{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T00:08:39Z","timestamp":1755907719569,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,12,6]],"date-time":"2022-12-06T00:00:00Z","timestamp":1670284800000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1916393"],"award-info":[{"award-number":["CNS-1916393"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,12,6]]},"DOI":"10.1145\/3485832.3488019","type":"proceedings-article","created":{"date-parts":[[2021,12,6]],"date-time":"2021-12-06T13:42:32Z","timestamp":1638798152000},"page":"646-659","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["FlexFilt: Towards Flexible Instruction Filtering for Security"],"prefix":"10.1145","author":[{"given":"Leila","family":"Delshadtehrani","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Boston University, United States of America"}]},{"given":"Sadullah","family":"Canakci","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Boston University, USA"}]},{"given":"William","family":"Blair","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Boston University, USA"}]},{"given":"Manuel","family":"Egele","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Boston University, United States of America"}]},{"given":"Ajay","family":"Joshi","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Boston University, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,12,6]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Amazon. 2020. The top 500 sites on the web. [online] https:\/\/www.alexa.com\/topsites."},{"key":"e_1_3_2_1_2_1","unstructured":"Krste Asanovic Rimas Avizienis Jonathan Bachrach Scott Beamer David Biancolin Christopher Celio Henry Cook Daniel Dabbelt John Hauser Adam Izraelevitz 2016. The Rocket Chip generator. EECS Department UCB Tech. Rep. UCB\/EECS-2016-17 (2016)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660350"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23009"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2228360.2228584"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23300"},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI). 335\u2013348","author":"Belay Adam","year":"2012","unstructured":"Adam Belay, Andrea Bittau, Ali Mashtizadeh, David Terei, David Mazi\u00e8res, and Christos Kozyrakis. 2012. Dune: Safe user-level access to privileged CPU features. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI). 335\u2013348."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2015.12"},{"key":"e_1_3_2_1_9_1","unstructured":"BU-ICSG. 2020. PHMon. [online] https:\/\/github.com\/bu-icsg\/PHMon."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.12"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/859618.859660"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.55"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2003.1191529"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Leila Delshadtehrani Sadullah Canakci Manuel Egele and Ajay Joshi. 2020. Sealable Protection Keys for RISC-V. arXiv preprint arXiv:2012.02715(2020).","DOI":"10.23919\/DATE51398.2021.9473932"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.23919\/DATE51398.2021.9473932"},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of USENIX Security Symposium (Security). 807\u2013824","author":"Delshadtehrani Leila","year":"2020","unstructured":"Leila Delshadtehrani, Sadullah Canakci, Boyou Zhou, Schuyler Eldridge, Ajay Joshi, and Manuel Egele. 2020. PHMon: A programmable hardware monitor and its security use cases. In Proceedings of USENIX Security Symposium (Security). 807\u2013824."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/LCA.2017.2784416"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2010.17"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2012.6263925"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694383"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of USENIX Security Symposium (Security). 131\u2013148","author":"Ding Ren","year":"2017","unstructured":"Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. 2017. Efficient protection of path-sensitive control security. In Proceedings of USENIX Security Symposium (Security). 131\u2013148."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/12.931892"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134037"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of USENIX Security Symposium (Security). 83\u201397","author":"Frassetto Tommaso","year":"2018","unstructured":"Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2018. IMIX: In-Process Memory Isolation EXtension. In Proceedings of USENIX Security Symposium (Security). 83\u201397."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3037697.3037716"},{"key":"e_1_3_2_1_26_1","unstructured":"Google. 2020. The Chromium Projects. [online] https:\/\/www.chromium.org\/Home."},{"key":"e_1_3_2_1_27_1","unstructured":"Google. 2020. What is V8?[online] https:\/\/v8.dev\/."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2896451"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2150976.2150994"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of USENIX Annual Technical Conference (ATC). 401\u2013417","author":"Gu Jinyu","year":"2020","unstructured":"Jinyu Gu, Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, and Haibo Chen. 2020. Harmonizing performance and isolation in Microkernels with efficient intra-kernel isolation and communication. In Proceedings of USENIX Annual Technical Conference (ATC). 401\u2013417."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029830"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of USENIX Annual Technical Conference (ATC). 489\u2013504","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael\u00a0L Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-process isolation for high-throughput data plane libraries. In Proceedings of USENIX Annual Technical Conference (ATC). 489\u2013504."},{"key":"e_1_3_2_1_33_1","volume-title":"SPEC CPU2000: measuring CPU performance in the new millennium. Computer 33","author":"Henning L","year":"2000","unstructured":"John\u00a0L Henning. 2000. SPEC CPU2000: measuring CPU performance in the new millennium. Computer 33, 7 (2000)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1186736.1186737"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243797"},{"key":"e_1_3_2_1_36_1","unstructured":"Yannis Juglaret Catalin Hritcu Arthur\u00a0Azevedo de Amorim Benjamin\u00a0C Pierce Antal Spector-Zabusky and Andrew Tolmach. 2015. Towards a fully abstract compiler using Micro-Policies: Secure compilation for mutually distrustful components. arXiv preprint arXiv:1510.00697(2015)."},{"volume-title":"OpenMZ: a C implementation of the MultiZone API. Master\u2019s thesis. School of Electrical Engineering and Computer Science (EECS)","author":"Karlsson Henrik","key":"e_1_3_2_1_37_1","unstructured":"Henrik Karlsson. 2020. OpenMZ: a C implementation of the MultiZone API. Master\u2019s thesis. School of Electrical Engineering and Computer Science (EECS), KTH Royal Institute of Technology."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3400302.3415727"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"e_1_3_2_1_41_1","volume-title":"Code-Pointer Integrity. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI). 147\u2013163","author":"Kuznetsov Volodymyr","year":"2014","unstructured":"Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI). 147\u2013163."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387532"},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the International Workshop on Secure RISC-V Architecture Design Exploration (SECRISC-V).","author":"Lindemer Samuel","year":"2020","unstructured":"Samuel Lindemer, Gustav Mid\u00e9us, and Shahid Raza. 2020. Real-time Thread Isolation and Trusted Execution on Embedded RISC-V. In Proceedings of the International Workshop on Secure RISC-V Architecture Design Exploration (SECRISC-V)."},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI). 49\u201364","author":"Litton James","year":"2016","unstructured":"James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-weight contexts: An OS abstraction for safety and performance. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI). 49\u201364."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2017.18"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"e_1_3_2_1_47_1","unstructured":"Microsoft. 2020. ChakraCore. [online] https:\/\/github.com\/Microsoft\/ChakraCore."},{"key":"e_1_3_2_1_48_1","unstructured":"Mozilla. 2020. SpiderMonkey: The Mozilla JavaScript runtime. [online] https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Projects\/SpiderMonkey."},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of USENIX Annual Technical Conference (ATC). 241\u2013254","author":"Park Soyeon","year":"2019","unstructured":"Soyeon Park, Sangho Lee, Wen Xu, HyunGon Moon, and Taesoo Kim. 2019. libmpk: Software abstraction for Intel Memory Protection Keys (Intel MPK). In Proceedings of USENIX Annual Technical Conference (ATC). 241\u2013254."},{"key":"e_1_3_2_1_50_1","unstructured":"ARM. 2009. ARM security technology building a secure system using TrustZone technology. [online] http:\/\/infocenter.arm.com\/help\/topic\/com.arm.doc.prd29-genc-009492c\/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf."},{"key":"e_1_3_2_1_51_1","unstructured":"ARM. 2018. ARM Architecture Reference Manual ARMv7-A and ARMv7-R edition. (2018)."},{"key":"e_1_3_2_1_52_1","unstructured":"Digilent\u2019s ZedBoard Zynq FPGA. 2020. Development board documentation. [online] http:\/\/www.digilentinc.com\/Products\/Detail.cfm?Prod=ZEDBOARD\/."},{"key":"e_1_3_2_1_53_1","unstructured":"Hex-Five. 2020. MultiZone Hex Five Security. [online] https:\/\/hex-five.com\/."},{"key":"e_1_3_2_1_54_1","unstructured":"IBM Corporation. 2017. Power ISA version 3.0b. (2017)."},{"key":"e_1_3_2_1_55_1","unstructured":"Intel Corporation. 2019. Intel 64 and IA-32 Architectures Software Developers Manual. (2019)."},{"key":"e_1_3_2_1_56_1","unstructured":"RISC-V. 2021. RISC-V Proxy Kernel and Boot Loader. [online] https:\/\/github.com\/riscv\/riscv-pk."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00066"},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of USENIX Security Symposium (Security). 1677\u20131694","author":"Schrammel David","year":"2020","unstructured":"David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain Keys\u2013Efficient In-Process Isolation for RISC-V and x86. In Proceedings of USENIX Security Symposium (Security). 1677\u20131694."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2018.00058"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304060"},{"key":"e_1_3_2_1_61_1","volume-title":"Proceedings of USENIX Security Symposium (Security). 1221\u20131238","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno\u00a0O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In Proceedings of USENIX Security Symposium (Security). 1221\u20131238."},{"key":"e_1_3_2_1_62_1","unstructured":"Andrew Waterman Krste Asanovic and SiFive Inc.2019. The RISC-V instruction set manual volume i: unprivileged ISA Document Version 20191213. Technical Report."},{"key":"e_1_3_2_1_63_1","unstructured":"Andrew Waterman Krste Asanovic and SiFive Inc.2019. The RISC-V Instruction Set Manual Volume II: Privileged Architecture Document Version 20190608-Priv-MSU-Ratified. Technical Report."},{"key":"e_1_3_2_1_64_1","unstructured":"Andrew Waterman Yunsup Lee David\u00a0A Patterson and Krste Asanovic. 2011. The RISC-V instruction set manual volume i: Base user-level ISA. UCB Tech. Rep. UCB\/EECS-2011-62(2011)."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2018.00045"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA45697.2020.00062"},{"key":"e_1_3_2_1_67_1","volume-title":"Proceedings of USENIX Security Symposium (Security). 1219\u20131236","author":"Zhou Jie","year":"2020","unstructured":"Jie Zhou, Yufei Du, Zhuojia Shen, Lele Ma, John Criswell, and Robert\u00a0J Walls. 2020. Silhouette: Efficient protected shadow stacks for embedded systems. In Proceedings of USENIX Security Symposium (Security). 1219\u20131236."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028176.1006720"}],"event":{"name":"ACSAC '21: Annual Computer Security Applications Conference","acronym":"ACSAC '21","location":"Virtual Event USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485832.3488019","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485832.3488019","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485832.3488019","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T19:17:25Z","timestamp":1755890245000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485832.3488019"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,6]]},"references-count":68,"alternative-id":["10.1145\/3485832.3488019","10.1145\/3485832"],"URL":"https:\/\/doi.org\/10.1145\/3485832.3488019","relation":{},"subject":[],"published":{"date-parts":[[2021,12,6]]},"assertion":[{"value":"2021-12-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}