{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T08:08:16Z","timestamp":1769760496869,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":81,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,3,28]],"date-time":"2022-03-28T00:00:00Z","timestamp":1648425600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ONR","award":["N00014-17-1-2889"],"award-info":[{"award-number":["N00014-17-1-2889"]}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1956007,CCF-2029049,CNS-2130560,CNS-2145295,CCF-1816615"],"award-info":[{"award-number":["CNS-1956007,CCF-2029049,CNS-2130560,CNS-2145295,CCF-1816615"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,3,28]]},"DOI":"10.1145\/3492321.3519562","type":"proceedings-article","created":{"date-parts":[[2022,3,28]],"date-time":"2022-03-28T14:28:18Z","timestamp":1648477698000},"page":"283-299","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Verified programs can party"],"prefix":"10.1145","author":[{"given":"Hsuan-Chi","family":"Kuo","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kai-Hsun","family":"Chen","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yicheng","family":"Lu","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Williams","sequence":"additional","affiliation":[{"name":"Virginia Tech"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sibin","family":"Mohan","sequence":"additional","affiliation":[{"name":"Oregon State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tianyin","family":"Xu","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,3,28]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Add static_call(). https:\/\/lwn.net\/Articles\/819311\/. Accessed: 09\/04\/2021.  Add static_call(). https:\/\/lwn.net\/Articles\/819311\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_2_1","unstructured":"BCC - Tools for BPF-based Linux IO analysis networking monitoring and more. https:\/\/github.com\/iovisor\/bcc. Accessed: 09\/04\/2021.  BCC - Tools for BPF-based Linux IO analysis networking monitoring and more. https:\/\/github.com\/iovisor\/bcc. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_3_1","unstructured":"Beautifying syscall args in 'perf trace'. http:\/\/vger.kernel.org\/~acme\/perf\/linuxdev-br-2018-perf-trace-eBPF\/. Accessed: 09\/04\/2021.  Beautifying syscall args in 'perf trace'. http:\/\/vger.kernel.org\/~acme\/perf\/linuxdev-br-2018-perf-trace-eBPF\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_4_1","unstructured":"Binary Optimization and Layout Tool - A linux command-line utility used for optimizing performance of binaries. https:\/\/github.com\/facebookincubator\/BOLT. Accessed: 09\/04\/2021.  Binary Optimization and Layout Tool - A linux command-line utility used for optimizing performance of binaries. https:\/\/github.com\/facebookincubator\/BOLT. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_5_1","unstructured":"The bpf dispatcher. https:\/\/lore.kernel.org\/bpf\/20191211123017.13212-1-bjorn.topel@gmail.com\/. Accessed: 09\/04\/2021.  The bpf dispatcher. https:\/\/lore.kernel.org\/bpf\/20191211123017.13212-1-bjorn.topel@gmail.com\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_6_1","unstructured":"Bpf map tracing: Hot updates of stateful programs. https:\/\/linuxplumbersconf.org\/event\/11\/contributions\/942\/. Accessed: 09\/04\/2021.  Bpf map tracing: Hot updates of stateful programs. https:\/\/linuxplumbersconf.org\/event\/11\/contributions\/942\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_7_1","unstructured":"cgroups(7) --- linux manual page. https:\/\/man7.org\/linux\/man-pages\/man7\/cgroups.7.html. Accessed: 09\/04\/2021.  cgroups(7) --- linux manual page. https:\/\/man7.org\/linux\/man-pages\/man7\/cgroups.7.html. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_8_1","unstructured":"Evaluation of tail call costs in ebpf. https:\/\/www.linuxplumbersconf.org\/event\/7\/contributions\/676\/attachments\/512\/1000\/paper.pdf. Accessed: 09\/04\/2021.  Evaluation of tail call costs in ebpf. https:\/\/www.linuxplumbersconf.org\/event\/7\/contributions\/676\/attachments\/512\/1000\/paper.pdf. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_9_1","unstructured":"Introduce bpf trampoline. https:\/\/lwn.net\/Articles\/804937\/. Accessed: 09\/04\/2021.  Introduce bpf trampoline. https:\/\/lwn.net\/Articles\/804937\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_10_1","unstructured":"iPerf - The ultimate speed test tool for TCP udp and sctp. https:\/\/iperf.fr\/iperf-doc.php. Accessed: 09\/04\/2021.  iPerf - The ultimate speed test tool for TCP udp and sctp. https:\/\/iperf.fr\/iperf-doc.php. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_11_1","unstructured":"Linux Native api-aware networking and security for containers. https:\/\/cilium.io\/. Accessed: 09\/04\/2021.  Linux Native api-aware networking and security for containers. https:\/\/cilium.io\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_12_1","unstructured":"Linux Socket Filtering aka Berkeley Packet Filter (BPF). https:\/\/www.kernel.org\/doc\/Documentation\/networking\/filter.txt. Accessed: 09\/04\/2021.  Linux Socket Filtering aka Berkeley Packet Filter (BPF). https:\/\/www.kernel.org\/doc\/Documentation\/networking\/filter.txt. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_13_1","unstructured":"Linux system exploration and troubleshooting tool with first class support for containers. https:\/\/github.com\/draios\/sysdig. Accessed: 09\/04\/2021.  Linux system exploration and troubleshooting tool with first class support for containers. https:\/\/github.com\/draios\/sysdig. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_14_1","unstructured":"Lsm bpf programs. https:\/\/www.kernel.org\/doc\/html\/latest\/bpf\/bpf_lsm.html. Accessed: 09\/04\/2021.  Lsm bpf programs. https:\/\/www.kernel.org\/doc\/html\/latest\/bpf\/bpf_lsm.html. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_15_1","unstructured":"Modern http benchmarking tool. https:\/\/github.com\/wg\/wrk. Accessed: 09\/04\/2021.  Modern http benchmarking tool. https:\/\/github.com\/wg\/wrk. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_16_1","unstructured":"net: mitigate retpoline overhead. https:\/\/lwn.net\/Articles\/773985\/. Accessed: 09\/04\/2021.  net: mitigate retpoline overhead. https:\/\/lwn.net\/Articles\/773985\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_17_1","unstructured":"new seccomp mode aims to improve performance. http:\/\/kernsec.org\/pipermail\/linux-security-module-archive\/2020-June\/020706.html. Accessed: 09\/04\/2021.  new seccomp mode aims to improve performance. http:\/\/kernsec.org\/pipermail\/linux-security-module-archive\/2020-June\/020706.html. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_18_1","unstructured":"Nosql redis and memcache traffic generation and benchmarking tool. https:\/\/github.com\/RedisLabs\/memtier_benchmark. Accessed: 09\/04\/2021.  Nosql redis and memcache traffic generation and benchmarking tool. https:\/\/github.com\/RedisLabs\/memtier_benchmark. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_19_1","unstructured":"Optimize bpf tail calls for direct jumps. https:\/\/lore.kernel.org\/bpf\/CAEf4BzYPLVHpc=EifKZP7wcfeWpzbENsD9MOb_UN=_48wpW24Q@mail.gmail.com\/T\/. Accessed: 09\/04\/2021.  Optimize bpf tail calls for direct jumps. https:\/\/lore.kernel.org\/bpf\/CAEf4BzYPLVHpc=EifKZP7wcfeWpzbENsD9MOb_UN=_48wpW24Q@mail.gmail.com\/T\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_20_1","unstructured":"[PATCH net-next 8\/9] net: filter: rework\/optimize internal BPF interpreter's instruction set. https:\/\/lore.kernel.org\/netdev\/1395404418-25376-9-git-send-email-dborkman@redhat.com\/. Accessed: 09\/04\/2021.  [PATCH net-next 8\/9] net: filter: rework\/optimize internal BPF interpreter's instruction set. https:\/\/lore.kernel.org\/netdev\/1395404418-25376-9-git-send-email-dborkman@redhat.com\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_21_1","unstructured":"Performance Benchmark Analysis of Egress Filtering on Linux. https:\/\/kinvolk.io\/blog\/2020\/09\/performance-benchmark-analysis-of-egress-filtering-on-linux\/. Accessed: 09\/04\/2021.  Performance Benchmark Analysis of Egress Filtering on Linux. https:\/\/kinvolk.io\/blog\/2020\/09\/performance-benchmark-analysis-of-egress-filtering-on-linux\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_22_1","unstructured":"Re: [rfc v2 0\/6] x86: dynamic indirect branch promotion. https:\/\/lore.kernel.org\/lkml\/87zhshe66w.fsf@linux.intel.com\/. Accessed: 09\/04\/2021.  Re: [rfc v2 0\/6] x86: dynamic indirect branch promotion. https:\/\/lore.kernel.org\/lkml\/87zhshe66w.fsf@linux.intel.com\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_23_1","unstructured":"Retpoline: A branch target injection mitigation. https:\/\/software.intel.com\/security-software-guidance\/api-app\/sites\/default\/files\/Retpoline-A-Branch-Target-Injection-Mitigation.pdf. Accessed: 09\/04\/2021.  Retpoline: A branch target injection mitigation. https:\/\/software.intel.com\/security-software-guidance\/api-app\/sites\/default\/files\/Retpoline-A-Branch-Target-Injection-Mitigation.pdf. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_24_1","unstructured":"Secure computing with filters. https:\/\/www.kernel.org\/doc\/Documentation\/prctl\/seccomp_filter.txt. Accessed: 09\/04\/2021.  Secure computing with filters. https:\/\/www.kernel.org\/doc\/Documentation\/prctl\/seccomp_filter.txt. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_25_1","unstructured":"Speculative execution side channel mitigations. https:\/\/software.intel.com\/security-software-guidance\/api-app\/sites\/default\/files\/336996-Speculative-Execution-Side-Channel-Mitigations.pdf. Accessed: 09\/04\/2021.  Speculative execution side channel mitigations. https:\/\/software.intel.com\/security-software-guidance\/api-app\/sites\/default\/files\/336996-Speculative-Execution-Side-Channel-Mitigations.pdf. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_26_1","unstructured":"systemd. https:\/\/www.freedesktop.org\/wiki\/Software\/systemd\/. Accessed: 09\/04\/2021.  systemd. https:\/\/www.freedesktop.org\/wiki\/Software\/systemd\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_27_1","unstructured":"Testing Hellwig \"dma-direct-calls\" patchset. https:\/\/github.com\/xdp-project\/xdp-project\/blob\/master\/areas\/dma\/dma01_test_hellwig_direct_dma.org. Accessed: 09\/04\/2021.  Testing Hellwig \"dma-direct-calls\" patchset. https:\/\/github.com\/xdp-project\/xdp-project\/blob\/master\/areas\/dma\/dma01_test_hellwig_direct_dma.org. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_28_1","unstructured":"The LLVM Compiler Infrastructure. https:\/\/llvm.org\/. Accessed: 09\/04\/2021.  The LLVM Compiler Infrastructure. https:\/\/llvm.org\/. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_29_1","unstructured":"Using the linux kernel tracepoints. https:\/\/www.kernel.org\/doc\/html\/latest\/trace\/tracepoints.html. Accessed: 09\/04\/2021.  Using the linux kernel tracepoints. https:\/\/www.kernel.org\/doc\/html\/latest\/trace\/tracepoints.html. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_30_1","unstructured":"When ebpf meets fuse. https:\/\/events19.linuxfoundation.org\/wp-content\/uploads\/2017\/11\/When-eBPF-Meets-FUSE-Improving-Performance-of-User-File-Systems-Ashish-Bijlani-Georgia-Tech.pdf. Accessed: 09\/04\/2021.  When ebpf meets fuse. https:\/\/events19.linuxfoundation.org\/wp-content\/uploads\/2017\/11\/When-eBPF-Meets-FUSE-Improving-Performance-of-User-File-Systems-Ashish-Bijlani-Georgia-Tech.pdf. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_31_1","unstructured":"Xdp express data path. https:\/\/www.iovisor.org\/technology\/xdp. Accessed: 09\/04\/2021.  Xdp express data path. https:\/\/www.iovisor.org\/technology\/xdp. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_32_1","unstructured":"Xdp performance regression due to config_retpoline spectre v2. http:\/\/lkml.iu.edu\/hypermail\/linux\/kernel\/1804.1\/05171.html. Accessed: 09\/04\/2021.  Xdp performance regression due to config_retpoline spectre v2. http:\/\/lkml.iu.edu\/hypermail\/linux\/kernel\/1804.1\/05171.html. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_33_1","volume-title":"https:\/\/lwn.net\/Articles\/829858\/","author":"Rust Supporting Linux","year":"2020","unstructured":"Supporting Linux kernel development in Rust . https:\/\/lwn.net\/Articles\/829858\/ , 2020 . Accessed : 09\/04\/2021. Supporting Linux kernel development in Rust. https:\/\/lwn.net\/Articles\/829858\/, 2020. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_34_1","volume-title":"Michael Wei. JumpSwitches: Restoring the Performance of Indirect Branches In the Era of Spectre. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019","author":"Amit Nadav","year":"2019","unstructured":"Nadav Amit , Fred Jacobs , and Michael Wei. JumpSwitches: Restoring the Performance of Indirect Branches In the Era of Spectre. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019 , Renton, WA, USA, July 10--12 , 2019 . USENIX Association, 2019. Nadav Amit, Fred Jacobs, and Michael Wei. JumpSwitches: Restoring the Performance of Indirect Branches In the Era of Spectre. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10--12, 2019. USENIX Association, 2019."},{"key":"e_1_3_2_1_35_1","volume-title":"Amit and Michael Wei. The Design and Implementation of Hyperupcalls. In 2018 USENIX Annual Technical Conference, USENIX ATC 2018","author":"Nadav","year":"2018","unstructured":"Nadav Amit and Michael Wei. The Design and Implementation of Hyperupcalls. In 2018 USENIX Annual Technical Conference, USENIX ATC 2018 , Boston, MA, USA, July 11--13 , 2018 . USENIX Association, 2018. Nadav Amit and Michael Wei. The Design and Implementation of Hyperupcalls. In 2018 USENIX Annual Technical Conference, USENIX ATC 2018, Boston, MA, USA, July 11--13, 2018. USENIX Association, 2018."},{"key":"e_1_3_2_1_36_1","volume-title":"A flow-based IDS using Machine Learning in eBPF. CoRR, abs\/2102.09980","author":"Bachl Maximilian","year":"2021","unstructured":"Maximilian Bachl , Joachim Fabini , and Tanja Zseby . A flow-based IDS using Machine Learning in eBPF. CoRR, abs\/2102.09980 , 2021 . Maximilian Bachl, Joachim Fabini, and Tanja Zseby. A flow-based IDS using Machine Learning in eBPF. CoRR, abs\/2102.09980, 2021."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOMW.2018.8407006"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/316188.316214"},{"key":"e_1_3_2_1_39_1","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020","author":"Behrens Jonathan","year":"2020","unstructured":"Jonathan Behrens , Anton Cao , Cel Skeggs , Adam Belay , M. Frans Kaashoek , and Nickolai Zeldovich . Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract . In 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020 , Virtual Event, November 4--6 , 2020 . USENIX Association, 2020. Jonathan Behrens, Anton Cao, Cel Skeggs, Adam Belay, M. Frans Kaashoek, and Nickolai Zeldovich. Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract. In 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020, Virtual Event, November 4--6, 2020. USENIX Association, 2020."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3234200.3234228"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386263.3407584"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS47738.2020.9110434"},{"key":"e_1_3_2_1_43_1","volume-title":"The 8th International Conference on Emerging Internet, Data and Web Technologies, EIDWT 2020","volume":"47","author":"Choe YoungEun","year":"2020","unstructured":"YoungEun Choe , Jun-Sik Shin , Seunghyung Lee , and JongWon Kim . eBPF\/ XDP Based Network Traffic Visualization and Do S Mitigation for Intelligent Service Protection . In Advances in Internet, Data and Web Technologies , The 8th International Conference on Emerging Internet, Data and Web Technologies, EIDWT 2020 , Kitakyushu, Japan. 24- -26 February 2020 , volume 47 of Lecture Notes on Data Engineering and Communications Technologies. Springer, 2020. YoungEun Choe, Jun-Sik Shin, Seunghyung Lee, and JongWon Kim. eBPF\/XDP Based Network Traffic Visualization and DoS Mitigation for Intelligent Service Protection. In Advances in Internet, Data and Web Technologies, The 8th International Conference on Emerging Internet, Data and Web Technologies, EIDWT 2020, Kitakyushu, Japan. 24--26 February 2020, volume 47 of Lecture Notes on Data Engineering and Communications Technologies. Springer, 2020."},{"key":"e_1_3_2_1_44_1","volume-title":"KRSI --- the other BPF security module. https:\/\/lwn.net\/Articles\/808048\/","author":"Corbet Jonathan","year":"2019","unstructured":"Jonathan Corbet . KRSI --- the other BPF security module. https:\/\/lwn.net\/Articles\/808048\/ , 2019 . Accessed : 09\/04\/2021. Jonathan Corbet. KRSI --- the other BPF security module. https:\/\/lwn.net\/Articles\/808048\/, 2019. Accessed: 09\/04\/2021."},{"key":"e_1_3_2_1_45_1","series-title":"CEUR Workshop Proceedings","volume-title":"Proceedings of the Third Italian Conference on Cyber Security, Pisa, Italy, February 13--15","author":"Deri Luca","year":"2019","unstructured":"Luca Deri , Samuele Sabella , and Simone Mainardi . Combining System Visibility and Security Using eBPF . In Proceedings of the Third Italian Conference on Cyber Security, Pisa, Italy, February 13--15 , 2019 , volume 2315 of CEUR Workshop Proceedings . CEUR-WS. org, 2019. Luca Deri, Samuele Sabella, and Simone Mainardi. Combining System Visibility and Security Using eBPF. In Proceedings of the Third Italian Conference on Cyber Security, Pisa, Italy, February 13--15, 2019, volume 2315 of CEUR Workshop Proceedings. CEUR-WS.org, 2019."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446740"},{"key":"e_1_3_2_1_47_1","volume-title":"CAV 2020, Los Angeles, CA, USA, July 21--24, 2020, Proceedings, Part II","volume":"12225","author":"Geffen Jacob Van","year":"2020","unstructured":"Jacob Van Geffen , Luke Nelson , Isil Dillig , Xi Wang , and Emina Torlak . Synthesizing JIT Compilers for In-Kernel DSLs. In Computer Aided Verification - 32nd International Conference , CAV 2020, Los Angeles, CA, USA, July 21--24, 2020, Proceedings, Part II , volume 12225 of Lecture Notes in Computer Science. Springer , 2020 . Jacob Van Geffen, Luke Nelson, Isil Dillig, Xi Wang, and Emina Torlak. Synthesizing JIT Compilers for In-Kernel DSLs. In Computer Aided Verification - 32nd International Conference, CAV 2020, Los Angeles, CA, USA, July 21--24, 2020, Proceedings, Part II, volume 12225 of Lecture Notes in Computer Science. Springer, 2020."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314590"},{"key":"e_1_3_2_1_49_1","volume-title":"Michalis Polychronakis. Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium, USENIX Security 2020","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia , Tapti Palit , Shachee Mishra , and Michalis Polychronakis. Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium, USENIX Security 2020 , August 12 --14 , 2020 . USENIX Association, 2020. Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis. Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020. USENIX Association, 2020."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3281411.3281443"},{"key":"e_1_3_2_1_51_1","volume-title":"14th International Conference on Network and Service Management, CNSM 2018","author":"Hong Jibum","year":"2018","unstructured":"Jibum Hong , Seyeon Jeong , Jae-Hyoung Yoo , and James Won-Ki Hong . Design and Implementation of eBPF-based Virtual TAP for Inter-VM Traffic Monitoring . In 14th International Conference on Network and Service Management, CNSM 2018 , Rome, Italy, November 5--9 , 2018 . IEEE Computer Society, 2018. Jibum Hong, Seyeon Jeong, Jae-Hyoung Yoo, and James Won-Ki Hong. Design and Implementation of eBPF-based Virtual TAP for Inter-VM Traffic Monitoring. In 14th International Conference on Network and Service Management, CNSM 2018, Rome, Italy, November 5--9, 2018. IEEE Computer Society, 2018."},{"key":"e_1_3_2_1_52_1","volume-title":"Linux Plumbers Conference 2020","author":"Joly Clement","year":"2020","unstructured":"Clement Joly and Fran\u00e7ois Serman . Evaluation of tail call costs in eBPF . Linux Plumbers Conference 2020 , 2020 . Clement Joly and Fran\u00e7ois Serman. Evaluation of tail call costs in eBPF. Linux Plumbers Conference 2020, 2020."},{"key":"e_1_3_2_1_53_1","volume-title":"Kim and Nickolai Zeldovich. Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference","author":"Taesoo","year":"2013","unstructured":"Taesoo Kim and Nickolai Zeldovich. Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference , San Jose, CA, USA, June 26--28 , 2013 . USENIX Association, 2013. Taesoo Kim and Nickolai Zeldovich. Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference, San Jose, CA, USA, June 26--28, 2013. USENIX Association, 2013."},{"key":"e_1_3_2_1_54_1","volume-title":"Emer. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. In 51st Annual IEEE\/ACM International Symposium on Microarchitecture, MICRO 2018","author":"Kiriansky Vladimir","year":"2018","unstructured":"Vladimir Kiriansky , Ilia A. Lebedev , Saman P. Amarasinghe , Srinivas Devadas , and Joel S . Emer. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. In 51st Annual IEEE\/ACM International Symposium on Microarchitecture, MICRO 2018 , Fukuoka, Japan, October 20--24 , 2018 . IEEE Computer Society, 2018. Vladimir Kiriansky, Ilia A. Lebedev, Saman P. Amarasinghe, Srinivas Devadas, and Joel S. Emer. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. In 51st Annual IEEE\/ACM International Symposium on Microarchitecture, MICRO 2018, Fukuoka, Japan, October 20--24, 2018. IEEE Computer Society, 2018."},{"key":"e_1_3_2_1_55_1","volume-title":"Formally verified software in the real world. Commun. ACM, 61(10)","author":"Klein Gerwin","year":"2018","unstructured":"Gerwin Klein , June Andronick , Matthew Fernandez , Ihor Kuz , Toby C. Murray , and Gernot Heiser . Formally verified software in the real world. Commun. ACM, 61(10) , 2018 . Gerwin Klein, June Andronick, Matthew Fernandez, Ihor Kuz, Toby C. Murray, and Gernot Heiser. Formally verified software in the real world. Commun. ACM, 61(10), 2018."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_57_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher , Jann Horn , Anders Fogh , Daniel Genkin , Daniel Gruss , Werner Haas , Mike Hamburg , Moritz Lipp , Stefan Mangard , Thomas Prescher , Michael Schwarz , and Yuval Yarom . Spectre Attacks: Exploiting Speculative Execution , 2019 . Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre Attacks: Exploiting Speculative Execution, 2019."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00033"},{"key":"e_1_3_2_1_59_1","volume-title":"Safe and Efficient Remote Application Code Execution on Disaggregated NVM Storage with eBPF. CoRR, abs\/2002.11528","author":"Kourtis Kornilios","year":"2020","unstructured":"Kornilios Kourtis , Animesh Trivedi , and Nikolas Ioannou . Safe and Efficient Remote Application Code Execution on Disaggregated NVM Storage with eBPF. CoRR, abs\/2002.11528 , 2020 . Kornilios Kourtis, Animesh Trivedi, and Nikolas Ioannou. Safe and Efficient Remote Application Code Execution on Disaggregated NVM Storage with eBPF. CoRR, abs\/2002.11528, 2020."},{"key":"e_1_3_2_1_60_1","volume-title":"DIMVA 2017, Bonn, Germany, July 6--7, 2017, Proceedings","volume":"10327","author":"Lei Lingguang","year":"2017","unstructured":"Lingguang Lei , Jianhua Sun , Kun Sun , Chris Shenefiel , Rui Ma , Yuewu Wang , and Qi Li. SPEAKER : Split-Phase Execution of Application Containers. In Detection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference , DIMVA 2017, Bonn, Germany, July 6--7, 2017, Proceedings , volume 10327 of Lecture Notes in Computer Science. Springer , 2017 . Lingguang Lei, Jianhua Sun, Kun Sun, Chris Shenefiel, Rui Ma, Yuewu Wang, and Qi Li. SPEAKER: Split-Phase Execution of Application Containers. In Detection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference, DIMVA 2017, Bonn, Germany, July 6--7, 2017, Proceedings, volume 10327 of Lecture Notes in Computer Science. Springer, 2017."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3458336.3465277"},{"key":"e_1_3_2_1_62_1","volume-title":"Meltdown: reading kernel memory from user space. Commun. ACM, 63(6)","author":"Lipp Moritz","year":"2020","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Jann Horn , Stefan Mangard , Paul Kocher , Daniel Genkin , Yuval Yarom , Mike Hamburg , and Raoul Strackx . Meltdown: reading kernel memory from user space. Commun. ACM, 63(6) , 2020 . Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, and Raoul Strackx. Meltdown: reading kernel memory from user space. Commun. ACM, 63(6), 2020."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPADS51040.2020.00099"},{"key":"e_1_3_2_1_64_1","volume-title":"McCanne and Van Jacobson. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In Proceedings of the Usenix","author":"Steven","year":"1993","unstructured":"Steven McCanne and Van Jacobson. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In Proceedings of the Usenix Winter 1993 Technical Conference, San Diego, California, USA , January 1993. USENIX Association, 1993. Steven McCanne and Van Jacobson. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In Proceedings of the Usenix Winter 1993 Technical Conference, San Diego, California, USA, January 1993. USENIX Association, 1993."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3341301.3359641"},{"key":"e_1_3_2_1_66_1","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020","author":"Nelson Luke","year":"2020","unstructured":"Luke Nelson , Jacob Van Geffen , Emina Torlak , and Xi Wang . Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel . In 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020 , Virtual Event, November 4--6 , 2020 . USENIX Association, 2020. Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang. Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel. In 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020, Virtual Event, November 4--6, 2020. USENIX Association, 2020."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3341301.3359640"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-64701-2_17"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/ITC30.2018.00039"},{"key":"e_1_3_2_1_70_1","volume-title":"VINO: An Integrated Platform for Operating System and Database Research","author":"Small Christopher","year":"1994","unstructured":"Christopher Small and Margo Seltzer . VINO: An Integrated Platform for Operating System and Database Research , 1994 . Christopher Small and Margo Seltzer. VINO: An Integrated Platform for Operating System and Database Research, 1994."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOMW.2018.8406849"},{"key":"e_1_3_2_1_72_1","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020","author":"Tang Chunqiang","year":"2020","unstructured":"Chunqiang Tang , Kenny Yu , Kaushik Veeraraghavan , Jonathan Kaldor , Scott Michelson , Thawan Kooburat , Aravind Anbudurai , Matthew Clark , Kabir Gogia , Long Cheng , Ben Christensen , Alex Gartrell , Maxim Khutornenko , Sachin Kulkarni , Marcin Pawlowski , Tuomas Pelkonen , Andre Rodrigues , Rounak Tibrewal , Vaishnavi Venkatesan , and Peter Zhang . Twine : A unified cluster management system for shared infrastructure . In 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020 , Virtual Event, November 4--6 , 2020 . USENIX Association, 2020. Chunqiang Tang, Kenny Yu, Kaushik Veeraraghavan, Jonathan Kaldor, Scott Michelson, Thawan Kooburat, Aravind Anbudurai, Matthew Clark, Kabir Gogia, Long Cheng, Ben Christensen, Alex Gartrell, Maxim Khutornenko, Sachin Kulkarni, Marcin Pawlowski, Tuomas Pelkonen, Andre Rodrigues, Rounak Tibrewal, Vaishnavi Venkatesan, and Peter Zhang. Twine: A unified cluster management system for shared infrastructure. In 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020, Virtual Event, November 4--6, 2020. USENIX Association, 2020."},{"key":"e_1_3_2_1_73_1","volume-title":"Butler. LBM: A Security Framework for Peripherals within the Linux Kernel. In 2019 IEEE Symposium on Security and Privacy, SP 2019","author":"Tian Dave Jing","year":"2019","unstructured":"Dave Jing Tian , Grant Hernandez , Joseph I. Choi , Vanessa Frost , Peter C. Johnson , and Kevin R. B . Butler. LBM: A Security Framework for Peripherals within the Linux Kernel. In 2019 IEEE Symposium on Security and Privacy, SP 2019 , San Francisco, CA, USA, May 19--23 , 2019 . IEEE, 2019. Dave Jing Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Peter C. Johnson, and Kevin R. B. Butler. LBM: A Security Framework for Peripherals within the Linux Kernel. In 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19--23, 2019. IEEE, 2019."},{"key":"e_1_3_2_1_74_1","volume-title":"Eduardo P. M. C\u00e2mara J\u00fanior, and Luiz Filipe M. Vieira. Fast Packet Processing with eBPF and XDP: Concepts, Code, Challenges, and Applications. ACM Comput. Surv., 53(1)","author":"Vieira Marcos Augusto M.","year":"2020","unstructured":"Marcos Augusto M. Vieira , Matheus S. Castanho , Racyus Pacifico , Elerson Rubens da Silva Santos , Eduardo P. M. C\u00e2mara J\u00fanior, and Luiz Filipe M. Vieira. Fast Packet Processing with eBPF and XDP: Concepts, Code, Challenges, and Applications. ACM Comput. Surv., 53(1) , 2020 . Marcos Augusto M. Vieira, Matheus S. Castanho, Racyus Pacifico, Elerson Rubens da Silva Santos, Eduardo P. M. C\u00e2mara J\u00fanior, and Luiz Filipe M. Vieira. Fast Packet Processing with eBPF and XDP: Concepts, Code, Challenges, and Applications. ACM Comput. Surv., 53(1), 2020."},{"key":"e_1_3_2_1_75_1","volume-title":"Zachary Tatlock. Jitk: A Trustworthy In-Kernel Interpreter Infrastructure. In 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI '14","author":"Wang Xi","year":"2014","unstructured":"Xi Wang , David Lazar , Nickolai Zeldovich , Adam Chlipala , and Zachary Tatlock. Jitk: A Trustworthy In-Kernel Interpreter Infrastructure. In 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI '14 , Broomfield, CO, USA, October 6--8 , 2014 . USENIX Association, 2014. Xi Wang, David Lazar, Nickolai Zeldovich, Adam Chlipala, and Zachary Tatlock. Jitk: A Trustworthy In-Kernel Interpreter Infrastructure. In 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI '14, Broomfield, CO, USA, October 6--8, 2014. USENIX Association, 2014."},{"key":"e_1_3_2_1_76_1","volume-title":"5th USENIX Symposium on Networked Systems Design & Implementation, NSDI","author":"Wu Zhenyu","year":"2008","unstructured":"Zhenyu Wu , Mengjun Xie , and Haining Wang . Swift: A Fast Dynamic Packet Filter . In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008 , April 16--18, 2008, San Francisco, CA, USA, Proceedings. USENIX Association , 2008. Zhenyu Wu, Mengjun Xie, and Haining Wang. Swift: A Fast Dynamic Packet Filter. In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008, April 16--18, 2008, San Francisco, CA, USA, Proceedings. USENIX Association, 2008."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3281411.3281426"},{"key":"e_1_3_2_1_78_1","volume-title":"Synthesizing Safe and Efficient Kernel Extensions for Packet Processing. CoRR, abs\/2103.00022","author":"Xu Qiongwen","year":"2021","unstructured":"Qiongwen Xu , Michael D. Wong , Tanvi Wagle , Srinivas Narayana , and Anirudh Sivaraman . Synthesizing Safe and Efficient Kernel Extensions for Packet Processing. CoRR, abs\/2103.00022 , 2021 . Qiongwen Xu, Michael D. Wong, Tanvi Wagle, Srinivas Narayana, and Anirudh Sivaraman. Synthesizing Safe and Efficient Kernel Extensions for Packet Processing. CoRR, abs\/2103.00022, 2021."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/223982.224438"},{"key":"e_1_3_2_1_80_1","first-page":"479","volume-title":"15th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2021","author":"Zhang Jiang","year":"2021","unstructured":"Jiang Zhang , Shuai Wang , Manuel Rigger , Pinjia He , and Zhendong Su. SANRAZOR : Reducing Redundant Sanitizer Checks in C\/C++ Programs . In 15th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2021 , July 14 --16 , 2021 , pages 479 -- 494 . USENIX Association, 2021. Jiang Zhang, Shuai Wang, Manuel Rigger, Pinjia He, and Zhendong Su. SANRAZOR: Reducing Redundant Sanitizer Checks in C\/C++ Programs. In 15th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2021, July 14--16, 2021, pages 479--494. USENIX Association, 2021."},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/3458336.3465290"}],"event":{"name":"EuroSys '22: Seventeenth European Conference on Computer Systems","location":"Rennes France","acronym":"EuroSys '22","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the Seventeenth European Conference on Computer Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3492321.3519562","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3492321.3519562","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3492321.3519562","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:31:07Z","timestamp":1750188667000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3492321.3519562"}},"subtitle":["optimizing kernel extensions via post-verification merging"],"short-title":[],"issued":{"date-parts":[[2022,3,28]]},"references-count":81,"alternative-id":["10.1145\/3492321.3519562","10.1145\/3492321"],"URL":"https:\/\/doi.org\/10.1145\/3492321.3519562","relation":{},"subject":[],"published":{"date-parts":[[2022,3,28]]},"assertion":[{"value":"2022-03-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}