus, and Edouard Bugnion. 2020. Enclosure: language-based restriction of untrusted libraries. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS)."},{"key":"e_1_3_2_1_28_1","volume-title":"Automated Whitebox Fuzz Testing. In The Network and and Distributed System Security Symposium NDSS.","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid , Michael\u00a0 Y Levin , and David Molnar . 2008 . Automated Whitebox Fuzz Testing. In The Network and and Distributed System Security Symposium NDSS. Patrice Godefroid, Michael\u00a0Y Levin, and David Molnar. 2008. Automated Whitebox Fuzz Testing. In The Network and and Distributed System Security Symposium NDSS."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813611"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/52.582978"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the","author":"Hecht M.S.","year":"1987","unstructured":"M.S. Hecht , M.E. Carson , C.S. Chandersekaran , R.S. Chapman , L.J. Dotterer , V.D. Gligor , W.D. Jiang , A. Johri , G.L. Luckenbaugh , and N. Vasudevan . 1987. UNIX without the Superuser . In Proceedings of the Summer 1987 USENIX Conference. USENIX Association. M.S. Hecht, M.E. Carson, C.S. Chandersekaran, R.S. Chapman, L.J. Dotterer, V.D. Gligor, W.D. Jiang, A. Johri, G.L. Luckenbaugh, and N. Vasudevan. 1987. UNIX without the Superuser. In Proceedings of the Summer 1987 USENIX Conference. USENIX Association."},{"key":"e_1_3_2_1_33_1","volume-title":"Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In 2019 USENIX Annual Technical Conference (USENIX ATC 19)","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati , Spyridoula Gravani , Ethan Johnson , John Criswell , Michael\u00a0 L. Scott , Kai Shen , and Mike Marty . 2019 . Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In 2019 USENIX Annual Technical Conference (USENIX ATC 19) . 489\u2013504. Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael\u00a0L. Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). 489\u2013504."},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security(CCS \u201916)","author":"Ching-Hsiang Hsu Terry","year":"2016","unstructured":"Terry Ching-Hsiang Hsu , Kevin Hoffman , Patrick Eugster , and Mathias Payer . 2016 . Enforcing Least Privilege Memory Views for Multithreaded Applications . In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security(CCS \u201916) . Association for Computing Machinery, Vienna, Austria, 393\u2013405. https:\/\/doi.org\/10.1145\/2976749.2978327 Terry Ching-Hsiang Hsu, Kevin Hoffman, Patrick Eugster, and Mathias Payer. 2016. Enforcing Least Privilege Memory Views for Multithreaded Applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security(CCS \u201916). Association for Computing Machinery, Vienna, Austria, 393\u2013405. https:\/\/doi.org\/10.1145\/2976749.2978327"},{"key":"e_1_3_2_1_35_1","volume-title":"Enforcing Least Privilege Memory Views for Multithreaded Applications. In ACM Conf on Computer and Communication Security. https:\/\/doi.org\/10","author":"Ching-Hsiang Hsu Terry","year":"2016","unstructured":"Terry Ching-Hsiang Hsu , Kevin Hoffman , Patrick Eugster , and Mathias Payer . 2016 . Enforcing Least Privilege Memory Views for Multithreaded Applications. In ACM Conf on Computer and Communication Security. https:\/\/doi.org\/10 .1145\/2976749.2978327 Terry Ching-Hsiang Hsu, Kevin Hoffman, Patrick Eugster, and Mathias Payer. 2016. Enforcing Least Privilege Memory Views for Multithreaded Applications. In ACM Conf on Computer and Communication Security. https:\/\/doi.org\/10.1145\/2976749.2978327"},{"key":"e_1_3_2_1_36_1","volume-title":"Limiting the Damage Potential of Discretionary Trojan Horses. In 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society","author":"Karger A.","year":"1987","unstructured":"Paul\u00a0 A. Karger . 1987 . Limiting the Damage Potential of Discretionary Trojan Horses. In 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society , Los Alamitos, CA, USA, 32. https:\/\/doi.org\/10.1109\/SP. 1987.10011 Paul\u00a0A. Karger. 1987. Limiting the Damage Potential of Discretionary Trojan Horses. In 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, USA, 32. https:\/\/doi.org\/10.1109\/SP.1987.10011"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the FREENIX Track: 2003 USENIX Annual Technical Conference","author":"Kilpatrick Douglas","year":"2003","unstructured":"Douglas Kilpatrick . 2003 . Privman: A Library for Partitioning Applications . In Proceedings of the FREENIX Track: 2003 USENIX Annual Technical Conference , June 9-14, 2003, San Antonio, Texas, USA. 273\u2013284. Douglas Kilpatrick. 2003. Privman: A Library for Partitioning Applications. In Proceedings of the FREENIX Track: 2003 USENIX Annual Technical Conference, June 9-14, 2003, San Antonio, Texas, USA. 273\u2013284."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"e_1_3_2_1_40_1","unstructured":"Andre Konovalov. [n.d.]. Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem. https:\/\/www.openwall.com\/lists\/oss-security\/2018\/08\/09\/6  Andre Konovalov. [n.d.]. Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem. https:\/\/www.openwall.com\/lists\/oss-security\/2018\/08\/09\/6"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/775265.775268"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2749469.2750406"},{"key":"e_1_3_2_1_43_1","volume-title":"International Symposium on Computer Architecture (ISCA). 375\u2013387","author":"Li W.","unstructured":"W. Li , Y. Xia , H. Chen , B. Zang , and H. Guan . 2015. Reducing world switches in virtualized environment with flexible cross-world calls . In International Symposium on Computer Architecture (ISCA). 375\u2013387 . https:\/\/doi.org\/10.1145\/2749469.2750406 W. Li, Y. Xia, H. Chen, B. Zang, and H. Guan. 2015. Reducing world switches in virtualized environment with flexible cross-world calls. In International Symposium on Computer Architecture (ISCA). 375\u2013387. https:\/\/doi.org\/10.1145\/2749469.2750406"},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation.","author":"Litton James","year":"2016","unstructured":"James Litton , Anjo Vahldiek-Oberwagner , Eslam Elnikety , Deepak Garg , Bobby Bhattacharjee , and Peter Druschel . 2016 . Light-weight Contexts: An OS Abstraction for Safety and Performance . In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation. James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-weight Contexts: An OS Abstraction for Safety and Performance. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134066"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354218"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354218"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043568"},{"key":"e_1_3_2_1_50_1","unstructured":"Mark\u00a0Samuel Miller. 2006. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. Ph.D. Dissertation. Johns Hopkins University Baltimore MD USA. AAI3245526.  Mark\u00a0Samuel Miller. 2006. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. Ph.D. Dissertation. Johns Hopkins University Baltimore MD USA. AAI3245526."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2004.1317450"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3381052.3381328"},{"key":"e_1_3_2_1_53_1","volume-title":"The Multics System: An Examination of Its Structure","author":"Organick I.","unstructured":"Elliott\u00a0 I. Organick . 1972. The Multics System: An Examination of Its Structure . MIT Press , Cambridge, MA, USA . Elliott\u00a0I. Organick. 1972. The Multics System: An Examination of Its Structure. MIT Press, Cambridge, MA, USA."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.61"},{"key":"e_1_3_2_1_55_1","volume-title":"Proc. of EuroSys. 420\u2013436","author":"Pomonis Marios","year":"2017","unstructured":"Marios Pomonis , Theofilos Petsios , Angelos\u00a0 D. Keromytis , Michalis Polychronakis , and Vasileios\u00a0 P. Kemerlis . 2017 . kR2303X: Comprehensive Kernel Protection against Just-In-Time Code Reuse . In Proc. of EuroSys. 420\u2013436 . Marios Pomonis, Theofilos Petsios, Angelos\u00a0D. Keromytis, Michalis Polychronakis, and Vasileios\u00a0P. Kemerlis. 2017. kR2303X: Comprehensive Kernel Protection against Just-In-Time Code Reuse. In Proc. of EuroSys. 420\u2013436."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium -","volume":"16","author":"Provos Niels","year":"2003","unstructured":"Niels Provos , Markus Friedl , and Peter Honeyman . 2003 . Preventing Privilege Escalation . In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12(SSYM\u201903). USENIX Association, Berkeley, CA, USA, 16\u2013 16 . Niels Provos, Markus Friedl, and Peter Honeyman. 2003. Preventing Privilege Escalation. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12(SSYM\u201903). USENIX Association, Berkeley, CA, USA, 16\u201316."},{"key":"e_1_3_2_1_59_1","volume-title":"Proceedings of the Eighth ACM Symposium on Operating Systems Principles","author":"F.","unstructured":"Richard\u00a0 F. Rashid and George\u00a0G. Robertson. 1981. Accent: A Communication Oriented Network Operating System Kernel . In Proceedings of the Eighth ACM Symposium on Operating Systems Principles ( Pacific Grove, California, USA) (SOSP \u201981). ACM, New York, NY, USA, 64\u201375. https:\/\/doi.org\/10.1145\/800216.806593 Richard\u00a0F. Rashid and George\u00a0G. Robertson. 1981. Accent: A Communication Oriented Network Operating System Kernel. In Proceedings of the Eighth ACM Symposium on Operating Systems Principles (Pacific Grove, California, USA) (SOSP \u201981). ACM, New York, NY, USA, 64\u201375. https:\/\/doi.org\/10.1145\/800216.806593"},{"key":"e_1_3_2_1_60_1","unstructured":"Rick. 2018. Never-Ending Security: eBPF and Analysis of the Get-Rekt-Linux-Hardened.c Exploit for CVE-2017-16995.  Rick. 2018. Never-Ending Security: eBPF and Analysis of the Get-Rekt-Linux-Hardened.c Exploit for CVE-2017-16995."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3456727.3463767"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/361268.361275"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_31"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"e_1_3_2_1_66_1","unstructured":"Tsuna. 2010. How long does it take to make a context switch?https:\/\/blog.tsunanet.net\/2010\/11\/how-long-does-it-take-to-make-context.html. https:\/\/blog.tsunanet.net\/2010\/11\/how-long-does-it-take-to-make-context.html  Tsuna. 2010. How long does it take to make a context switch?https:\/\/blog.tsunanet.net\/2010\/11\/how-long-does-it-take-to-make-context.html. https:\/\/blog.tsunanet.net\/2010\/11\/how-long-does-it-take-to-make-context.html"},{"key":"e_1_3_2_1_67_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno\u00a0 O. Duarte , Michael Sammler , Peter Druschel , and Deepak Garg . 2019 . ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK) . In 28th USENIX Security Symposium (USENIX Security 19) . USENIX Association, Santa Clara, CA, 1221\u20131238. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/vahldiek-oberwagner Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno\u00a0O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1221\u20131238. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/vahldiek-oberwagner"},{"key":"e_1_3_2_1_68_1","volume-title":"Efficient In-Process Isolation with Protection Keys ({MPK}). In 28th {USENIX} Security Symposium ({USENIX} Security 19). 1221\u20131238.","author":"Vahldiek-Oberwagner Anjo","unstructured":"Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno\u00a0 O. Duarte , Michael Sammler , Peter Druschel , and Deepak Garg . 2019. {ERIM} : Secure , Efficient In-Process Isolation with Protection Keys ({MPK}). In 28th {USENIX} Security Symposium ({USENIX} Security 19). 1221\u20131238. Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno\u00a0O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. {ERIM}: Secure, Efficient In-Process Isolation with Protection Keys ({MPK}). In 28th {USENIX} Security Symposium ({USENIX} Security 19). 1221\u20131238."},{"key":"e_1_3_2_1_69_1","volume-title":"Flexible Application Compartmentalization. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Vasilakis Nikos","year":"2018","unstructured":"Nikos Vasilakis , Ben Karel , Nick Roessler , Nathan Dautenhahn , Andr\u00e9 DeHon , and Jonathan\u00a0 M. Smith . 2018 . BreakApp: Automated , Flexible Application Compartmentalization. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018 , San Diego, California, USA , February 18-21, 2018. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2018\/02\/ndss2018_08-3_Vasilakis_paper.pdf Nikos Vasilakis, Ben Karel, Nick Roessler, Nathan Dautenhahn, Andr\u00e9 DeHon, and Jonathan\u00a0M. Smith. 2018. BreakApp: Automated, Flexible Application Compartmentalization. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2018\/02\/ndss2018_08-3_Vasilakis_paper.pdf"},{"key":"e_1_3_2_1_70_1","volume-title":"USENIX Security Symposium, Vol.\u00a046","author":"Watson NM","year":"2010","unstructured":"Robert\u00a0 NM Watson , Jonathan Anderson , Ben Laurie , and Kris Kennaway . 2010 . Capsicum: Practical Capabilities for UNIX .. In USENIX Security Symposium, Vol.\u00a046 . 2. Robert\u00a0NM Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway. 2010. Capsicum: Practical Capabilities for UNIX.. In USENIX Security Symposium, Vol.\u00a046. 2."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2016.84"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095814"},{"key":"e_1_3_2_1_73_1","volume-title":"Practical Control Flow Integrity & Randomization for Binary Executables. In IEEE Symposium on Security and Privacy. http:\/\/bitblaze.cs.berkeley.edu\/papers\/CCFIR-oakland-CR.pdf","author":"Zhang Chao","year":"2013","unstructured":"Chao Zhang , Tao Wei , Zhaofeng Chen , Lei Duan , Laszlo Szekeres , Stephen McCamant , Dawn Song , and Wei Zou . 2013 . Practical Control Flow Integrity & Randomization for Binary Executables. In IEEE Symposium on Security and Privacy. http:\/\/bitblaze.cs.berkeley.edu\/papers\/CCFIR-oakland-CR.pdf Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical Control Flow Integrity & Randomization for Binary Executables. In IEEE Symposium on Security and Privacy. http:\/\/bitblaze.cs.berkeley.edu\/papers\/CCFIR-oakland-CR.pdf"}],"event":{"name":"RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses","location":"San Sebastian Spain","acronym":"RAID '21"},"container-title":["24th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471839","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471839","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471839","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:48Z","timestamp":1750195488000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471839"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,6]]},"references-count":72,"alternative-id":["10.1145\/3471621.3471839","10.1145\/3471621"],"URL":"https:\/\/doi.org\/10.1145\/3471621.3471839","relation":{},"subject":[],"published":{"date-parts":[[2021,10,6]]}}}