{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T14:50:13Z","timestamp":1777733413951,"version":"3.51.4"},"reference-count":89,"publisher":"Association for Computing Machinery (ACM)","issue":"POPL","license":[{"start":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T00:00:00Z","timestamp":1641945600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000266","name":"EPSRC","doi-asserted-by":"crossref","award":["EP\/K008528\/1"],"award-info":[{"award-number":["EP\/K008528\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"crossref"}]},{"name":"NSF","award":["CNS-1514435, CNS-2120642, CCF- 1918573, CAREER CNS-2048262"],"award-info":[{"award-number":["CNS-1514435, CNS-2120642, CCF- 1918573, CAREER CNS-2048262"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2022,1,16]]},"abstract":"<jats:p>\n            Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimize and verify SFI enforcement, context switching in SFI systems remains largely unexplored: almost all SFI systems use\n            <jats:italic>heavyweight transitions<\/jats:italic>\n            that are not only error-prone but incur significant performance overhead from saving, clearing, and restoring registers when context switching. We identify a set of\n            <jats:italic>zero-cost conditions<\/jats:italic>\n            that characterize when sandboxed code has sufficient structured to guarantee security via lightweight\n            <jats:italic>zero-cost<\/jats:italic>\n            transitions (simple function calls). We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions, eliminating the undue performance tax on systems that rely on Lucet for sandboxing (e.g., we speed up image and font rendering in Firefox by up to 29.7% and 10% respectively). To remove the Lucet compiler and its correct implementation of the Wasm specification from the trusted computing base, we (1) develop a\n            <jats:italic>static binary verifier<\/jats:italic>\n            , VeriZero, which (in seconds) checks that binaries produced by Lucet satisfy our zero-cost conditions, and (2) prove the soundness of VeriZero by developing a logical relation that captures when a compiled Wasm function is semantically well-behaved with respect to our zero-cost conditions. Finally, we show that our model is useful beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions; our prototype performs on-par with the state-of-the-art Native Client SFI system.\n          <\/jats:p>","DOI":"10.1145\/3498688","type":"journal-article","created":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T17:03:12Z","timestamp":1642006992000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI"],"prefix":"10.1145","volume":"6","author":[{"given":"Matthew","family":"Kolosick","sequence":"first","affiliation":[{"name":"University of California at San Diego, USA"}]},{"given":"Shravan","family":"Narayan","sequence":"additional","affiliation":[{"name":"University of California at San Diego, USA"}]},{"given":"Evan","family":"Johnson","sequence":"additional","affiliation":[{"name":"University of California at San Diego, USA"}]},{"given":"Conrad","family":"Watt","sequence":"additional","affiliation":[{"name":"University of Cambridge, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6206-9642","authenticated-orcid":false,"given":"Michael","family":"LeMay","sequence":"additional","affiliation":[{"name":"Intel Labs, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0888-3093","authenticated-orcid":false,"given":"Deepak","family":"Garg","sequence":"additional","affiliation":[{"name":"MPI-SWS, Germany"}]},{"given":"Ranjit","family":"Jhala","sequence":"additional","affiliation":[{"name":"University of California at San Diego, USA"}]},{"given":"Deian","family":"Stefan","sequence":"additional","affiliation":[{"name":"University of California at San Diego, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,1,12]]},"reference":[{"key":"e_1_2_2_1_1","volume-title":"Java Platform","unstructured":"2019. Java Platform , Standard Edition : Java Virtual Machine Guide . https:\/\/docs.oracle.com\/en\/java\/javase\/13\/vm\/java-virtual-machine-guide.pdf 2019. Java Platform, Standard Edition: Java Virtual Machine Guide. https:\/\/docs.oracle.com\/en\/java\/javase\/13\/vm\/java-virtual-machine-guide.pdf"},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/231379.231402"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1178597.1178599"},{"key":"e_1_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427270"},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993540"},{"key":"e_1_2_2_6_1","unstructured":"Alexandre Bartel and John Doe. 2018. Twenty years of escaping the Java sandbox. In Phrack.  Alexandre Bartel and John Doe. 2018. Twenty years of escaping the Java sandbox. In Phrack."},{"key":"e_1_2_2_7_1","volume-title":"Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201912)","author":"Belay Adam","year":"2012","unstructured":"Adam Belay , Andrea Bittau , Ali Mashtizadeh , David Terei , David Mazi\u00e8res , and Christos Kozyrakis . 2012 . Dune: Safe User-Level Access to Privileged CPU Features . In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201912) . USENIX Association, USA. 335\u2013348. isbn:978 1931971966 Adam Belay, Andrea Bittau, Ali Mashtizadeh, David Terei, David Mazi\u00e8res, and Christos Kozyrakis. 2012. Dune: Safe User-Level Access to Privileged CPU Features. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201912). USENIX Association, USA. 335\u2013348. isbn:9781931971966"},{"key":"e_1_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17184-1_18"},{"key":"e_1_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99725-4_12"},{"key":"e_1_2_2_10_1","volume-title":"Wedge: Splitting Applications into Reduced-Privilege Compartments. In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI","author":"Bittau Andrea","year":"2008","unstructured":"Andrea Bittau , Petr Marchenko , Mark Handley , and Brad Karp . 2008 . Wedge: Splitting Applications into Reduced-Privilege Compartments. In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008, April 16-18, 2008, San Francisco, CA , USA, Proceedings, Jon Crowcroft and Michael Dahlin (Eds.). USENIX Association , 309\u2013322. http:\/\/www.usenix.org\/events\/nsdi08\/tech\/full_papers\/bittau\/bittau.pdf Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-Privilege Compartments. In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008, April 16-18, 2008, San Francisco, CA, USA, Proceedings, Jon Crowcroft and Michael Dahlin (Eds.). USENIX Association, 309\u2013322. http:\/\/www.usenix.org\/events\/nsdi08\/tech\/full_papers\/bittau\/bittau.pdf"},{"key":"e_1_2_2_11_1","volume-title":"WebAssembly as an Intermediate Language for Provably-Safe Software Sandboxing","author":"Bosamiya Jay","unstructured":"Jay Bosamiya , Benjamin Lim , and Bryan Parno . 2020. WebAssembly as an Intermediate Language for Provably-Safe Software Sandboxing . Pri SC. Jay Bosamiya, Benjamin Lim, and Bryan Parno. 2020. WebAssembly as an Intermediate Language for Provably-Safe Software Sandboxing. PriSC."},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3054924"},{"key":"e_1_2_2_13_1","unstructured":"Bytecode Alliance. 2020. Lucet. https:\/\/github.com\/bytecodealliance\/lucet  Bytecode Alliance. 2020. Lucet. https:\/\/github.com\/bytecodealliance\/lucet"},{"key":"e_1_2_2_14_1","unstructured":"Bytecode Alliance. 2020. WebAssembly Micro Runtime. https:\/\/github.com\/bytecodealliance\/wasm-micro-runtime  Bytecode Alliance. 2020. WebAssembly Micro Runtime. https:\/\/github.com\/bytecodealliance\/wasm-micro-runtime"},{"key":"e_1_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629581"},{"key":"e_1_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.12"},{"key":"e_1_2_2_17_1","unstructured":"Chromium Team. 2020. Memory safety. https:\/\/www.chromium.org\/Home\/chromium-security\/memory-safety  Chromium Team. 2020. Memory safety. https:\/\/www.chromium.org\/Home\/chromium-security\/memory-safety"},{"key":"e_1_2_2_18_1","volume-title":"7th Symposium on Operating Systems Design and Implementation (OSDI \u201906)","author":"Erlingsson \u00dalfar","year":"2006","unstructured":"\u00dalfar Erlingsson , Mart\u00edn Abadi , Michael Vrable , Mihai Budiu , and George C Necula . 2006 . XFI: Software guards for system address spaces . In 7th Symposium on Operating Systems Design and Implementation (OSDI \u201906) , November 6-8, Seattle, WA, USA. USENIX Association, 75\u201388. \u00dalfar Erlingsson, Mart\u00edn Abadi, Michael Vrable, Mihai Budiu, and George C Necula. 2006. XFI: Software guards for system address spaces. In 7th Symposium on Operating Systems Design and Implementation (OSDI \u201906), November 6-8, Seattle, WA, USA. USENIX Association, 75\u201388."},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1217935.1217953"},{"key":"e_1_2_2_20_1","volume-title":"VXA: A Virtual Architecture for Durable Compressed Archives.. In FAST. 5.","author":"Ford Bryan","year":"2005","unstructured":"Bryan Ford . 2005 . VXA: A Virtual Architecture for Durable Compressed Archives.. In FAST. 5. Bryan Ford. 2005. VXA: A Virtual Architecture for Durable Compressed Archives.. In FAST. 5."},{"key":"e_1_2_2_21_1","volume-title":"2008 USENIX Annual Technical Conference","author":"Ford Bryan","year":"2008","unstructured":"Bryan Ford and Russ Cox . 2008 . Vx32: Lightweight User-level Sandboxing on the x86 . In 2008 USENIX Annual Technical Conference , Boston, MA, USA , June 22-27, 2008. Proceedings. USENIX Association. Bryan Ford and Russ Cox. 2008. Vx32: Lightweight User-level Sandboxing on the x86. In 2008 USENIX Annual Technical Conference, Boston, MA, USA, June 22-27, 2008. Proceedings. USENIX Association."},{"key":"e_1_2_2_22_1","unstructured":"Nathan Froyd. 2020. Securing Firefox with WebAssembly. https:\/\/hacks.mozilla.org\/2020\/02\/securing-firefox-with-webassembly\/  Nathan Froyd. 2020. Securing Firefox with WebAssembly. https:\/\/hacks.mozilla.org\/2020\/02\/securing-firefox-with-webassembly\/"},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3423211.3425680"},{"key":"e_1_2_2_24_1","unstructured":"2021. Introducing the In-the-Wild Series. https:\/\/googleprojectzero.blogspot.com\/2021\/01\/introducing-in-wild-series.html  2021. Introducing the In-the-Wild Series. https:\/\/googleprojectzero.blogspot.com\/2021\/01\/introducing-in-wild-series.html"},{"key":"e_1_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2294"},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786558.2786565"},{"key":"e_1_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062363"},{"key":"e_1_2_2_28_1","volume-title":"Cranelift: Performance parity with Baldr on x86-64. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1539399","author":"Hansen Lars T","year":"2019","unstructured":"Lars T Hansen . 2019 . Cranelift: Performance parity with Baldr on x86-64. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1539399 Lars T Hansen. 2019. Cranelift: Performance parity with Baldr on x86-64. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1539399"},{"key":"e_1_2_2_29_1","volume-title":"2019 USENIX Annual Technical Conference, USENIX ATC 2019","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati , Spyridoula Gravani , Ethan Johnson , John Criswell , Michael L Scott , Kai Shen , and Mike Marty . 2019 . Hodor: Intra-process isolation for high-throughput data plane libraries . In 2019 USENIX Annual Technical Conference, USENIX ATC 2019 , Renton, WA, USA , July 10-12, 2019. USENIX Association. Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-process isolation for high-throughput data plane libraries. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019. USENIX Association."},{"key":"e_1_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2009.5270357"},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1243418.1243424"},{"key":"e_1_2_2_32_1","unstructured":"2020. Intelsuperscript \u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual.  2020. Intelsuperscript \u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual."},{"key":"e_1_2_2_33_1","volume-title":"2019 USENIX Annual Technical Conference, USENIX ATC 2019","author":"Jangda Abhinav","year":"2019","unstructured":"Abhinav Jangda , Bobby Powers , Emery D Berger , and Arjun Guha . 2019 . Not so fast: Analyzing the performance of WebAssembly vs. native code . In 2019 USENIX Annual Technical Conference, USENIX ATC 2019 , Renton, WA, USA , July 10-12, 2019. USENIX Association. Abhinav Jangda, Bobby Powers, Emery D Berger, and Arjun Guha. 2019. Not so fast: Analyzing the performance of WebAssembly vs. native code. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019. USENIX Association."},{"key":"e_1_2_2_34_1","unstructured":"Evan Johnson. 2021. Update VeriWasm version. https:\/\/github.com\/bytecodealliance\/lucet\/pull\/684  Evan Johnson. 2021. Update VeriWasm version. https:\/\/github.com\/bytecodealliance\/lucet\/pull\/684"},{"key":"e_1_2_2_35_1","volume-title":"Network and Distributed System Security Symposium (NDSS). Internet Society.","author":"Johnson Evan","year":"2021","unstructured":"Evan Johnson , David Thien , Yousef Alhessi , Shravan Narayan , Fraser Brown , Sorin Lerner , Tyler McMullen , Stefan Savage , and Deian Stefan . 2021 . \u0414\u043e\u0432\u0435\u0440\u044f\u0439, \u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0439: SFI safety for native-compiled Wasm . In Network and Distributed System Security Symposium (NDSS). Internet Society. Evan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, and Deian Stefan. 2021. \u0414\u043e\u0432\u0435\u0440\u044f\u0439, \u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0439: SFI safety for native-compiled Wasm. In Network and Distributed System Security Symposium (NDSS). Internet Society."},{"key":"e_1_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/70082.68201"},{"key":"e_1_2_2_37_1","unstructured":"Matthew Kolosick Shravan Narayan Evan Johnson Conrad Watt Michael LeMay Deepak Garg Ranjit Jhala and Deian Stefan. 2021. Isolation Without Taxation: Near Zero Cost Transitions for SFI. arxiv:2105.00033.  Matthew Kolosick Shravan Narayan Evan Johnson Conrad Watt Michael LeMay Deepak Garg Ranjit Jhala and Deian Stefan. 2021. Isolation Without Taxation: Near Zero Cost Transitions for SFI. arxiv:2105.00033."},{"key":"e_1_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2014.10"},{"key":"e_1_2_2_39_1","volume-title":"Code-Pointer Integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14)","author":"Kuznetsov Volodymyr","year":"2014","unstructured":"Volodymyr Kuznetsov , Laszlo Szekeres , Mathias Payer , George Candea , R. Sekar , and Dawn Song . 2014 . Code-Pointer Integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14) . 147\u2013163. isbn:978-1-931971-16-4 https:\/\/www.usenix.org\/conference\/osdi14\/technical-sessions\/presentation\/kuznetsov Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). 147\u2013163. isbn:978-1-931971-16-4 https:\/\/www.usenix.org\/conference\/osdi14\/technical-sessions\/presentation\/kuznetsov"},{"key":"e_1_2_2_40_1","volume-title":"Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201916)","author":"Litton James","year":"2016","unstructured":"James Litton , Anjo Vahldiek-Oberwagner , Eslam Elnikety , Deepak Garg , Bobby Bhattacharjee , and Peter Druschel . 2016 . Light-Weight Contexts: An OS Abstraction for Safety and Performance . In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201916) . USENIX Association, 49\u201364. isbn:978 1931971331 James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201916). USENIX Association, 49\u201364. isbn:9781931971331"},{"key":"e_1_2_2_41_1","unstructured":"H.J. Lu Michael Matz Milind Girkar Jan Hubi\u010dka Andreas Jaeger and Mark Mitchell. 2018. System V Application Binary InterfaceAMD64 Architecture Processor Supplement(With LP64 and ILP32 Programming Models). https:\/\/software.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/intro-to-intel-avx-183287.pdf  H.J. Lu Michael Matz Milind Girkar Jan Hubi\u010dka Andreas Jaeger and Mark Mitchell. 2018. System V Application Binary InterfaceAMD64 Architecture Processor Supplement(With LP64 and ILP32 Programming Models). https:\/\/software.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/intro-to-intel-avx-183287.pdf"},{"key":"e_1_2_2_42_1","volume-title":"Omniware: A universal substrate for web programming. In WWW.","author":"Lucco Steve","year":"1995","unstructured":"Steve Lucco , Oliver Sharp , and Robert Wahbe . 1995 . Omniware: A universal substrate for web programming. In WWW. Steve Lucco, Oliver Sharp, and Robert Wahbe. 1995. Omniware: A universal substrate for web programming. In WWW."},{"key":"e_1_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.16"},{"key":"e_1_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2005.21"},{"key":"e_1_2_2_45_1","volume-title":"Proceedings of the 15th USENIX Security Symposium","author":"McCamant Stephen","year":"2006","unstructured":"Stephen McCamant and Greg Morrisett . 2006 . Evaluating SFI for a CISC Architecture . In Proceedings of the 15th USENIX Security Symposium , Vancouver, BC, Canada, July 31 - August 4, 2006. USENIX Association. Stephen McCamant and Greg Morrisett. 2006. Evaluating SFI for a CISC Architecture. In Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31 - August 4, 2006. USENIX Association."},{"key":"e_1_2_2_46_1","volume-title":"Lucet: A Compiler and Runtime for High-Concurrency Low-Latency Sandboxing.","author":"McMullen Tyler","year":"2020","unstructured":"Tyler McMullen . 2020 . Lucet: A Compiler and Runtime for High-Concurrency Low-Latency Sandboxing. In PriSC. Tyler McMullen. 2020. Lucet: A Compiler and Runtime for High-Concurrency Low-Latency Sandboxing. In PriSC."},{"key":"e_1_2_2_47_1","unstructured":"Kathleen Metrick Jared Semrau and Shambavi Sadayappan. 2020. Think Fast: Time Between Disclosure Patch Release and Vulnerability Exploitation \u2013 Intelligence for Vulnerability Management Part Two. https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/04\/time-between-disclosure-patch-release-and-vulnerability-exploitation.html  Kathleen Metrick Jared Semrau and Shambavi Sadayappan. 2020. Think Fast: Time Between Disclosure Patch Release and Vulnerability Exploitation \u2013 Intelligence for Vulnerability Management Part Two. https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/04\/time-between-disclosure-patch-release-and-vulnerability-exploitation.html"},{"key":"e_1_2_2_48_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Mettler Adrian","year":"2010","unstructured":"Adrian Mettler , David A Wagner , and Tyler Close . 2010 . Joe-E: A Security-Oriented Subset of Java .. In Network and Distributed System Security Symposium (NDSS). Adrian Mettler, David A Wagner, and Tyler Close. 2010. Joe-E: A Security-Oriented Subset of Java.. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_2_2_49_1","unstructured":"Matt Miller. 2019. Trends challenges and strategic shifts in the software vulnerability mitigation landscape. BlueHat.  Matt Miller. 2019. Trends challenges and strategic shifts in the software vulnerability mitigation landscape. BlueHat."},{"key":"e_1_2_2_50_1","volume-title":"Caja: Safe active content in sanitized JavaScript","author":"Miller M.S.","year":"2008","unstructured":"M.S. Miller , M. Samuel , B. Laurie , I. Awad , and M. Stay . 2008 . Caja: Safe active content in sanitized JavaScript . http:\/\/google-caja.googlecode.com\/files\/caja-spec-2008-06-07.pdf M.S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. 2008. Caja: Safe active content in sanitized JavaScript. http:\/\/google-caja.googlecode.com\/files\/caja-spec-2008-06-07.pdf"},{"key":"e_1_2_2_51_1","volume-title":"ACM SIGPLAN Workshop on Compiler Support for System Software, 25\u201335","author":"Morrisett Greg","year":"1999","unstructured":"Greg Morrisett , Karl Crary , Neal Glew , Dan Grossman , Richard Samuels , Frederick Smith , David Walker , Stephanie Weirich , and Steve Zdancewic . 1999 . TALx86: A Realistic Typed Assembly Language . ACM SIGPLAN Workshop on Compiler Support for System Software, 25\u201335 . Greg Morrisett, Karl Crary, Neal Glew, Dan Grossman, Richard Samuels, Frederick Smith, David Walker, Stephanie Weirich, and Steve Zdancewic. 1999. TALx86: A Realistic Typed Assembly Language. ACM SIGPLAN Workshop on Compiler Support for System Software, 25\u201335."},{"key":"e_1_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0956796801004178"},{"key":"e_1_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254111"},{"key":"e_1_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/319301.319345"},{"key":"e_1_2_2_55_1","unstructured":"Mozilla. 2021. Firefox Public Data Report. https:\/\/data.firefox.com\/dashboard\/hardware  Mozilla. 2021. Firefox Public Data Report. https:\/\/data.firefox.com\/dashboard\/hardware"},{"key":"e_1_2_2_56_1","unstructured":"2011. Issue 1607: Signal handling change allows inner sandbox escape on x86-32 Linux in Chrome. https:\/\/bugs.chromium.org\/p\/nativeclient\/issues\/detail?id=1607  2011. Issue 1607: Signal handling change allows inner sandbox escape on x86-32 Linux in Chrome. https:\/\/bugs.chromium.org\/p\/nativeclient\/issues\/detail?id=1607"},{"key":"e_1_2_2_57_1","unstructured":"2011. Issue 1633: Inner sandbox escape on 64-bit Windows via KiUserExceptionDispatcher. https:\/\/bugs.chromium.org\/p\/nativeclient\/issues\/detail?id=1633  2011. Issue 1633: Inner sandbox escape on 64-bit Windows via KiUserExceptionDispatcher. https:\/\/bugs.chromium.org\/p\/nativeclient\/issues\/detail?id=1633"},{"key":"e_1_2_2_58_1","unstructured":"2012. Issue 2919: Security: NaClSwitch() leaks NaClThreadContext pointer to x86-32 untrusted code. https:\/\/bugs.chromium.org\/p\/nativeclient\/issues\/detail?id=2919  2012. Issue 2919: Security: NaClSwitch() leaks NaClThreadContext pointer to x86-32 untrusted code. https:\/\/bugs.chromium.org\/p\/nativeclient\/issues\/detail?id=2919"},{"key":"e_1_2_2_59_1","doi-asserted-by":"crossref","unstructured":"2010. Issue 775: Uninitialized sendmsg syscall arguments in sel_ldr. https:\/\/bugs.chromium.org\/p\/nativeclient\/issues\/detail?id=775  2010. Issue 775: Uninitialized sendmsg syscall arguments in sel_ldr. https:\/\/bugs.chromium.org\/p\/nativeclient\/issues\/detail?id=775","DOI":"10.1002\/ejoc.201090009"},{"key":"e_1_2_2_60_1","volume-title":"Retrofitting Fine Grain Isolation in the Firefox Renderer. In 29th USENIX Security Symposium, USENIX Security 2020","author":"Narayan Shravan","year":"2020","unstructured":"Shravan Narayan , Craig Disselkoen , Tal Garfinkel , Nathan Froyd , Eric Rahm , Sorin Lerner , Hovav Shacham , and Deian Stefan . 2020 . Retrofitting Fine Grain Isolation in the Firefox Renderer. In 29th USENIX Security Symposium, USENIX Security 2020 , August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 699\u2013716. Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 699\u2013716."},{"key":"e_1_2_2_61_1","volume-title":"Gobi: WebAssembly as a Practical Path to Library Sandboxing. arxiv:1912.02285.","author":"Narayan Shravan","year":"2019","unstructured":"Shravan Narayan , Tal Garfinkel , Sorin Lerner , Hovav Shacham , and Deian Stefan . 2019 . Gobi: WebAssembly as a Practical Path to Library Sandboxing. arxiv:1912.02285. Shravan Narayan, Tal Garfinkel, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2019. Gobi: WebAssembly as a Practical Path to Library Sandboxing. arxiv:1912.02285."},{"key":"e_1_2_2_62_1","unstructured":"Native Client team. 2009. Native Client security contest archive. https:\/\/developer.chrome.com\/docs\/native-client\/community\/security-contest\/  Native Client team. 2009. Native Client security contest archive. https:\/\/developer.chrome.com\/docs\/native-client\/community\/security-contest\/"},{"key":"e_1_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660281"},{"key":"e_1_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/1952682.1952703"},{"key":"e_1_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCC-SmartCity-DSS.2017.5"},{"key":"e_1_2_2_66_1","unstructured":"Henrik Rydgard. 2020. Windows (Fastcall) calling convention: Callee-saved XMM (FP) registers are not actually saved. https:\/\/github.com\/bytecodealliance\/wasmtime\/issues\/1177  Henrik Rydgard. 2020. Windows (Fastcall) calling convention: Callee-saved XMM (FP) registers are not actually saved. https:\/\/github.com\/bytecodealliance\/wasmtime\/issues\/1177"},{"key":"e_1_2_2_67_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Schrammel David","year":"2020","unstructured":"David Schrammel , Samuel Weiser , Stefan Steinegger , Martin Schwarzl , Michael Schwarz , Stefan Mangard , and Daniel Gruss . 2020 . Donky: Domain Keys \u2013 Efficient In-Process Isolation for RISC-V and x86 . In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association, 1677\u20131694. isbn:978-1-939133-17-5 https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/schrammel David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain Keys \u2013 Efficient In-Process Isolation for RISC-V and x86. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1677\u20131694. isbn:978-1-939133-17-5 https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/schrammel"},{"key":"e_1_2_2_68_1","volume-title":"19th USENIX Security Symposium","author":"Sehr David","year":"2010","unstructured":"David Sehr , Robert Muth , Karl Schimpf , Cliff Bif\ufb02e , Victor Khimenko , Bennet Yee , Brad Chen , and Egor Pasko . 2010 . Adapting Software Fault Isolation to Contemporary CPU Architectures . In 19th USENIX Security Symposium , Washington, DC, USA , August 11-13, 2010, Proceedings. USENIX Association, 1\u201312. David Sehr, Robert Muth, Karl Schimpf, Cliff Bif\ufb02e, Victor Khimenko, Bennet Yee, Brad Chen, and Egor Pasko. 2010. Adapting Software Fault Isolation to Contemporary CPU Architectures. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings. USENIX Association, 1\u201312."},{"key":"e_1_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/238721.238779"},{"key":"e_1_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866331"},{"key":"e_1_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290332"},{"key":"e_1_2_2_72_1","volume-title":"Principles and implementation techniques of software-based fault isolation","author":"Tan Gang","unstructured":"Gang Tan . 2017. Principles and implementation techniques of software-based fault isolation . Now Publishers . Gang Tan. 2017. Principles and implementation techniques of software-based fault isolation. Now Publishers."},{"key":"e_1_2_2_73_1","unstructured":"The LLVM Foundation. 2018. Automatic variable initialization. https:\/\/reviews.llvm.org\/rL349442  The LLVM Foundation. 2018. Automatic variable initialization. https:\/\/reviews.llvm.org\/rL349442"},{"key":"e_1_2_2_74_1","unstructured":"The LLVM Foundation. 2021. Control Flow Integrity Clang 12 documentation. https:\/\/clang.llvm.org\/docs\/ControlFlowIntegrity.html  The LLVM Foundation. 2021. Control Flow Integrity Clang 12 documentation. https:\/\/clang.llvm.org\/docs\/ControlFlowIntegrity.html"},{"key":"e_1_2_2_75_1","unstructured":"The LLVM Foundation. 2021. SafeStack Clang 12 documentation. https:\/\/clang.llvm.org\/docs\/SafeStack.html  The LLVM Foundation. 2021. SafeStack Clang 12 documentation. https:\/\/clang.llvm.org\/docs\/SafeStack.html"},{"key":"e_1_2_2_76_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium, Kevin Fu and Jaeyeon Jung (Eds.). 941\u2013955","author":"Tice Caroline","year":"2014","unstructured":"Caroline Tice , Tom Roeder , Peter Collingbourne , Stephen Checkoway , \u00dalfar Erlingsson , Luis Lozano , and Geoff Pike . 2014 . Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM . In Proceedings of the 23rd USENIX Security Symposium, Kevin Fu and Jaeyeon Jung (Eds.). 941\u2013955 . Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, \u00dalfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium, Kevin Fu and Jaeyeon Jung (Eds.). 941\u2013955."},{"key":"e_1_2_2_77_1","unstructured":"Alex Tsariounov. 2021. Shielding Linux Resources\u2014Introduction. https:\/\/documentation.suse.com\/sle-rt\/15-SP1\/html\/SLE-RT-all\/cha-shielding-intro.html  Alex Tsariounov. 2021. Shielding Linux Resources\u2014Introduction. https:\/\/documentation.suse.com\/sle-rt\/15-SP1\/html\/SLE-RT-all\/cha-shielding-intro.html"},{"key":"e_1_2_2_78_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno O Duarte , Michael Sammler , Peter Druschel , and Deepak Garg . 2019 . ERIM: Secure, Ef\ufb01cient In-process Isolation with Protection Keys (MPK) . In 28th USENIX Security Symposium (USENIX Security 19) . USENIX Association, 1221\u20131238. isbn:978-1-939133-06-9 Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Ef\ufb01cient In-process Isolation with Protection Keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, 1221\u20131238. isbn:978-1-939133-06-9"},{"key":"e_1_2_2_79_1","unstructured":"K. Varda. 2018. WebAssembly on Cloudflare workers. https:\/\/blog.cloudflare.com\/webassembly-on-cloudflare-workers\/  K. Varda. 2018. WebAssembly on Cloudflare workers. https:\/\/blog.cloudflare.com\/webassembly-on-cloudflare-workers\/"},{"key":"e_1_2_2_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.9"},{"key":"e_1_2_2_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/3360559"},{"key":"e_1_2_2_83_1","unstructured":"WebAssembly Community Group. 2021. Exception Handling. https:\/\/github.com\/WebAssembly\/exception-handling  WebAssembly Community Group. 2021. Exception Handling. https:\/\/github.com\/WebAssembly\/exception-handling"},{"key":"e_1_2_2_84_1","doi-asserted-by":"crossref","unstructured":"Xuejun Yang Yang Chen Eric Eide and John Regehr. 2011. Finding and understanding bugs in C compilers. In PLDI.  Xuejun Yang Yang Chen Eric Eide and John Regehr. 2011. Finding and understanding bugs in C compilers. In PLDI.","DOI":"10.1145\/1993498.1993532"},{"key":"e_1_2_2_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"key":"e_1_2_2_86_1","unstructured":"Alon Zakai. 2020. WasmBoxC: Simple Easy and Fast VM-less Sandboxing. https:\/\/kripken.github.io\/blog\/wasm\/2020\/07\/27\/wasmboxc.html  Alon Zakai. 2020. WasmBoxC: Simple Easy and Fast VM-less Sandboxing. https:\/\/kripken.github.io\/blog\/wasm\/2020\/07\/27\/wasmboxc.html"},{"key":"e_1_2_2_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046713"},{"key":"e_1_2_2_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/2038642.2038687"},{"key":"e_1_2_2_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660344"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3498688","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3498688","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3498688","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:28Z","timestamp":1750188628000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3498688"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,12]]},"references-count":89,"journal-issue":{"issue":"POPL","published-print":{"date-parts":[[2022,1,16]]}},"alternative-id":["10.1145\/3498688"],"URL":"https:\/\/doi.org\/10.1145\/3498688","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1,12]]},"assertion":[{"value":"2022-01-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}