{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:48:25Z","timestamp":1750308505031,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":94,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,8,23]],"date-time":"2022-08-23T00:00:00Z","timestamp":1661212800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["22H03565"],"award-info":[{"award-number":["22H03565"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,8,23]]},"DOI":"10.1145\/3546591.3547530","type":"proceedings-article","created":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T05:38:53Z","timestamp":1661924333000},"page":"68-77","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards isolated execution at the machine level"],"prefix":"10.1145","author":[{"given":"Shu","family":"Anzai","sequence":"first","affiliation":[{"name":"The University of Tokyo, Tokyo, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Masanori","family":"Misono","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ryo","family":"Nakamura","sequence":"additional","affiliation":[{"name":"The University of Tokyo, Tokyo, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yohei","family":"Kuga","sequence":"additional","affiliation":[{"name":"The University of Tokyo, Tokyo, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Takahiro","family":"Shinagawa","sequence":"additional","affiliation":[{"name":"The University of Tokyo, Tokyo, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,8,30]]},"reference":[{"unstructured":"2017. CVE-2017-7308. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-7308.  2017. CVE-2017-7308. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-7308.","key":"e_1_3_2_1_1_1"},{"unstructured":"2018. CVE-2018-3620. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-3620.  2018. CVE-2018-3620. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-3620.","key":"e_1_3_2_1_2_1"},{"unstructured":"2018. CVE-2018-3639. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-3639.  2018. CVE-2018-3639. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-3639.","key":"e_1_3_2_1_3_1"},{"unstructured":"2018. CVE-2018-3693. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-3693.  2018. CVE-2018-3693. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-3693.","key":"e_1_3_2_1_4_1"},{"unstructured":"2022. speedtest1.c. https:\/\/sqlite.org\/src\/file\/test\/speedtest1.c.  2022. speedtest1.c. https:\/\/sqlite.org\/src\/file\/test\/speedtest1.c.","key":"e_1_3_2_1_5_1"},{"key":"e_1_3_2_1_6_1","volume-title":"SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Abubakar Muhammad","year":"2021","unstructured":"Muhammad Abubakar , Adil Ahmad , Pedro Fonseca , and Dongyan Xu . 2021 . SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In 30th USENIX Security Symposium (USENIX Security 21) . USENIX Association, 2435--2452. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/abubakar Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, and Dongyan Xu. 2021. SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 2435--2452. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/abubakar"},{"key":"e_1_3_2_1_7_1","volume-title":"9th USENIX Security Symposium (USENIX Security 00)","author":"Acharya Anurag","year":"2000","unstructured":"Anurag Acharya and Mandar Raje . 2000 . MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications . In 9th USENIX Security Symposium (USENIX Security 00) . USENIX Association, Denver, CO. https:\/\/www.usenix.org\/conference\/9th-usenix-security-symposium\/mapbox-using-parameterized-behavior-classes-confine Anurag Acharya and Mandar Raje. 2000. MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications. In 9th USENIX Security Symposium (USENIX Security 00). USENIX Association, Denver, CO. https:\/\/www.usenix.org\/conference\/9th-usenix-security-symposium\/mapbox-using-parameterized-behavior-classes-confine"},{"key":"e_1_3_2_1_8_1","volume-title":"Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20)","author":"Agache Alexandru","year":"2020","unstructured":"Alexandru Agache , Marc Brooker , Alexandra Iordache , Anthony Liguori , Rolf Neugebauer , Phil Piwonka , and Diana-Maria Popa . 2020 . Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20) . USENIX Association, Santa Clara, CA, 419--434. https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/agache Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20). USENIX Association, Santa Clara, CA, 419--434. https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/agache"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov , Bohdan Trach , Franz Gregor , Thomas Knauth , Andre Martin , Christian Priebe , Joshua Lind , Divya Muthukumaran , Dan O'Keeffe , Mark L. Stillwell , David Goltzsche , David Eyers , R\u00fcdiger Kapitza , Peter Pietzuch , and Christof Fetzer . 2016 . SCONE: Secure Linux Containers with Intel SGX . In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation ( Savannah, GA, USA) (OSDI'16). USENIX Association, USA, 689--703. Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Stillwell, David Goltzsche, David Eyers, R\u00fcdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (Savannah, GA, USA) (OSDI'16). USENIX Association, USA, 689--703."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_10_1","DOI":"10.5555\/2685048.2685070"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_11_1","DOI":"10.1145\/352600.352624"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_12_1","DOI":"10.1145\/74850.74861"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_13_1","DOI":"10.1109\/CloudCom.2015.89"},{"key":"e_1_3_2_1_14_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck , Nico Weichbrodt , R\u00fcdiger Kapitza , Frank Piessens , and Raoul Strackx . 2017 . Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution . In 26th USENIX Security Symposium (USENIX Security 17) . USENIX Association, Vancouver, BC, 1041--1056. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/van-bulck Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1041--1056. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/van-bulck"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_15_1","DOI":"10.1145\/3054924"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.1145\/3474123.3486762"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_17_1","DOI":"10.1145\/224056.224079"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_18_1","DOI":"10.1145\/3462699"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_19_1","DOI":"10.1145\/2043556.2043575"},{"key":"e_1_3_2_1_20_1","volume-title":"PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Connor R. Joseph","year":"2020","unstructured":"R. Joseph Connor , Tyler McDaniel , Jared M. Smith , and Max Schuchard . 2020 . PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association, 1409--1426. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/connor R. Joseph Connor, Tyler McDaniel, Jared M. Smith, and Max Schuchard. 2020. PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1409--1426. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/connor"},{"unstructured":"Mitre Corporation. 2022. CVE - Common Vulnerabilities and Exposures.  Mitre Corporation. 2022. CVE - Common Vulnerabilities and Exposures.","key":"e_1_3_2_1_21_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_22_1","DOI":"10.1145\/2694344.2694386"},{"key":"e_1_3_2_1_23_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020","author":"DeMarinis Nicholas","year":"2020","unstructured":"Nicholas DeMarinis , Kent Williams-King , Di Jin , Rodrigo Fonseca , and Vasileios P. Kemerlis . 2020. sysfilter: Automated System Call Filtering for Commodity Software . In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020 ). USENIX Association, San Sebastian, 459--474. https:\/\/www.usenix.org\/conference\/raid 2020 \/presentation\/demarinis Nicholas DeMarinis, Kent Williams-King, Di Jin, Rodrigo Fonseca, and Vasileios P. Kemerlis. 2020. sysfilter: Automated System Call Filtering for Commodity Software. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX Association, San Sebastian, 459--474. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/demarinis"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium. USENIX Association, USA, Article 26","author":"Dessouky Ghada","year":"2020","unstructured":"Ghada Dessouky , Tommaso Frassetto , and Ahmad-Reza Sadeghi . 2020 . HYB-CACHE: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments . In Proceedings of the 29th USENIX Conference on Security Symposium. USENIX Association, USA, Article 26 , 18 pages. Ghada Dessouky, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2020. HYB-CACHE: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments. In Proceedings of the 29th USENIX Conference on Security Symposium. USENIX Association, USA, Article 26, 18 pages."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.1145\/3456631"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1109\/SECPRI.1999.766713"},{"key":"e_1_3_2_1_27_1","volume-title":"Ostia: A Delegating Architecture for Secure System Call Interposition.. In NDSS.","author":"Garfinkel Tal","year":"2004","unstructured":"Tal Garfinkel , Ben Pfaff , Mendel Rosenblum , 2004 . Ostia: A Delegating Architecture for Secure System Call Interposition.. In NDSS. Tal Garfinkel, Ben Pfaff, Mendel Rosenblum, et al. 2004. Ostia: A Delegating Architecture for Secure System Call Interposition.. In NDSS."},{"key":"e_1_3_2_1_28_1","volume-title":"Confine: Automated System Call Policy Generation for Container Attack Surface Reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia , Tapti Palit , Azzedine Benameur , and Michalis Polychronakis . 2020 . Confine: Automated System Call Policy Generation for Container Attack Surface Reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020 ). USENIX Association, San Sebastian, 443--458. https:\/\/www.usenix.org\/conference\/raid 2020\/presentation\/ghavanmnia Seyedhamed Ghavamnia, Tapti Palit, Azzedine Benameur, and Michalis Polychronakis. 2020. Confine: Automated System Call Policy Generation for Container Attack Surface Reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX Association, San Sebastian, 443--458. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/ghavanmnia"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_29_1","DOI":"10.5555\/3489212.3489311"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography -","volume":"6","author":"Goldberg Ian","unstructured":"Ian Goldberg , David Wagner , Randi Thomas , and Eric A. Brewer . 1996. A Secure Environment for Untrusted Helper Applications Confining the Wily Hacker . In Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6 (San Jose, California) (SSYM'96). USENIX Association, USA, 1. Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. 1996. A Secure Environment for Untrusted Helper Applications Confining the Wily Hacker. In Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6 (San Jose, California) (SSYM'96). USENIX Association, USA, 1."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_31_1","DOI":"10.1145\/3471621.3471849"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference. USENIX Association, USA, Article 27","author":"Gu Jinyu","year":"2020","unstructured":"Jinyu Gu , Xinyue Wu , Wentai Li , Nian Liu , Zeyu Mi , Yubin Xia , and Haibo Chen . 2020 . Harmonizing Performance and Isolation in Microkernels with Efficient Intra-Kernel Isolation and Communication . In Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference. USENIX Association, USA, Article 27 , 17 pages. Jinyu Gu, Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, and Haibo Chen. 2020. Harmonizing Performance and Isolation in Microkernels with Efficient Intra-Kernel Isolation and Communication. In Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference. USENIX Association, USA, Article 27, 17 pages."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1109\/DSN.2014.52"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.1145\/1851276.1851282"},{"volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Kemerlis Vasileios P.","unstructured":"Vasileios P. Kemerlis , Michalis Polychronakis , and Angelos D. Keromytis . 2014. ret2dir: Rethinking Kernel Isolation . In 23rd USENIX Security Symposium (USENIX Security 14) . USENIX Association, San Diego, CA, 957--972. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/kemerlis Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis. 2014. ret2dir: Rethinking Kernel Isolation. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA, 957--972. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/kemerlis","key":"e_1_3_2_1_35_1"},{"key":"e_1_3_2_1_36_1","volume-title":"Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference (USENIX ATC 13)","author":"Kim Taesoo","year":"2013","unstructured":"Taesoo Kim and Nickolai Zeldovich . 2013 . Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference (USENIX ATC 13) . USENIX Association, San Jose, CA, 139--144. https:\/\/www.usenix.org\/conference\/atc13\/technical-sessions\/presentation\/kim Taesoo Kim and Nickolai Zeldovich. 2013. Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference (USENIX ATC 13). USENIX Association, San Jose, CA, 139--144. https:\/\/www.usenix.org\/conference\/atc13\/technical-sessions\/presentation\/kim"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_37_1","DOI":"10.1145\/1629575.1629596"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_38_1","DOI":"10.1109\/SP.2019.00002"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_39_1","DOI":"10.1145\/1807167.1807231"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_40_1","DOI":"10.1145\/3447786.3456248"},{"key":"e_1_3_2_1_41_1","volume-title":"17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20)","author":"Kuga Yohei","year":"2020","unstructured":"Yohei Kuga , Ryo Nakamura , Takeshi Matsuya , and Yuji Sekiya . 2020 . NetTLP: A Development Platform for PCIe devices in Software Interacting with Hardware . In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20) . USENIX Association, Santa Clara, CA, 141--155. https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/kuga Yohei Kuga, Ryo Nakamura, Takeshi Matsuya, and Yuji Sekiya. 2020. NetTLP: A Development Platform for PCIe devices in Software Interacting with Hardware. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20). USENIX Association, Santa Clara, CA, 141--155. https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/kuga"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_42_1","DOI":"10.1145\/3471621.3471840"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_43_1","DOI":"10.1145\/3342195.3387526"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_44_1","DOI":"10.1145\/2660267.2660331"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_45_1","DOI":"10.1145\/3342195.3387532"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_46_1","DOI":"10.1145\/3124680.3124717"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_47_1","DOI":"10.1145\/3477132.3483554"},{"key":"e_1_3_2_1_48_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Li Shih-Wei","year":"2019","unstructured":"Shih-Wei Li , John S. Koh , and Jason Nieh . 2019 . Protecting Cloud Virtual Machines from Hypervisor and Host Operating System Exploits . In 28th USENIX Security Symposium (USENIX Security 19) . USENIX Association, Santa Clara, CA, 1357--1374. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li-shih-wei Shih-Wei Li, John S. Koh, and Jason Nieh. 2019. Protecting Cloud Virtual Machines from Hypervisor and Host Operating System Exploits. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1357--1374. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li-shih-wei"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_49_1","DOI":"10.1109\/SP40001.2021.00049"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_50_1","DOI":"10.1145\/3508360"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_51_1","DOI":"10.1145\/3274694.3274720"},{"key":"e_1_3_2_1_52_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Anders Fogh , Jann Horn , Stefan Mangard , Paul Kocher , Daniel Genkin , Yuval Yarom , and Mike Hamburg . 2018 . Meltdown: Reading Kernel Memory from User Space . In 27th USENIX Security Symposium (USENIX Security 18) . USENIX Association, Baltimore, MD, 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_53_1","DOI":"10.1145\/2451116.2451167"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_54_1","DOI":"10.1145\/3173162.3173209"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_55_1","DOI":"10.1109\/TSE.2010.60"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_56_1","DOI":"10.1145\/3132747.3132763"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_57_1","DOI":"10.1109\/SP.2010.17"},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium. USENIX Association, USA, Article 96","author":"Mi Zeyu","year":"2020","unstructured":"Zeyu Mi , Dingji Li , Haibo Chen , Binyu Zang , and Haibing Guan . 2020 . (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization . In Proceedings of the 29th USENIX Conference on Security Symposium. USENIX Association, USA, Article 96 , 18 pages. Zeyu Mi, Dingji Li, Haibo Chen, Binyu Zang, and Haibing Guan. 2020. (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization. In Proceedings of the 29th USENIX Conference on Security Symposium. USENIX Association, USA, Article 96, 18 pages."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_59_1","DOI":"10.1109\/TCAD.2019.2915318"},{"key":"e_1_3_2_1_60_1","volume-title":"Proceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference (Renton, WA, USA) (USENIX ATC '19). USENIX Association, USA, 269--284","author":"Narayanan Vikram","year":"2019","unstructured":"Vikram Narayanan , Abhiram Balasubramanian , Charlie Jacobsen , Sarah Spall , Scott Bauer , Michael Quigley , Aftab Hussain , Abdullah Younis , Junjie Shen , Moinak Bhattacharyya , and Anton Burtsev . 2019 . LXDs: Towards Isolation of Kernel Subsystems . In Proceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference (Renton, WA, USA) (USENIX ATC '19). USENIX Association, USA, 269--284 . Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scott Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, and Anton Burtsev. 2019. LXDs: Towards Isolation of Kernel Subsystems. In Proceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference (Renton, WA, USA) (USENIX ATC '19). USENIX Association, USA, 269--284."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_61_1","DOI":"10.1145\/3381052.3381328"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_62_1","DOI":"10.1145\/2168836.2168851"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_63_1","DOI":"10.1109\/ISCA45697.2020.00069"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_64_1","DOI":"10.1145\/3291047"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_65_1","DOI":"10.1145\/3432893"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_66_1","DOI":"10.1109\/DSN.2005.23"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_67_1","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_68_1","volume-title":"Proceedings of the 31st USENIX Conference on Security Symposium","author":"Schrammel David","year":"2022","unstructured":"David Schrammel , Samuel Weiser , Richard Sadek , and Stefan Mangard . 2022 . Jenny: Securing Syscalls for PKU-based Memory Isolation Systems . In Proceedings of the 31st USENIX Conference on Security Symposium ( Santa Clara, CA, USA). USENIX Association, USA. David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard. 2022. Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In Proceedings of the 31st USENIX Conference on Security Symposium (Santa Clara, CA, USA). USENIX Association, USA."},{"key":"e_1_3_2_1_69_1","volume-title":"Donky: Domain Keys - Efficient in-Process Isolation for RISC-V and X86","author":"Schrammel David","year":"2020","unstructured":"David Schrammel , Samuel Weiser , Stefan Steinegger , Martin Schwarzl , Michael Schwarz , Stefan Mangard , and Daniel Gruss . 2020 . Donky: Domain Keys - Efficient in-Process Isolation for RISC-V and X86 . USENIX Association , USA. David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain Keys - Efficient in-Process Isolation for RISC-V and X86. USENIX Association, USA."},{"key":"e_1_3_2_1_70_1","first-page":"71","article-title":"Exploiting the DRAM rowhamme rbug to gain kernel privileges","volume":"15","author":"Seaborn Mark","year":"2015","unstructured":"Mark Seaborn and Thomas Dullien . 2015 . Exploiting the DRAM rowhamme rbug to gain kernel privileges . Black Hat 15 (2015), 71 . Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhamme rbug to gain kernel privileges. Black Hat 15 (2015), 71.","journal-title":"Black Hat"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_71_1","DOI":"10.1145\/3297858.3304016"},{"doi-asserted-by":"crossref","unstructured":"Lei Shi Yuming Wu Yubin Xia Nathan Dautenhahn Haibo Chen Binyu Zang and Jinming Li. 2017. Deconstructing Xen.. In NDSS.  Lei Shi Yuming Wu Yubin Xia Nathan Dautenhahn Haibo Chen Binyu Zang and Jinming Li. 2017. Deconstructing Xen.. In NDSS.","key":"e_1_3_2_1_72_1","DOI":"10.14722\/ndss.2017.23455"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_73_1","DOI":"10.1145\/2988545"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_74_1","DOI":"10.1145\/3382190"},{"key":"e_1_3_2_1_75_1","volume-title":"FlexSC: Flexible System Call Scheduling with Exception-Less System Calls. In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI 10)","author":"Soares Livio","year":"2010","unstructured":"Livio Soares and Michael Stumm . 2010 . FlexSC: Flexible System Call Scheduling with Exception-Less System Calls. In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI 10) . USENIX Association, Vancouver, BC. https:\/\/www.usenix.org\/conference\/osdi10\/flexsc-flexible-system-call-scheduling-exception-less-system-calls Livio Soares and Michael Stumm. 2010. FlexSC: Flexible System Call Scheduling with Exception-Less System Calls. In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI 10). USENIX Association, Vancouver, BC. https:\/\/www.usenix.org\/conference\/osdi10\/flexsc-flexible-system-call-scheduling-exception-less-system-calls"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_76_1","DOI":"10.14722\/ndss.2016.23121"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_77_1","DOI":"10.1145\/1755913.1755935"},{"key":"e_1_3_2_1_78_1","volume-title":"Proceedings of the 27th USENIX Conference on Security Symposium","author":"Sun Yuqiong","year":"2018","unstructured":"Yuqiong Sun , David Safford , Mimi Zohar , Dimitrios Pendarakis , Zhongshu Gu , and Trent Jaeger . 2018 . Security Namespace: Making Linux Security Frameworks Available to Containers . In Proceedings of the 27th USENIX Conference on Security Symposium ( Baltimore, MD, USA) (SEC'18). USENIX Association, USA, 1423--1439. Yuqiong Sun, David Safford, Mimi Zohar, Dimitrios Pendarakis, Zhongshu Gu, and Trent Jaeger. 2018. Security Namespace: Making Linux Security Frameworks Available to Containers. In Proceedings of the 27th USENIX Conference on Security Symposium (Baltimore, MD, USA) (SEC'18). USENIX Association, USA, 1423--1439."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_79_1","DOI":"10.1145\/2046707.2046754"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_80_1","DOI":"10.1145\/195473.195481"},{"key":"e_1_3_2_1_81_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno O. Duarte , Michael Sammler , Peter Druschel , and Deepak Garg . 2019 . ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK) . In 28th USENIX Security Symposium (USENIX Security 19) . USENIX Association, Santa Clara, CA, 1221--1238. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/vahldiek-oberwagner Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1221--1238. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/vahldiek-oberwagner"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_82_1","DOI":"10.1145\/3492321.3519560"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_83_1","DOI":"10.1109\/ICST.2017.16"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_84_1","DOI":"10.1109\/SP40000.2020.00087"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_85_1","DOI":"10.1145\/3492321.3519553"},{"key":"e_1_3_2_1_86_1","volume-title":"Taming Hosted Hypervisors with (Mostly) Deprivileged Execution. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013","author":"Wu Chiachih","year":"2013","unstructured":"Chiachih Wu , Zhi Wang , and Xuxian Jiang . 2013 . Taming Hosted Hypervisors with (Mostly) Deprivileged Execution. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013 , San Diego, California, USA, February 24--27 , 2013. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2013\/taming-hosted-hypervisors-mostly-deprivileged-execution Chiachih Wu, Zhi Wang, and Xuxian Jiang. 2013. Taming Hosted Hypervisors with (Mostly) Deprivileged Execution. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24--27, 2013. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2013\/taming-hosted-hypervisors-mostly-deprivileged-execution"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_87_1","DOI":"10.1145\/3442479"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_88_1","DOI":"10.1109\/SP.2015.45"},{"volume-title":"Proceedings of the 11th USENIX Conference on Hot Topics in Cloud Computing","author":"Young Ethan G.","unstructured":"Ethan G. Young , Pengfei Zhu , Tyler Caraza-Harter , Andrea C. Arpaci-Dusseau , and Remzi H . Arpaci-Dusseau. 2019. The True Cost of Containing: A GVisor Case Study . In Proceedings of the 11th USENIX Conference on Hot Topics in Cloud Computing ( Renton, WA, USA) (HotCloud'19). USENIX Association, USA, 16. Ethan G. Young, Pengfei Zhu, Tyler Caraza-Harter, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2019. The True Cost of Containing: A GVisor Case Study. In Proceedings of the 11th USENIX Conference on Hot Topics in Cloud Computing (Renton, WA, USA) (HotCloud'19). USENIX Association, USA, 16.","key":"e_1_3_2_1_89_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_90_1","DOI":"10.1145\/2043556.2043576"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_91_1","DOI":"10.1007\/978-3-030-00470-5_32"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_92_1","DOI":"10.1109\/TDSC.2021.3071092"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_93_1","DOI":"10.1145\/3448016.3457308"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_94_1","DOI":"10.1145\/3512345"}],"event":{"sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"],"acronym":"APSys '22","name":"APSys '22: 13th ACM SIGOPS Asia-Pacific Workshop on Systems","location":"Virtual Event Singapore"},"container-title":["Proceedings of the 13th ACM SIGOPS Asia-Pacific Workshop on Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3546591.3547530","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3546591.3547530","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:44:02Z","timestamp":1750272242000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3546591.3547530"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,23]]},"references-count":94,"alternative-id":["10.1145\/3546591.3547530","10.1145\/3546591"],"URL":"https:\/\/doi.org\/10.1145\/3546591.3547530","relation":{},"subject":[],"published":{"date-parts":[[2022,8,23]]},"assertion":[{"value":"2022-08-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}