{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,25]],"date-time":"2026-04-25T08:39:22Z","timestamp":1777106362479,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":75,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,3,28]],"date-time":"2022-03-28T00:00:00Z","timestamp":1648425600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1718252, CNS-1730689, REU-1757964, CNS-1763612"],"award-info":[{"award-number":["CNS-1718252, CNS-1730689, REU-1757964, CNS-1763612"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,3,28]]},"DOI":"10.1145\/3492321.3519553","type":"proceedings-article","created":{"date-parts":[[2022,3,28]],"date-time":"2022-03-28T14:28:18Z","timestamp":1648477698000},"page":"644-662","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Isolating functions at the hardware limit with virtines"],"prefix":"10.1145","author":[{"given":"Nicholas C.","family":"Wanninger","sequence":"first","affiliation":[{"name":"Northwestern University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joshua J.","family":"Bowden","sequence":"additional","affiliation":[{"name":"Illinois Institute of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kirtankumar","family":"Shetty","sequence":"additional","affiliation":[{"name":"Illinois Institute of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ayush","family":"Garg","sequence":"additional","affiliation":[{"name":"Illinois Institute of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kyle C.","family":"Hale","sequence":"additional","affiliation":[{"name":"Illinois Institute of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,3,28]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Chrome Sandbox - Linux Implementation Details. Retrieved","year":"2021","unstructured":"[n.d.]. Chrome Sandbox - Linux Implementation Details. Retrieved May 3, 2021 from https:\/\/chromium.googlesource.com\/chromium\/src\/+\/master\/docs\/linux\/sandboxing.md [n.d.]. Chrome Sandbox - Linux Implementation Details. Retrieved May 3, 2021 from https:\/\/chromium.googlesource.com\/chromium\/src\/+\/master\/docs\/linux\/sandboxing.md"},{"key":"e_1_3_2_1_2_1","unstructured":"2009. CVE-2009-2555. Available from MITRE CVE-ID CVE-2009-2555.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009-2555  2009. CVE-2009-2555. Available from MITRE CVE-ID CVE-2009-2555.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009-2555"},{"key":"e_1_3_2_1_3_1","unstructured":"2009. CVE-2009-2935. Available from MITRE CVE-ID CVE-2009-2935.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009-2935  2009. CVE-2009-2935. Available from MITRE CVE-ID CVE-2009-2935.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009-2935"},{"key":"e_1_3_2_1_4_1","unstructured":"2009. CVE-2014-0160. Available from MITRE CVE-ID CVE-2014-0160.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0160  2009. CVE-2014-0160. Available from MITRE CVE-ID CVE-2014-0160.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0160"},{"key":"e_1_3_2_1_5_1","unstructured":"2009. CVE-2018-18342. Available from MITRE CVE-ID CVE-2018-18342.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-18342  2009. CVE-2018-18342. Available from MITRE CVE-ID CVE-2018-18342.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-18342"},{"key":"e_1_3_2_1_6_1","unstructured":"2009. CVE-2018-6056. Available from MITRE CVE-ID CVE-2018-6056.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6056  2009. CVE-2018-6056. Available from MITRE CVE-ID CVE-2018-6056.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6056"},{"key":"e_1_3_2_1_7_1","unstructured":"2009. CVE-2021-3156. Available from MITRE CVE-ID CVE-2021-3156.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3156  2009. CVE-2021-3156. Available from MITRE CVE-ID CVE-2021-3156.. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3156"},{"key":"e_1_3_2_1_8_1","unstructured":"2017. CVE-2009-2555. Available from NVD CVE-ID CVE-2017-2505.. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-2505  2017. CVE-2009-2555. Available from NVD CVE-ID CVE-2017-2505.. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-2505"},{"key":"e_1_3_2_1_9_1","unstructured":"2018. Newlib. Retrieved May 20 2020 from https:\/\/sourceware.org\/newlib\/  2018. Newlib. Retrieved May 20 2020 from https:\/\/sourceware.org\/newlib\/"},{"key":"e_1_3_2_1_10_1","unstructured":"2022. Duktape Javascript Engine. https:\/\/duktape.org\/  2022. Duktape Javascript Engine. https:\/\/duktape.org\/"},{"key":"e_1_3_2_1_11_1","unstructured":"2022. Procedural Languages in PostgreSQL. https:\/\/www.postgresql.org\/docs\/13\/external-pl.html  2022. Procedural Languages in PostgreSQL. https:\/\/www.postgresql.org\/docs\/13\/external-pl.html"},{"key":"e_1_3_2_1_12_1","unstructured":"2022. Solo5. https:\/\/github.com\/Solo5\/solo5  2022. Solo5. https:\/\/github.com\/Solo5\/solo5"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI '20)","author":"Agache Alexandru","year":"2020","unstructured":"Alexandru Agache , Marc Brooker , Alexandra Iordache , Anthony Liguori , Rolf Neugebauer , Phil Piwonka , and Diana-Maria Popa . 2020 . Firecracker: Lightweight Virtualization for Serverless Applications . In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI '20) . USENIX Association, Santa Clara, CA, 419--434. https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/agache Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI '20). USENIX Association, Santa Clara, CA, 419--434. https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/agache"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3276488"},{"key":"e_1_3_2_1_15_1","volume-title":"AMD64 Architecture Programmer's Manual Volume 2: Systems Programming","author":"AMD Corporation 2016.","unstructured":"AMD Corporation 2016. AMD64 Architecture Programmer's Manual Volume 2: Systems Programming . AMD Corporation . AMD Corporation 2016. AMD64 Architecture Programmer's Manual Volume 2: Systems Programming. AMD Corporation."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2465351.2465375"},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI '12)","author":"Belay Adam","year":"2012","unstructured":"Adam Belay , Andrea Bittau , Ali Mashtizadeh , David Terei , David Mazi\u00e8res , and Christos Kozyrakis . 2012 . Dune: Safe User-level Access to Privileged CPU Features . In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI '12) . 335--348. Adam Belay, Andrea Bittau, Ali Mashtizadeh, David Terei, David Mazi\u00e8res, and Christos Kozyrakis. 2012. Dune: Safe User-level Access to Privileged CPU Features. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI '12). 335--348."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/800217.806609"},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation","author":"Bittau Andrea","year":"2008","unstructured":"Andrea Bittau , Petr Marchenko , Mark Handley , and Brad Karp . 2008 . Wedge: Splitting Applications into Reduced-Privilege Compartments . In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation ( San Francisco, California) (NSDI '08). USENIX Association, 309--322. https:\/\/www.usenix.org\/conference\/nsdi-08\/wedge-splitting-applications-reduced-privilege-compartments Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-Privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (San Francisco, California) (NSDI '08). USENIX Association, 309--322. https:\/\/www.usenix.org\/conference\/nsdi-08\/wedge-splitting-applications-reduced-privilege-compartments"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3392698"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3037697.3037725"},{"key":"e_1_3_2_1_23_1","unstructured":"cloudflare [n.d.]. How Workers Works. https:\/\/developers.cloudflare.com\/workers\/learning\/how-workers-works. Accessed 2021-05-01.  cloudflare [n.d.]. How Workers Works. https:\/\/developers.cloudflare.com\/workers\/learning\/how-workers-works. Accessed 2021-05-01."},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security '20)","author":"Connor R. Joseph","year":"2020","unstructured":"R. Joseph Connor , Tyler McDaniel , Jared M. Smith , and Max Schuchard . 2020 . PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems . In Proceedings of the 29th USENIX Security Symposium (USENIX Security '20) . USENIX Association, USA, 1409--1426. R. Joseph Connor, Tyler McDaniel, Jared M. Smith, and Max Schuchard. 2020. PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In Proceedings of the 29th USENIX Security Symposium (USENIX Security '20). USENIX Association, USA, 1409--1426."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694386"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378512"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446728"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Ghosn Adrien","year":"2019","unstructured":"Adrien Ghosn , James R. Larus , and Edouard Bugnion . 2019 . Secured Routines: Language-based Construction of Trusted Execution Environments . In Proceedings of the USENIX Annual Technical Conference ( Renton, WA, USA) (USENIX ATC '19). USENIX Association, 571586. http:\/\/www.usenix.org\/conference\/atc19\/presentation\/ghosn Adrien Ghosn, James R. Larus, and Edouard Bugnion. 2019. Secured Routines: Language-based Construction of Trusted Execution Environments. In Proceedings of the USENIX Annual Technical Conference (Renton, WA, USA) (USENIX ATC '19). USENIX Association, 571586. http:\/\/www.usenix.org\/conference\/atc19\/presentation\/ghosn"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/276304.276339"},{"key":"e_1_3_2_1_30_1","unstructured":"Google Inc. 2021. Google Cloud Hypervisor. Retrieved January 1 2020 from https:\/\/github.com\/cloud-hypervisor\/cloud-hypervisor  Google Inc. 2021. Google Cloud Hypervisor. Retrieved January 1 2020 from https:\/\/github.com\/cloud-hypervisor\/cloud-hypervisor"},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 11th International Conference on Autonomic Computing","author":"Kyle","unstructured":"Kyle C. Hale and Peter A. Dinda. 2014. Guarded Modules: Adaptively Extending the VMM's Privilege Into the Guest . In Proceedings of the 11th International Conference on Autonomic Computing ( Philadelphia, PA) (ICAC '14). USENIX Association, 85--96. https:\/\/www.usenix.org\/conference\/icac14\/technical-sessions\/presentation\/hale Kyle C. Hale and Peter A. Dinda. 2014. Guarded Modules: Adaptively Extending the VMM's Privilege Into the Guest. In Proceedings of the 11th International Conference on Autonomic Computing (Philadelphia, PA) (ICAC '14). USENIX Association, 85--96. https:\/\/www.usenix.org\/conference\/icac14\/technical-sessions\/presentation\/hale"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX ATC '19)","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati , Spyridoula Gravani , Ethan Johnson , John Criswell , Michael L. Scott , Kai Shen , and Mike Marty . 2019 . Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries . In Proceedings of the USENIX Annual Technical Conference (USENIX ATC '19) . USENIX Association, Renton, WA, 489--504. https:\/\/www.usenix.org\/conference\/atc19\/presentation\/hedayati-hodor Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L. Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC '19). USENIX Association, Renton, WA, 489--504. https:\/\/www.usenix.org\/conference\/atc19\/presentation\/hedayati-hodor"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978327"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1243418.1243424"},{"key":"e_1_3_2_1_35_1","volume-title":"The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization. arXiv:2108.03705 [cs.CR]","author":"Im Bumjin","year":"2021","unstructured":"Bumjin Im , Fangfei Yang , Chia-Che Tsai , Michael LeMay , Anjo Vahldiek-Oberwagner , and Nathan Dautenhahn . 2021 . The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization. arXiv:2108.03705 [cs.CR] Bumjin Im, Fangfei Yang, Chia-Che Tsai, Michael LeMay, Anjo Vahldiek-Oberwagner, and Nathan Dautenhahn. 2021. The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization. arXiv:2108.03705 [cs.CR]"},{"key":"e_1_3_2_1_36_1","volume-title":"Intel\u00ae Software Guard Extensions SDK for Linux OS","author":"Intel Corporation 2017.","unstructured":"Intel Corporation 2017. Intel\u00ae Software Guard Extensions SDK for Linux OS . Intel Corporation . Intel Corporation 2017. Intel\u00ae Software Guard Extensions SDK for Linux OS. Intel Corporation."},{"key":"e_1_3_2_1_37_1","volume-title":"Intel\u00ae 64 and IA-32 Architectures Software Developer's Manual","author":"Intel Corporation 2021.","unstructured":"Intel Corporation 2021. Intel\u00ae 64 and IA-32 Architectures Software Developer's Manual Volume 3 (3A, 3B & 3C): System Programming Guide. Intel Corporation . Intel Corporation 2021. Intel\u00ae 64 and IA-32 Architectures Software Developer's Manual Volume 3 (3A, 3B & 3C): System Programming Guide. Intel Corporation."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation","author":"Kalia Anuj","year":"2019","unstructured":"Anuj Kalia , Michael Kaminsky , and David Andersen . 2019 . Datacenter RPCs can be General and Fast . In Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation ( Boston, MA) (NSDI '19). USENIX Association, 1--16. https:\/\/www.usenix.org\/conference\/nsdi19\/presentation\/kalia Anuj Kalia, Michael Kaminsky, and David Andersen. 2019. Datacenter RPCs can be General and Fast. In Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation (Boston, MA) (NSDI '19). USENIX Association, 1--16. https:\/\/www.usenix.org\/conference\/nsdi19\/presentation\/kalia"},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 2014 USENIX Annual Technical Conference (USENIX ATC '14).","author":"Kivity Avi","year":"2014","unstructured":"Avi Kivity , Dor Laor , Glauber Costa , Pekka Enberg , Nadav Har'El , Don Marti , and Vlad Zolotarov . 2014 . OSv---Optimizing the Operating System for Virtual Machines . In Proceedings of the 2014 USENIX Annual Technical Conference (USENIX ATC '14). Avi Kivity, Dor Laor, Glauber Costa, Pekka Enberg, Nadav Har'El, Don Marti, and Vlad Zolotarov. 2014. OSv---Optimizing the Operating System for Virtual Machines. In Proceedings of the 2014 USENIX Annual Technical Conference (USENIX ATC '14)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3102980.3103008"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3447786.3456248"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387526"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS.2010.5470482"},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the 30th International Conference on Architecture of Computing Systems (ARCS '17)","author":"Lankes Stefan","year":"2017","unstructured":"Stefan Lankes , Simon Pickartz , and Jens Brietbart . 2017 . A Low Noise Unikernel for Extreme-Scale Systems . In Proceedings of the 30th International Conference on Architecture of Computing Systems (ARCS '17) . Stefan Lankes, Simon Pickartz, and Jens Brietbart. 2017. A Low Noise Unikernel for Extreme-Scale Systems. In Proceedings of the 30th International Conference on Architecture of Computing Systems (ARCS '17)."},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX ATC '17)","author":"Lind Joshua","year":"2017","unstructured":"Joshua Lind , Christian Priebe , Divya Muthukumaran , Dan O'Keeffe , Pierre-Louis Aublin , Florian Kelbert , Tobias Reiher , David Goltzsche , David Eyers , R\u00fcdiger Kapitza , Christof Fetzer , and Peter Pietzuch . 2017 . Glamdring: Automatic Application Partitioning for Intel SGX . In Proceedings of the USENIX Annual Technical Conference (USENIX ATC '17) . USENIX Association, Santa Clara, CA, 285--298. https:\/\/www.usenix.org\/conference\/atc17\/technical-sessions\/presentation\/lind Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, R\u00fcdiger Kapitza, Christof Fetzer, and Peter Pietzuch. 2017. Glamdring: Automatic Application Partitioning for Intel SGX. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC '17). USENIX Association, Santa Clara, CA, 285--298. https:\/\/www.usenix.org\/conference\/atc17\/technical-sessions\/presentation\/lind"},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security '18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Anders Fogh , Jann Horn , Stefan Mangard , Paul Kocher , Daniel Genkin , Yuval Yarom , and Mike Hamburg . 2018 . Meltdown: Reading Kernel Memory from User Space . In Proceedings of the 27th USENIX Security Symposium (USENIX Security '18) . USENIX Association, Baltimore, MD, 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the 27th USENIX Security Symposium (USENIX Security '18). USENIX Association, Baltimore, MD, 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp"},{"key":"e_1_3_2_1_48_1","volume-title":"Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation","author":"Litton James","year":"2016","unstructured":"James Litton , Anjo Vahldiek-Oberwagner , Eslam Elnikety , Deepak Garg , Bobby Bhattacharjee , and Peter Druschel . 2016 . Light-Weight Contexts: An OS Abstraction for Safety and Performance . In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation ( Savannah, GA) (OSDI '16). USENIX Association, 49--64. https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/litton James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (Savannah, GA) (OSDI '16). USENIX Association, 49--64. https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/litton"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3322789.3328742"},{"key":"e_1_3_2_1_50_1","volume-title":"In 19th Network and Distributed System Security Symposium (NDSS '12","author":"Liu Lei","year":"2012","unstructured":"Lei Liu , Xinwen Zhang , Vuclip Inc , Guanhua Yan , and Songqing Chen . 2012 . Chrome extensions: Threat analysis and countermeasures . In In 19th Network and Distributed System Security Symposium (NDSS '12 . Lei Liu, Xinwen Zhang, Vuclip Inc, Guanhua Yan, and Songqing Chen. 2012. Chrome extensions: Threat analysis and countermeasures. In In 19th Network and Distributed System Security Symposium (NDSS '12."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"e_1_3_2_1_52_1","volume-title":"Retrieved","year":"2022","unstructured":"locust [n.d.]. Locust : An open source load testing tool . Retrieved February 20, 2022 from https:\/\/locust.io\/ locust [n.d.]. Locust: An open source load testing tool. Retrieved February 20, 2022 from https:\/\/locust.io\/"},{"key":"e_1_3_2_1_53_1","volume-title":"Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI '15)","author":"Madhavapeddy Anil","year":"2015","unstructured":"Anil Madhavapeddy , Thomas Leonard , Magnus Skjegstad , Thomas Gazagnaire , David Sheets , Dave Scott , Richard Mortier , Amir Chaudhry , Balraj Singh , Jon Ludlam , Jon Crowcroft , and Ian Leslie . 2015 . Jitsu: Just-In-Time Summoning of Unikernels . In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI '15) . Oakland, CA, 559--573. https:\/\/www.usenix.org\/conference\/nsdi15\/technical-sessions\/presentation\/madhavapeddy Anil Madhavapeddy, Thomas Leonard, Magnus Skjegstad, Thomas Gazagnaire, David Sheets, Dave Scott, Richard Mortier, Amir Chaudhry, Balraj Singh, Jon Ludlam, Jon Crowcroft, and Ian Leslie. 2015. Jitsu: Just-In-Time Summoning of Unikernels. In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI '15). Oakland, CA, 559--573. https:\/\/www.usenix.org\/conference\/nsdi15\/technical-sessions\/presentation\/madhavapeddy"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451167"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132763"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.17"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352625"},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX ATC '19)","author":"Narayanan Vikram","year":"2019","unstructured":"Vikram Narayanan , Abhiram Balasubramanian , Charlie Jacobsen , Sarah Spall , Scott Bauer , Michael Quigley , Aftab Hussain , Abdullah Younis , Junjie Shen , Moinak Bhattacharyya , and Anton Burtsev . 2019 . LXDs: Towards Isolation of Kernel Subsystems . In Proceedings of the USENIX Annual Technical Conference (USENIX ATC '19) . USENIX Association, Renton, WA, 269--284. https:\/\/www.usenix.org\/conference\/atc19\/presentation\/narayanan Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scott Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, and Anton Burtsev. 2019. LXDs: Towards Isolation of Kernel Subsystems. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC '19). USENIX Association, Renton, WA, 269--284. https:\/\/www.usenix.org\/conference\/atc19\/presentation\/narayanan"},{"key":"e_1_3_2_1_59_1","unstructured":"NVIDIA Corporation 2020. CUDA C++ Programming Guide---Version 11.1.0. NVIDIA Corporation. Accessed: 2020-10-01.  NVIDIA Corporation 2020. CUDA C++ Programming Guide---Version 11.1.0. NVIDIA Corporation. Accessed: 2020-10-01."},{"key":"e_1_3_2_1_60_1","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Oakes Edward","unstructured":"Edward Oakes , Leon Yang , Dennis Zhou , Kevin Houck , Tyler Harter , Andrea C. Arpaci-Dusseau , and Remzi H . Arpaci-Dusseau. 2018. SOCK: Rapid Task Provisioning with Serverless-Optimized Containers . In Proceedings of the USENIX Annual Technical Conference ( Boston, MA, USA) (USENIX ATC '18). USENIX Association, 57--69. https:\/\/www.usenix.org\/conference\/atc18\/presentation\/oakes Edward Oakes, Leon Yang, Dennis Zhou, Kevin Houck, Tyler Harter, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2018. SOCK: Rapid Task Provisioning with Serverless-Optimized Containers. In Proceedings of the USENIX Annual Technical Conference (Boston, MA, USA) (USENIX ATC '18). USENIX Association, 57--69. https:\/\/www.usenix.org\/conference\/atc18\/presentation\/oakes"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313808.3313817"},{"key":"e_1_3_2_1_62_1","unstructured":"openwhisk [n.d.]. Apache OpenWhisk. https:\/\/openwhisk.apache.org\/. Accessed 2021-02-19.  openwhisk [n.d.]. Apache OpenWhisk. https:\/\/openwhisk.apache.org\/. Accessed 2021-02-19."},{"key":"e_1_3_2_1_63_1","unstructured":"oracleudf [n.d.]. Oracle Database SQL Reference: User-Defined Functions. https:\/\/docs.oracle.com\/cd\/B19306_01\/server.102\/b14200\/functions231.htm. Accessed 2021-05-01.  oracleudf [n.d.]. Oracle Database SQL Reference: User-Defined Functions. https:\/\/docs.oracle.com\/cd\/B19306_01\/server.102\/b14200\/functions231.htm. Accessed 2021-05-01."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24262"},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '11)","author":"Porter Donald E.","unstructured":"Donald E. Porter , Silas Boyd-Wickizer , Jon Howell , Reuben Olinsky , and Galen C. Hunt . 2011. Rethinking the Library OS from the Top Down . In Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '11) . 291--304. Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C. Hunt. 2011. Rethinking the Library OS from the Top Down. In Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '11). 291--304."},{"key":"e_1_3_2_1_66_1","volume-title":"Attacking clientside JIT compilers. Black Hat USA","author":"Rohlf Chris","year":"2011","unstructured":"Chris Rohlf and Yan Ivnitskiy . 2011. Attacking clientside JIT compilers. Black Hat USA ( 2011 ). Chris Rohlf and Yan Ivnitskiy. 2011. Attacking clientside JIT compilers. Black Hat USA (2011)."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/1400097.1400108"},{"key":"e_1_3_2_1_68_1","volume-title":"Proceedings of the 31st USENIX Security Symposium","author":"Schrammel David","year":"2022","unstructured":"David Schrammel , Samuel Weiser , Richard Sadek , and Stefan Mangard . 2022 . Jenny: Securing Syscalls for PKU-based Memory Isolation Systems . In Proceedings of the 31st USENIX Security Symposium ( Boston, MA, USA) (USENIX Security '22). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/schrammel David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard. 2022. Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In Proceedings of the 31st USENIX Security Symposium (Boston, MA, USA) (USENIX Security '22). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/schrammel"},{"key":"e_1_3_2_1_69_1","unstructured":"sgx 2020. Intel\u00ae Software Guard Extensions. https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/topics\/software-guard-extensions.html. Accessed: 2020-08-06.  sgx 2020. Intel\u00ae Software Guard Extensions. https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/topics\/software-guard-extensions.html. Accessed: 2020-08-06."},{"key":"e_1_3_2_1_70_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX ATC '20)","author":"Shillaker Simon","year":"2020","unstructured":"Simon Shillaker and Peter Pietzuch . 2020 . Faasm: Lightweight Isolation for Efficient Stateful Serverless Computing . In Proceedings of the USENIX Annual Technical Conference (USENIX ATC '20) . USENIX Association, 419--433. https:\/\/www.usenix.org\/conference\/atc20\/presentation\/shillaker Simon Shillaker and Peter Pietzuch. 2020. Faasm: Lightweight Isolation for Efficient Stateful Serverless Computing. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC '20). USENIX Association, 419--433. https:\/\/www.usenix.org\/conference\/atc20\/presentation\/shillaker"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133373.1133393"},{"key":"e_1_3_2_1_72_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security '19)","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno O. Duarte , Michael Sammler , Peter Druschel , and Deepak Garg . 2019 . ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK) . In Proceedings of the 28th USENIX Security Symposium (USENIX Security '19) . USENIX Association, Santa Clara, CA, 1221--1238. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/vahldiek-oberwagner Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In Proceedings of the 28th USENIX Security Symposium (USENIX Security '19). USENIX Association, Santa Clara, CA, 1221--1238. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/vahldiek-oberwagner"},{"key":"e_1_3_2_1_73_1","volume-title":"Retrieved","author":"Wagner Tim","year":"2014","unstructured":"Tim Wagner . 2014 . Understanding Container Reuse in AWS Lambda . Retrieved May 26, 2020 from https:\/\/aws.amazon.com\/de\/blogs\/compute\/container-reuse-in-lambda\/ Tim Wagner. 2014. Understanding Container Reuse in AWS Lambda. Retrieved May 26, 2020 from https:\/\/aws.amazon.com\/de\/blogs\/compute\/container-reuse-in-lambda\/"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_3_2_1_75_1","volume-title":"Proceedings of the 8th USENIX Workshop on Hot Topics in Cloud Computing","author":"Williams Dan","year":"2016","unstructured":"Dan Williams and Ricardo Koller . 2016 . Unikernel Monitors: Extending Minimalism Outside of the Box . In Proceedings of the 8th USENIX Workshop on Hot Topics in Cloud Computing ( Denver, CO) (HotCloud '16). USENIX Association, USA, 71--76. https:\/\/www.usenix.org\/conference\/hotcloud16\/workshop-program\/presentation\/williams Dan Williams and Ricardo Koller. 2016. Unikernel Monitors: Extending Minimalism Outside of the Box. In Proceedings of the 8th USENIX Workshop on Hot Topics in Cloud Computing (Denver, CO) (HotCloud '16). USENIX Association, USA, 71--76. https:\/\/www.usenix.org\/conference\/hotcloud16\/workshop-program\/presentation\/williams"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2509578.2509581"}],"event":{"name":"EuroSys '22: Seventeenth European Conference on Computer Systems","location":"Rennes France","acronym":"EuroSys '22","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the Seventeenth European Conference on Computer Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3492321.3519553","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3492321.3519553","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3492321.3519553","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:31:07Z","timestamp":1750188667000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3492321.3519553"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,28]]},"references-count":75,"alternative-id":["10.1145\/3492321.3519553","10.1145\/3492321"],"URL":"https:\/\/doi.org\/10.1145\/3492321.3519553","relation":{},"subject":[],"published":{"date-parts":[[2022,3,28]]},"assertion":[{"value":"2022-03-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}