{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T09:09:10Z","timestamp":1769072950328,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":80,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","award":["101070141"],"award-info":[{"award-number":["101070141"]}],"id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3595799","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"149-162","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Cage4Deno: A Fine-Grained Sandbox for Deno Subprocesses"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7115-1867","authenticated-orcid":false,"given":"Marco","family":"Abbadini","sequence":"first","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7534-6055","authenticated-orcid":false,"given":"Dario","family":"Facchinetti","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5717-7101","authenticated-orcid":false,"given":"Gianluca","family":"Oldani","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6459-0810","authenticated-orcid":false,"given":"Matthew","family":"Rossi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0399-1738","authenticated-orcid":false,"given":"Stefano","family":"Paraboschi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Italy"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"A. Starovoitov. 2020. CAP_BPF. https:\/\/lwn.net\/Articles\/820560\/ A. Starovoitov. 2020. CAP_BPF. https:\/\/lwn.net\/Articles\/820560\/"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"M. Abbadini M. Beretta D. Facchinetti G. Oldani M. Rossi and S. Paraboschi. 2023. Leveraging eBPF to enhance sandboxing of WebAssembly runtime. In ASIACCS. M. Abbadini M. Beretta D. Facchinetti G. Oldani M. Rossi and S. Paraboschi. 2023. Leveraging eBPF to enhance sandboxing of WebAssembly runtime. In ASIACCS.","DOI":"10.1145\/3579856.3592831"},{"key":"e_1_3_2_1_3_1","unstructured":"M.\u00a0M. Ahmadpanah D. Hedin M. Balliu L.\u00a0E. Olsson and A. Sabelfeld. 2021. SandTrap: Securing JavaScript-driven Trigger-Action Platforms. In USENIX Security. M.\u00a0M. Ahmadpanah D. Hedin M. Balliu L.\u00a0E. Olsson and A. Sabelfeld. 2021. SandTrap: Securing JavaScript-driven Trigger-Action Platforms. In USENIX Security."},{"key":"e_1_3_2_1_4_1","unstructured":"W. Almesberger. 1999. Linux Network Traffic Control \u2013 Implementation Overview. W. Almesberger. 1999. Linux Network Traffic Control \u2013 Implementation Overview."},{"key":"e_1_3_2_1_5_1","unstructured":"Apache. 2022. JMeter. https:\/\/jmeter.apache.org\/ Apache. 2022. JMeter. https:\/\/jmeter.apache.org\/"},{"key":"e_1_3_2_1_6_1","volume":"202","author":"B\u00e9lair M.","unstructured":"M. B\u00e9lair , S. Laniepce , and J. Menaud. 202 1. SNAPPY: Programmable Kernel-Level Policies for Containers. In SAC. M. B\u00e9lair, S. Laniepce, and J. Menaud. 2021. SNAPPY: Programmable Kernel-Level Policies for Containers. In SAC.","journal-title":"J. Menaud."},{"key":"e_1_3_2_1_7_1","volume-title":"TRON: Process-Specific File Protection for the UNIX Operating System. In USENIX ATC.","author":"Berman A.","year":"1995","unstructured":"A. Berman , V. Bourassa , and E. Selberg . 1995 . TRON: Process-Specific File Protection for the UNIX Operating System. In USENIX ATC. A. Berman, V. Bourassa, and E. Selberg. 1995. TRON: Process-Specific File Protection for the UNIX Operating System. In USENIX ATC."},{"key":"e_1_3_2_1_8_1","volume-title":"Multiple Instances of the Global Linux Namespaces. In Ottawa Linux Symposium (OLS).","author":"Biederman W.","year":"2006","unstructured":"E.\u00a0 W. Biederman . 2006 . Multiple Instances of the Global Linux Namespaces. In Ottawa Linux Symposium (OLS). E.\u00a0W. Biederman. 2006. Multiple Instances of the Global Linux Namespaces. In Ottawa Linux Symposium (OLS)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"C. Canella M. Werner D. Gruss and M. Schwarz. 2021. Automating Seccomp Filter Generation for Linux Applications. In CCSW. C. Canella M. Werner D. Gruss and M. Schwarz. 2021. Automating Seccomp Filter Generation for Linux Applications. In CCSW.","DOI":"10.1145\/3474123.3486762"},{"key":"e_1_3_2_1_10_1","unstructured":"Canonical. 2022. AppArmor. https:\/\/apparmor.net. Canonical. 2022. AppArmor. https:\/\/apparmor.net."},{"key":"e_1_3_2_1_11_1","unstructured":"Cilium. 2022. Cilium. https:\/\/github.com\/cilium\/cilium Cilium. 2022. Cilium. https:\/\/github.com\/cilium\/cilium"},{"key":"e_1_3_2_1_12_1","unstructured":"containers. 2022. Bubblewrap. https:\/\/github.com\/containers\/bubblewrap containers. 2022. Bubblewrap. https:\/\/github.com\/containers\/bubblewrap"},{"key":"e_1_3_2_1_13_1","unstructured":"J. Corbet. 201"},{"key":"e_1_3_2_1_14_1","unstructured":"CVE Mitre. 2021. Gitlab Exiftool vulnerability. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-22205 CVE Mitre. 2021. Gitlab Exiftool vulnerability. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-22205"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"A. Decan T. Mens and E. Constantinou. 2018. On the Impact of Security Vulnerabilities in the npm Package Dependency Network. In MSR. A. Decan T. Mens and E. Constantinou. 2018. On the Impact of Security Vulnerabilities in the npm Package Dependency Network. In MSR.","DOI":"10.1145\/3196398.3196401"},{"key":"e_1_3_2_1_16_1","unstructured":"N. DeMarinis K. Williams-King D. Jin R. Fonseca and V.\u00a0P. Kemerlis. 2020. sysfilter: Automated System Call Filtering for Commodity Software. In RAID. N. DeMarinis K. Williams-King D. Jin R. Fonseca and V.\u00a0P. Kemerlis. 2020. sysfilter: Automated System Call Filtering for Commodity Software. In RAID."},{"key":"e_1_3_2_1_17_1","unstructured":"Deno Land. 2022. Deno Permission Model. https:\/\/deno.land\/manual\/getting_started\/permissions#permissions Deno Land. 2022. Deno Permission Model. https:\/\/deno.land\/manual\/getting_started\/permissions#permissions"},{"key":"e_1_3_2_1_18_1","unstructured":"Deno Land. 2022. Deno standard library for testing. https:\/\/deno.land\/std\/testing Deno Land. 2022. Deno standard library for testing. https:\/\/deno.land\/std\/testing"},{"key":"e_1_3_2_1_19_1","unstructured":"Deno Land. 2022. Deno Subprocess. https:\/\/deno.land\/manual@v1.26.0\/examples\/subprocess Deno Land. 2022. Deno Subprocess. https:\/\/deno.land\/manual@v1.26.0\/examples\/subprocess"},{"key":"e_1_3_2_1_20_1","unstructured":"Deno Land. 2022. Deno Workers. https:\/\/deno.land\/manual@v1.26.0\/runtime\/workers Deno Land. 2022. Deno Workers. https:\/\/deno.land\/manual@v1.26.0\/runtime\/workers"},{"key":"e_1_3_2_1_21_1","unstructured":"Deno Land. 2022. Node compatibility mode. https:\/\/deno.land\/manual\/node\/compatibility_mode. Deno Land. 2022. Node compatibility mode. https:\/\/deno.land\/manual\/node\/compatibility_mode."},{"key":"e_1_3_2_1_22_1","unstructured":"Docs.rs. 2022. Tokio. https:\/\/docs.rs\/tokio\/0.2.0\/tokio\/index.html Docs.rs. 2022. Tokio. https:\/\/docs.rs\/tokio\/0.2.0\/tokio\/index.html"},{"key":"e_1_3_2_1_23_1","unstructured":"dsherret. 2022. dax. https:\/\/github.com\/dsherret\/dax. dsherret. 2022. dax. https:\/\/github.com\/dsherret\/dax."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"R. Duan O. Alrawi R.\u00a0P. Kasturi R. Elder B. Saltaformaggio and W. Lee. 2021. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. In NDSS. R. Duan O. Alrawi R.\u00a0P. Kasturi R. Elder B. Saltaformaggio and W. Lee. 2021. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. In NDSS.","DOI":"10.14722\/ndss.2021.23055"},{"key":"e_1_3_2_1_25_1","unstructured":"Falco. 2022. Falco. https:\/\/github.com\/falcosecurity\/falco Falco. 2022. Falco. https:\/\/github.com\/falcosecurity\/falco"},{"key":"e_1_3_2_1_26_1","unstructured":"W. Findlay D. Barrera and A. Somayaji. 2021. BPFContain: Fixing the Soft Underbelly of Container Security. arXiv (2021). W. Findlay D. Barrera and A. Somayaji. 2021. BPFContain: Fixing the Soft Underbelly of Container Security. arXiv (2021)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"W. Findlay A. Somayaji and D. Barrera. 2020. bpfbox: Simple Precise Process Confinement with eBPF. In CCSW. W. Findlay A. Somayaji and D. Barrera. 2020. bpfbox: Simple Precise Process Confinement with eBPF. In CCSW.","DOI":"10.1145\/3411495.3421358"},{"key":"e_1_3_2_1_28_1","volume-title":"Houdini\u2019s Escape: Breaking the Resource Rein of Linux Control Groups. In CCS.","author":"Gao X.","year":"2019","unstructured":"X. Gao , Z. Gu , Z. Li , H. Jamjoom , and C. Wang . 2019 . Houdini\u2019s Escape: Breaking the Resource Rein of Linux Control Groups. In CCS. X. Gao, Z. Gu, Z. Li, H. Jamjoom, and C. Wang. 2019. Houdini\u2019s Escape: Breaking the Resource Rein of Linux Control Groups. In CCS."},{"key":"e_1_3_2_1_29_1","volume-title":"Enclosure: Language-Based Restriction of Untrusted Libraries. In ASPLOS.","author":"Ghosn A.","year":"2021","unstructured":"A. Ghosn , M. Kogias , M. Payer , J.\u00a0 R. Larus , and E. Bugnion . 2021 . Enclosure: Language-Based Restriction of Untrusted Libraries. In ASPLOS. A. Ghosn, M. Kogias, M. Payer, J.\u00a0R. Larus, and E. Bugnion. 2021. Enclosure: Language-Based Restriction of Untrusted Libraries. In ASPLOS."},{"key":"e_1_3_2_1_30_1","unstructured":"Google. 2022. Minijail. https:\/\/google.github.io\/minijail\/ Google. 2022. Minijail. https:\/\/google.github.io\/minijail\/"},{"key":"e_1_3_2_1_31_1","unstructured":"Google. 2022. Sandbox2. https:\/\/developers.google.com\/code-sandboxing\/sandbox2\/ Google. 2022. Sandbox2. https:\/\/developers.google.com\/code-sandboxing\/sandbox2\/"},{"key":"e_1_3_2_1_32_1","unstructured":"Google. 2022. zx. https:\/\/github.com\/google\/zx. Google. 2022. zx. https:\/\/github.com\/google\/zx."},{"key":"e_1_3_2_1_33_1","unstructured":"B. Gregg. 2021. BPF Internals. https:\/\/www.usenix.org\/conference\/lisa21\/presentation\/gregg-bpf USENIX LISA. B. Gregg. 2021. BPF Internals. https:\/\/www.usenix.org\/conference\/lisa21\/presentation\/gregg-bpf USENIX LISA."},{"key":"e_1_3_2_1_34_1","unstructured":"H. Tao. 2022. BPF: Introduce ternary search tree for string key. https:\/\/lore.kernel.org\/bpf\/20220331122822.14283-1-houtao1@huawei.com. H. Tao. 2022. BPF: Introduce ternary search tree for string key. https:\/\/lore.kernel.org\/bpf\/20220331122822.14283-1-houtao1@huawei.com."},{"key":"e_1_3_2_1_35_1","unstructured":"H. Tao. 2022. BPF: Support for string key in hash-table. https:\/\/lore.kernel.org\/bpf\/20211219052245.791605-1-houtao1@huawei.com H. Tao. 2022. BPF: Support for string key in hash-table. https:\/\/lore.kernel.org\/bpf\/20211219052245.791605-1-houtao1@huawei.com"},{"key":"e_1_3_2_1_36_1","unstructured":"hackerone. 2021. External SSRF and Local File Read due to vulnerable FFmpeg. https:\/\/hackerone.com\/reports\/1062888 hackerone. 2021. External SSRF and Local File Read due to vulnerable FFmpeg. https:\/\/hackerone.com\/reports\/1062888"},{"key":"e_1_3_2_1_37_1","volume-title":"Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In USENIX ATC.","author":"Hedayati M.","year":"2019","unstructured":"M. Hedayati , S. Gravani , E. Johnson , J. Criswell , M.\u00a0 L. Scott , K. Shen , and M. Marty . 2019 . Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In USENIX ATC. M. Hedayati, S. Gravani, E. Johnson, J. Criswell, M.\u00a0L. Scott, K. Shen, and M. Marty. 2019. Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In USENIX ATC."},{"key":"e_1_3_2_1_38_1","unstructured":"J. Jia Y. Zhu D. Williams A. Arcangeli C. Canella H. Franke T. Feldman-Fitzthum D. Skarlatos D. Gruss and T. Xu. 2023. Programmable System Call Security with eBPF. arXiv (2023). J. Jia Y. Zhu D. Williams A. Arcangeli C. Canella H. Franke T. Feldman-Fitzthum D. Skarlatos D. Gruss and T. Xu. 2023. Programmable System Call Security with eBPF. arXiv (2023)."},{"key":"e_1_3_2_1_39_1","volume-title":"Phantom Attack: Evading System Call Monitoring. https:\/\/defcon.org\/html\/defcon-29\/dc-29-speakers.html#guo DEFCON.","author":"Junyuan Z.","year":"2021","unstructured":"Z. Junyuan and R. Guo . 2021 . Phantom Attack: Evading System Call Monitoring. https:\/\/defcon.org\/html\/defcon-29\/dc-29-speakers.html#guo DEFCON. Z. Junyuan and R. Guo. 2021. Phantom Attack: Evading System Call Monitoring. https:\/\/defcon.org\/html\/defcon-29\/dc-29-speakers.html#guo DEFCON."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"J. Kar\u00e1sek R. Burget and O. Morsk\u00fd. 2011. Towards an Automatic Design of Non-Cryptographic Hash Function. In TSP. J. Kar\u00e1sek R. Burget and O. Morsk\u00fd. 2011. Towards an Automatic Design of Non-Cryptographic Hash Function. In TSP.","DOI":"10.1109\/TSP.2011.6043785"},{"key":"e_1_3_2_1_41_1","unstructured":"M. Kehoe. 2022. eBPF: The Next Power Tool of SREs. https:\/\/www.usenix.org\/conference\/srecon22americas\/presentation\/kehoe-ebpf USENIX SREcon. M. Kehoe. 2022. eBPF: The Next Power Tool of SREs. https:\/\/www.usenix.org\/conference\/srecon22americas\/presentation\/kehoe-ebpf USENIX SREcon."},{"key":"e_1_3_2_1_42_1","unstructured":"T. Kim and N. Zeldovich. 2013. Practical and Effective Sandboxing for Non-root Users. In USENIX ATC. T. Kim and N. Zeldovich. 2013. Practical and Effective Sandboxing for Non-root Users. In USENIX ATC."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"P. Kirth M. Dickerson S. Crane P. Larsen A. Dabrowski D. Gens Y. Na S. Volckaert and M. Franz. 2022. PKRU-safe: automatically locking down the heap between safe and unsafe languages. In EuroSys. P. Kirth M. Dickerson S. Crane P. Larsen A. Dabrowski D. Gens Y. Na S. Volckaert and M. Franz. 2022. PKRU-safe: automatically locking down the heap between safe and unsafe languages. In EuroSys.","DOI":"10.1145\/3492321.3519582"},{"key":"e_1_3_2_1_44_1","volume-title":"Deno: JavaScript runtime. https:\/\/deno.land\/","author":"Land Deno","year":"2022","unstructured":"Deno Land . 2022 . Deno: JavaScript runtime. https:\/\/deno.land\/ Deno Land. 2022. Deno: JavaScript runtime. https:\/\/deno.land\/"},{"key":"e_1_3_2_1_45_1","unstructured":"X. Li Y. Chen Z. Lin X. Wang and J.\u00a0H. Chen. 2021. Automatic Policy Generation for Inter-Service Access Control of Microservices. In USENIX Security. X. Li Y. Chen Z. Lin X. Wang and J.\u00a0H. Chen. 2021. Automatic Policy Generation for Inter-Service Access Control of Microservices. In USENIX Security."},{"key":"e_1_3_2_1_46_1","volume":"201","author":"Li Y.","unstructured":"Y. Li , B. Dolan-Gavitt , S. Weber , and J. Cappos. 201 7. Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path. In USENIX ATC. Y. Li, B. Dolan-Gavitt, S. Weber, and J. Cappos. 2017. Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path. In USENIX ATC.","journal-title":"J. Cappos."},{"key":"e_1_3_2_1_47_1","unstructured":"libbpf. 2022. libbpf. https:\/\/libbpf.readthedocs.io\/en\/latest\/index.html libbpf. 2022. libbpf. https:\/\/libbpf.readthedocs.io\/en\/latest\/index.html"},{"key":"e_1_3_2_1_48_1","unstructured":"M. K. Lau. 2017. BPF map-in-map support. https:\/\/www.mail-archive.com\/netdev@vger.kernel.org\/msg159387.html M. K. Lau. 2017. BPF map-in-map support. https:\/\/www.mail-archive.com\/netdev@vger.kernel.org\/msg159387.html"},{"key":"e_1_3_2_1_49_1","unstructured":"M. S. Miller. 2022. Draft Proposal for SES (Secure EcmaScript). https:\/\/github.com\/tc39\/proposal-ses M. S. Miller. 2022. Draft Proposal for SES (Secure EcmaScript). https:\/\/github.com\/tc39\/proposal-ses"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"crossref","unstructured":"L. Mastrangelo L. Ponzanelli A. Mocci M. Lanza M. Hauswirth and N. Nystrom. 2015. Use at Your Own Risk: The Java Unsafe API in the Wild. SIGPLAN (2015). L. Mastrangelo L. Ponzanelli A. Mocci M. Lanza M. Hauswirth and N. Nystrom. 2015. Use at Your Own Risk: The Java Unsafe API in the Wild. SIGPLAN (2015).","DOI":"10.1145\/2814270.2814313"},{"key":"e_1_3_2_1_51_1","unstructured":"A. Nakryiko. 2020. BPF CO-RE. https:\/\/facebookmicrosites.github.io\/bpf\/blog\/2020\/02\/19\/bpf-portability-and-co-re.html A. Nakryiko. 2020. BPF CO-RE. https:\/\/facebookmicrosites.github.io\/bpf\/blog\/2020\/02\/19\/bpf-portability-and-co-re.html"},{"key":"e_1_3_2_1_52_1","unstructured":"S. Narayan C. Disselkoen T. Garfinkel N. Froyd E. Rahm S. Lerner H. Shacham and D. Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In USENIX Security. S. Narayan C. Disselkoen T. Garfinkel N. Froyd E. Rahm S. Lerner H. Shacham and D. Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In USENIX Security."},{"key":"e_1_3_2_1_53_1","unstructured":"netblue30. 2022. Firejail. https:\/\/firejail.wordpress.com\/ netblue30. 2022. Firejail. https:\/\/firejail.wordpress.com\/"},{"key":"e_1_3_2_1_54_1","unstructured":"Npm. 2022. fluent-ffmpeg. https:\/\/www.npmjs.com\/package\/fluent-ffmpeg. Npm. 2022. fluent-ffmpeg. https:\/\/www.npmjs.com\/package\/fluent-ffmpeg."},{"key":"e_1_3_2_1_55_1","unstructured":"Npm. 2022. gm. https:\/\/www.npmjs.com\/package\/gm. Npm. 2022. gm. https:\/\/www.npmjs.com\/package\/gm."},{"key":"e_1_3_2_1_56_1","unstructured":"Npm. 2022. sane. https:\/\/www.npmjs.com\/package\/sane. Npm. 2022. sane. https:\/\/www.npmjs.com\/package\/sane."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"G. Ntousakis S. Ioannidis and N. Vasilakis. 2021. Detecting Third-Party Library Problems with Combined Program Analysis. In CCS. G. Ntousakis S. Ioannidis and N. Vasilakis. 2021. Detecting Third-Party Library Problems with Combined Program Analysis. In CCS.","DOI":"10.1145\/3460120.3485351"},{"key":"e_1_3_2_1_58_1","unstructured":"OpenJS Foundation. 2022. Worker threads. https:\/\/nodejs.org\/api\/worker_threads.html OpenJS Foundation. 2022. Worker threads. https:\/\/nodejs.org\/api\/worker_threads.html"},{"key":"e_1_3_2_1_59_1","unstructured":"P. Simek. 2022. Proposal for VM2: Advanced vm\/sandbox for Node.js. https:\/\/github.com\/patriksimek\/vm2 P. Simek. 2022. Proposal for VM2: Advanced vm\/sandbox for Node.js. https:\/\/github.com\/patriksimek\/vm2"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"crossref","unstructured":"T. Park K. Dhondt D. Gens Y. Na S. Volckaert and M. Franz. 2020. NoJITsu: Locking Down JavaScript Engines. In NDSS. T. Park K. Dhondt D. Gens Y. Na S. Volckaert and M. Franz. 2020. NoJITsu: Locking Down JavaScript Engines. In NDSS.","DOI":"10.14722\/ndss.2020.24262"},{"key":"e_1_3_2_1_61_1","unstructured":"K. Quest. 2022. SlimToolkit. https:\/\/github.com\/slimtoolkit\/slim K. Quest. 2022. SlimToolkit. https:\/\/github.com\/slimtoolkit\/slim"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"crossref","unstructured":"E. Rivera S. Mergendahl H. Shrobe H. Okhravi and N. Burow. 2021. Keeping Safe Rust Safe with Galeed. In ACSAC. E. Rivera S. Mergendahl H. Shrobe H. Okhravi and N. Burow. 2021. Keeping Safe Rust Safe with Galeed. In ACSAC.","DOI":"10.1145\/3485832.3485903"},{"key":"e_1_3_2_1_63_1","unstructured":"M. Rossi D. Facchinetti E. Bacis M. Rosa and S. Paraboschi. 2021. SEApp: Bringing Mandatory Access Control to Android Apps. In USENIX Security. M. Rossi D. Facchinetti E. Bacis M. Rosa and S. Paraboschi. 2021. SEApp: Bringing Mandatory Access Control to Android Apps. In USENIX Security."},{"key":"e_1_3_2_1_64_1","unstructured":"Micka\u00ebl Sala\u00fcn. 2022. Landlock. https:\/\/landlock.io\/ Micka\u00ebl Sala\u00fcn. 2022. Landlock. https:\/\/landlock.io\/"},{"key":"e_1_3_2_1_65_1","volume-title":"Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In USENIX Security.","author":"Schrammel D.","year":"2022","unstructured":"D. Schrammel , S. Weiser , R. Sadek , and S. Mangard . 2022 . Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In USENIX Security. D. Schrammel, S. Weiser, R. Sadek, and S. Mangard. 2022. Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In USENIX Security."},{"key":"e_1_3_2_1_66_1","volume-title":"State of Open Source Security","year":"2022","unstructured":"Snyk. 2022. State of Open Source Security 2022 . https:\/\/snyk.io\/reports\/open-source-security\/. Snyk. 2022. State of Open Source Security 2022. https:\/\/snyk.io\/reports\/open-source-security\/."},{"key":"e_1_3_2_1_67_1","unstructured":"Snyk. 2022. Zip Slip Vulnerability. https:\/\/snyk.io\/research\/zip-slip-vulnerability Snyk. 2022. Zip Slip Vulnerability. https:\/\/snyk.io\/research\/zip-slip-vulnerability"},{"key":"e_1_3_2_1_68_1","unstructured":"Stack Overflow Insights. 2022. Annual survey of the Stack Overflow community. https:\/\/survey.stackoverflow.co\/2022\/ Stack Overflow Insights. 2022. Annual survey of the Stack Overflow community. https:\/\/survey.stackoverflow.co\/2022\/"},{"key":"e_1_3_2_1_69_1","volume-title":"Synode: Understanding and Automatically Preventing Injection Attacks on Node.js. In NDSS.","author":"Staicu C.","year":"2018","unstructured":"C. Staicu , M. Pradel , and B. Livshits . 2018 . Synode: Understanding and Automatically Preventing Injection Attacks on Node.js. In NDSS. C. Staicu, M. Pradel, and B. Livshits. 2018. Synode: Understanding and Automatically Preventing Injection Attacks on Node.js. In NDSS."},{"key":"e_1_3_2_1_70_1","volume-title":"Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages. USENIX Security","author":"Staicu C.","year":"2023","unstructured":"C. Staicu , S. Rahaman , \u00c1. Kiss, and M. Backes . 2023 . Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages. USENIX Security (2023). C. Staicu, S. Rahaman, \u00c1. Kiss, and M. Backes. 2023. Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages. USENIX Security (2023)."},{"key":"e_1_3_2_1_71_1","unstructured":"J. Terrace S.\u00a0R. Beard and N.\u00a0P.\u00a0K. Katta. 2012. JavaScript in JavaScript(js.js): Sandboxing Third-Party Scripts. In WebApps. J. Terrace S.\u00a0R. Beard and N.\u00a0P.\u00a0K. Katta. 2012. JavaScript in JavaScript(js.js): Sandboxing Third-Party Scripts. In WebApps."},{"key":"e_1_3_2_1_72_1","unstructured":"V8 project. 2022. What is V8?https:\/\/v8.dev\/ V8 project. 2022. What is V8?https:\/\/v8.dev\/"},{"key":"e_1_3_2_1_73_1","volume-title":"ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In USENIX Security.","author":"Vahldiek-Oberwagner A.","year":"2019","unstructured":"A. Vahldiek-Oberwagner , E. Elnikety , N.\u00a0 O. Duarte , M. Sammler , P. Druschel , and D. Garg . 2019 . ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In USENIX Security. A. Vahldiek-Oberwagner, E. Elnikety, N.\u00a0O. Duarte, M. Sammler, P. Druschel, and D. Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In USENIX Security."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"crossref","unstructured":"N. Vasilakis B. Karel N. Roessler N. Dautenhahn A. DeHon and J.\u00a0M. Smith. 2018. BreakApp: Automated Flexible Application Compartmentalization. In NDSS. N. Vasilakis B. Karel N. Roessler N. Dautenhahn A. DeHon and J.\u00a0M. Smith. 2018. BreakApp: Automated Flexible Application Compartmentalization. In NDSS.","DOI":"10.14722\/ndss.2018.23131"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"crossref","unstructured":"N. Vasilakis C. Staicu G. Ntousakis K. Kallas B. Karel A. DeHon and M. Pradel. 2021. Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction. In CCS. N. Vasilakis C. Staicu G. Ntousakis K. Kallas B. Karel A. DeHon and M. Pradel. 2021. Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction. In CCS.","DOI":"10.1145\/3460120.3484535"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"crossref","unstructured":"A. Voulimeneas J. Vinck R. Mechelinck and S. Volckaert. 2022. You Shall Not (by)Pass! Practical Secure and Fast PKU-Based Sandboxing. In EuroSys. A. Voulimeneas J. Vinck R. Mechelinck and S. Volckaert. 2022. You Shall Not (by)Pass! Practical Secure and Fast PKU-Based Sandboxing. In EuroSys.","DOI":"10.1145\/3492321.3519560"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"crossref","unstructured":"Z. Wan D. Lo X. Xia L. Cai and S. Li. 2017. Mining Sandboxes for Linux Containers. In ICST. Z. Wan D. Lo X. Xia L. Cai and S. Li. 2017. Mining Sandboxes for Linux Containers. In ICST.","DOI":"10.1109\/ICST.2017.16"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"crossref","unstructured":"E. Wyss A. Wittman D. Davidson and L. De\u00a0Carli. 2022. Wolf at the Door: Preventing Install-Time Attacks in npm with Latch. In ASIACCS. E. Wyss A. Wittman D. Davidson and L. De\u00a0Carli. 2022. Wolf at the Door: Preventing Install-Time Attacks in npm with Latch. In ASIACCS.","DOI":"10.1145\/3488932.3523262"},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"crossref","unstructured":"W. Zhang P. Liu and T. Jaeger. 2021. Analyzing the Overhead of File Protection by Linux Security Modules. In ASIACCS. W. Zhang P. Liu and T. Jaeger. 2021. Analyzing the Overhead of File Protection by Linux Security Modules. In ASIACCS.","DOI":"10.1145\/3433210.3453078"},{"key":"e_1_3_2_1_80_1","volume-title":"High Risks: A Study of Security Threats in the Npm Ecosystem. In USENIX Security.","author":"Zimmermann M.","year":"2019","unstructured":"M. Zimmermann , C. Staicu , C. Tenny , and M. Pradel . 2019 . Smallworld with High Risks: A Study of Security Threats in the Npm Ecosystem. In USENIX Security. M. Zimmermann, C. Staicu, C. Tenny, and M. Pradel. 2019. Smallworld with High Risks: A Study of Security Threats in the Npm Ecosystem. In USENIX Security."}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3595799","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:17Z","timestamp":1750183697000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3595799"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":80,"alternative-id":["10.1145\/3579856.3595799","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3595799","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}