{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T16:27:17Z","timestamp":1781022437342,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":95,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,3,25]],"date-time":"2023-03-25T00:00:00Z","timestamp":1679702400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCF-2153748"],"award-info":[{"award-number":["CCF-2153748"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,3,25]]},"DOI":"10.1145\/3582016.3582066","type":"proceedings-article","created":{"date-parts":[[2023,3,20]],"date-time":"2023-03-20T16:59:03Z","timestamp":1679331543000},"page":"528-541","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["Protect the System Call, Protect (Most of) the World with BASTION"],"prefix":"10.1145","author":[{"given":"Christopher","family":"Jelesnianski","sequence":"first","affiliation":[{"name":"Virginia Tech, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mohannad","family":"Ismail","sequence":"additional","affiliation":[{"name":"Virginia Tech, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yeongjin","family":"Jang","sequence":"additional","affiliation":[{"name":"Oregon State University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dan","family":"Williams","sequence":"additional","affiliation":[{"name":"Virginia Tech, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Changwoo","family":"Min","sequence":"additional","affiliation":[{"name":"Virginia Tech, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,3,25]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2022. 64-bit Linux Return Oriented Programming.  https:\/\/crypto.stanford.edu\/ blynn\/rop\/ \t\t\t\t  2022. 64-bit Linux Return Oriented Programming.  https:\/\/crypto.stanford.edu\/ blynn\/rop\/"},{"key":"e_1_3_2_1_2_1","unstructured":"2022. 64-bit ROP | You rule \u2018em all!.  https:\/\/0x00sec.org\/t\/64-bit-rop-you-rule-em-all\/1937 \t\t\t\t  2022. 64-bit ROP | You rule \u2018em all!.  https:\/\/0x00sec.org\/t\/64-bit-rop-you-rule-em-all\/1937"},{"key":"e_1_3_2_1_3_1","unstructured":"2022. Analysis of Defenses against Return Oriented Programming.  https:\/\/www.eit.lth.se\/sprapport.php?uid=829\/ \t\t\t\t  2022. Analysis of Defenses against Return Oriented Programming.  https:\/\/www.eit.lth.se\/sprapport.php?uid=829\/"},{"key":"e_1_3_2_1_4_1","unstructured":"2022. ARM exploitation - Defeating DEP - executing mprotect.  https:\/\/blog.3or.de\/arm-exploitation-defeating-dep-executing-mprotect.html \t\t\t\t  2022. ARM exploitation - Defeating DEP - executing mprotect.  https:\/\/blog.3or.de\/arm-exploitation-defeating-dep-executing-mprotect.html"},{"key":"e_1_3_2_1_5_1","unstructured":"2022. Bypass DEP\/NX and ASLR with Return Oriented Programming Technique.  https:\/\/medium.com\/4ndr3w\/linux-x86-bypass-dep-nx-and-aslr-with-return-oriented-programming-ef4768363c9a\/ \t\t\t\t  2022. Bypass DEP\/NX and ASLR with Return Oriented Programming Technique.  https:\/\/medium.com\/4ndr3w\/linux-x86-bypass-dep-nx-and-aslr-with-return-oriented-programming-ef4768363c9a\/"},{"key":"e_1_3_2_1_6_1","unstructured":"2022. Bypassing non-executable memory ASLR and stack canaries on x86-64 Linux.  https:\/\/www.antoniobarresi.com\/security\/exploitdev\/2014\/05\/03\/64bitexploitation\/ \t\t\t\t  2022. Bypassing non-executable memory ASLR and stack canaries on x86-64 Linux.  https:\/\/www.antoniobarresi.com\/security\/exploitdev\/2014\/05\/03\/64bitexploitation\/"},{"key":"e_1_3_2_1_7_1","unstructured":"2022. Bypassing non-executable-stack during Exploitation (return-to-libc).  https:\/\/www.exploit-db.com\/papers\/13204\/ \t\t\t\t  2022. Bypassing non-executable-stack during Exploitation (return-to-libc).  https:\/\/www.exploit-db.com\/papers\/13204\/"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"2022. Crashmail 1.6 - Stack-Based Buffer Overflow (ROP).  https:\/\/www.exploit-db.com\/exploits\/44331\/ \t\t\t\t  2022. Crashmail 1.6 - Stack-Based Buffer Overflow (ROP).  https:\/\/www.exploit-db.com\/exploits\/44331\/","DOI":"10.1155\/2022\/1251987"},{"key":"e_1_3_2_1_9_1","unstructured":"2022. DBT-2.  https:\/\/github.com\/nuodb\/dbt2 \t\t\t\t  2022. DBT-2.  https:\/\/github.com\/nuodb\/dbt2"},{"key":"e_1_3_2_1_10_1","unstructured":"2022. dkftpbench v0.45.  http:\/\/www.kegel.com\/dkftpbench\/ \t\t\t\t  2022. dkftpbench v0.45.  http:\/\/www.kegel.com\/dkftpbench\/"},{"key":"e_1_3_2_1_11_1","unstructured":"2022. Exploitation - Returning to libc.  https:\/\/www.exploit-db.com\/papers\/13197\/ \t\t\t\t  2022. Exploitation - Returning to libc.  https:\/\/www.exploit-db.com\/papers\/13197\/"},{"key":"e_1_3_2_1_12_1","unstructured":"2022. HT Editor 2.0.20 - Local Buffer Overflow (ROP).  https:\/\/www.exploit-db.com\/exploits\/22683\/ \t\t\t\t  2022. HT Editor 2.0.20 - Local Buffer Overflow (ROP).  https:\/\/www.exploit-db.com\/exploits\/22683\/"},{"key":"e_1_3_2_1_13_1","unstructured":"2022. Introduction to Return Oriented Programming (ROP).  https:\/\/codearcana.com\/posts\/2013\/05\/28\/introduction-to-return-oriented-programming-rop.html\/ \t\t\t\t  2022. Introduction to Return Oriented Programming (ROP).  https:\/\/codearcana.com\/posts\/2013\/05\/28\/introduction-to-return-oriented-programming-rop.html\/"},{"key":"e_1_3_2_1_14_1","unstructured":"2022. NGINX Web Server.  nginx.org\/ \t\t\t\t  2022. NGINX Web Server.  nginx.org\/"},{"key":"e_1_3_2_1_15_1","unstructured":"2022. PHP 5.3.6 - Local Buffer Overflow (ROP).  https:\/\/www.exploit-db.com\/exploits\/17486\/ \t\t\t\t  2022. PHP 5.3.6 - Local Buffer Overflow (ROP).  https:\/\/www.exploit-db.com\/exploits\/17486\/"},{"key":"e_1_3_2_1_16_1","unstructured":"2022. PMS 0.42 - Local Stack-Based Overflow (ROP).  https:\/\/www.exploit-db.com\/exploits\/44426\/ \t\t\t\t  2022. PMS 0.42 - Local Stack-Based Overflow (ROP).  https:\/\/www.exploit-db.com\/exploits\/44426\/"},{"key":"e_1_3_2_1_17_1","unstructured":"2022. Return Oriented Programming and ROPgadget tool.  http:\/\/shell-storm.org\/blog\/Return-Oriented-Programming-and-ROPgadget-tool\/ \t\t\t\t  2022. Return Oriented Programming and ROPgadget tool.  http:\/\/shell-storm.org\/blog\/Return-Oriented-Programming-and-ROPgadget-tool\/"},{"key":"e_1_3_2_1_18_1","unstructured":"2022. Return-Oriented-Programming (ROP FTW).  http:\/\/www.exploit-db.com\/docs\/english\/28479-return-oriented-programming-(rop-ftw).pdf \t\t\t\t  2022. Return-Oriented-Programming (ROP FTW).  http:\/\/www.exploit-db.com\/docs\/english\/28479-return-oriented-programming-(rop-ftw).pdf"},{"key":"e_1_3_2_1_19_1","unstructured":"2022. ROP-CTF101.  https:\/\/ctf101.org\/binary-exploitation\/return-oriented-programming\/ \t\t\t\t  2022. ROP-CTF101.  https:\/\/ctf101.org\/binary-exploitation\/return-oriented-programming\/"},{"key":"e_1_3_2_1_20_1","unstructured":"2022. Simple ROP Exploit Example.  https:\/\/gist.github.com\/mayanez\/c6bb9f2a26fa75261a9a26a0a637531b\/ \t\t\t\t  2022. Simple ROP Exploit Example.  https:\/\/gist.github.com\/mayanez\/c6bb9f2a26fa75261a9a26a0a637531b\/"},{"key":"e_1_3_2_1_21_1","unstructured":"2022. vsftpd.  http:\/\/www.kegel.com\/dkftpbench\/ \t\t\t\t  2022. vsftpd.  http:\/\/www.kegel.com\/dkftpbench\/"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_3_2_1_23_1","volume-title":"SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Abubakar Muhammad","year":"2021","unstructured":"Muhammad Abubakar , Adil Ahmad , Pedro Fonseca , and Dongyan Xu . 2021 . SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In 30th USENIX Security Symposium (USENIX Security 21) . Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, and Dongyan Xu. 2021. SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In 30th USENIX Security Symposium (USENIX Security 21)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359823"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1803\u20131820","author":"Ahmed Salman","year":"2020","unstructured":"Salman Ahmed , Ya Xiao , Kevin Z Snow , Gang Tan , Fabian Monrose , and Danfeng Yao . 2020 . Methodologies for quantifying (Re-) randomization security and timing under JIT-ROP . In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1803\u20131820 . Salman Ahmed, Ya Xiao, Kevin Z Snow, Gang Tan, Fabian Monrose, and Danfeng Yao. 2020. Methodologies for quantifying (Re-) randomization security and timing under JIT-ROP. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1803\u20131820."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352624"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3054924"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00076"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium (Security)","author":"Carlini Nicholas","year":"2014","unstructured":"Nicholas Carlini and David Wagner . 2014 . ROP is Still Dangerous: Breaking Modern Defenses .. In Proceedings of the 23rd USENIX Security Symposium (Security) . San Diego, CA. Nicholas Carlini and David Wagner. 2014. ROP is Still Dangerous: Breaking Modern Defenses.. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA."},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 193\u2013204","author":"Carr Scott A","year":"2017","unstructured":"Scott A Carr and Mathias Payer . 2017 . Datashield: Configurable data confidentiality and integrity . In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 193\u2013204 . Scott A Carr and Mathias Payer. 2017. Datashield: Configurable data confidentiality and integrity. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 193\u2013204."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/1298455.1298470"},{"key":"e_1_3_2_1_32_1","volume-title":"USENIX Security Symposium. 5.","author":"Chen Shuo","year":"2005","unstructured":"Shuo Chen , Jun Xu , Emre Can Sezer , Prachi Gauriar , and Ravishankar K Iyer . 2005 . Non-Control-Data Attacks Are Realistic Threats .. In USENIX Security Symposium. 5. Shuo Chen, Jun Xu, Emre Can Sezer, Prachi Gauriar, and Ravishankar K Iyer. 2005. Non-Control-Data Attacks Are Realistic Threats.. In USENIX Security Symposium. 5."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Yueqiang Cheng Zongwei Zhou Yu Miao Xuhua Ding and Robert H Deng. 2014. ROPecker: A generic and practical approach for defending against ROP attack. Feb.. \t\t\t\t  Yueqiang Cheng Zongwei Zhou Yu Miao Xuhua Ding and Robert H Deng. 2014. ROPecker: A generic and practical approach for defending against ROP attack. Feb..","DOI":"10.14722\/ndss.2014.23156"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813682"},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS)","author":"Dang Thurston H.Y.","year":"2015","unstructured":"Thurston H.Y. Dang , Petros Maniatis , and David Wagner . 2015 . The Performance Cost of Shadow Stacks and Stack Canaries . In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS) . Singapore, Republic of Singapore. Thurston H.Y. Dang, Petros Maniatis, and David Wagner. 2015. The Performance Cost of Shadow Stacks and Stack Canaries. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Singapore, Republic of Singapore."},{"key":"e_1_3_2_1_36_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID","author":"DeMarinis Nicholas","year":"2020","unstructured":"Nicholas DeMarinis , Kent Williams-King , Di Jin , Rodrigo Fonseca , and Vasileios P Kemerlis . 2020 . sysfilter: Automated system call filtering for commodity software . In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). 459\u2013474. Nicholas DeMarinis, Kent Williams-King, Di Jin, Rodrigo Fonseca, and Vasileios P Kemerlis. 2020. sysfilter: Automated system call filtering for commodity software. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). 459\u2013474."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 26th USENIX Security Symposium (Security)","author":"Ding Ren","year":"2017","unstructured":"Ren Ding , Chenxiong Qian , Chengyu Song , Bill Harris , Taesoo Kim , and Wenke Lee . 2017 . Efficient protection of path-sensitive control security . In Proceedings of the 26th USENIX Security Symposium (Security) . Vancouver, BC, Canada. Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. 2017. Efficient protection of path-sensitive control security. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3490176","article-title":"Toward Taming the Overhead Monster for Data-flow Integrity","volume":"27","author":"Feng Lang","year":"2021","unstructured":"Lang Feng , Jiayi Huang , Jeff Huang , and Jiang Hu . 2021 . Toward Taming the Overhead Monster for Data-flow Integrity . ACM Transactions on Design Automation of Electronic Systems (TODAES) , 27 , 3 (2021), 1 \u2013 24 . Lang Feng, Jiayi Huang, Jeff Huang, and Jiang Hu. 2021. Toward Taming the Overhead Monster for Data-flow Integrity. ACM Transactions on Design Automation of Electronic Systems (TODAES), 27, 3 (2021), 1\u201324.","journal-title":"ACM Transactions on Design Automation of Electronic Systems (TODAES)"},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS)","author":"Ge Xinyang","year":"2017","unstructured":"Xinyang Ge , Weidong Cui , and Trent Jaeger . 2017 . Griffin: Guarding control flows using intel processor trace . In Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) . Xi\u2019an, China. Xinyang Ge, Weidong Cui, and Trent Jaeger. 2017. Griffin: Guarding control flows using intel processor trace. In Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Xi\u2019an, China."},{"key":"e_1_3_2_1_41_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia , Tapti Palit , Azzedine Benameur , and Michalis Polychronakis . 2020 . Confine: Automated system call policy generation for container attack surface reduction . In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). 443\u2013458. Seyedhamed Ghavamnia, Tapti Palit, Azzedine Benameur, and Michalis Polychronakis. 2020. Confine: Automated system call policy generation for container attack surface reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). 443\u2013458."},{"key":"e_1_3_2_1_42_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia , Tapti Palit , Shachee Mishra , and Michalis Polychronakis . 2020 . Temporal system call specialization for attack surface reduction . In 29th USENIX Security Symposium (USENIX Security 20) . 1749\u20131766. Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis. 2020. Temporal system call specialization for attack surface reduction. In 29th USENIX Security Symposium (USENIX Security 20). 1749\u20131766."},{"key":"e_1_3_2_1_43_1","unstructured":"Will Glozer. 2019. a HTTP benchmarking tool.  https:\/\/github.com\/wg\/wrk \t\t\t\t  Will Glozer. 2019. a HTTP benchmarking tool.  https:\/\/github.com\/wg\/wrk"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.43"},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the 21th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Heraklion","author":"Grossklags Jens","year":"2018","unstructured":"Jens Grossklags and Claudia Eckert . 2018 . \u03c4 CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries . In Proceedings of the 21th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Heraklion , Crete, Greece. Jens Grossklags and Claudia Eckert. 2018. \u03c4 CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries. In Proceedings of the 21th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Heraklion, Crete, Greece."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029830"},{"key":"e_1_3_2_1_47_1","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Hu Hong","year":"2015","unstructured":"Hong Hu , Zheng Leong Chua , Sendroiu Adrian , Prateek Saxena , and Zhenkai Liang . 2015 . Automatic Generation of $Data-Oriented$ Exploits . In 24th USENIX Security Symposium (USENIX Security 15) . 177\u2013192. Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang. 2015. Automatic Generation of $Data-Oriented$ Exploits. In 24th USENIX Security Symposium (USENIX Security 15). 177\u2013192."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243797"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485376"},{"key":"e_1_3_2_1_50_1","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 1612\u20131626","author":"Yom Mohannad","year":"2021","unstructured":"Ismail, Mohannad and Yom , Jinwoo and Jelesnianski , Christopher and Jang , Yeongjin and Min , Changwoo. 2021 . VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks . In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 1612\u20131626 . Ismail, Mohannad and Yom, Jinwoo and Jelesnianski, Christopher and Jang, Yeongjin and Min, Changwoo. 2021. VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 1612\u20131626."},{"key":"e_1_3_2_1_51_1","unstructured":"Jake Edge. 2012. A library for seccomp filters.  https:\/\/lwn.net\/Articles\/494252\/ \t\t\t\t  Jake Edge. 2012. A library for seccomp filters.  https:\/\/lwn.net\/Articles\/494252\/"},{"key":"e_1_3_2_1_52_1","volume-title":"Proceedings of the 27th European Symposium on Research in Computer Security (ESORICS). 145\u2013166","author":"Jang Sunwoo","year":"2022","unstructured":"Sunwoo Jang , Somin Song , Byungchul Tak , Sahil Suneja , Michael V. Le , Chuan Yue , and Dan Williams . 2022 . SecQuant: Quantifying Container System Call Exposure . In Proceedings of the 27th European Symposium on Research in Computer Security (ESORICS). 145\u2013166 . Sunwoo Jang, Somin Song, Byungchul Tak, Sahil Suneja, Michael V. Le, Chuan Yue, and Dan Williams. 2022. SecQuant: Quantifying Container System Call Exposure. In Proceedings of the 27th European Symposium on Research in Computer Security (ESORICS). 145\u2013166."},{"key":"e_1_3_2_1_53_1","unstructured":"Jonathan Corbet. 2004. x86 NX support.  https:\/\/lwn.net\/Articles\/87814\/ \t\t\t\t  Jonathan Corbet. 2004. x86 NX support.  https:\/\/lwn.net\/Articles\/87814\/"},{"key":"e_1_3_2_1_54_1","unstructured":"Jonathan Corbet. 2005. Securely renting out your CPU with Linux. January https:\/\/lwn.net\/Articles\/120647\/ \t\t\t\t  Jonathan Corbet. 2005. Securely renting out your CPU with Linux. January https:\/\/lwn.net\/Articles\/120647\/"},{"key":"e_1_3_2_1_55_1","unstructured":"Jonathan Corbet. 2019. New system calls for memory management.  https:\/\/lwn.net\/Articles\/789153\/ \t\t\t\t  Jonathan Corbet. 2019. New system calls for memory management.  https:\/\/lwn.net\/Articles\/789153\/"},{"key":"e_1_3_2_1_56_1","unstructured":"The kernel development community. [n. d.]. Seccomp BPF (SECure COMPuting with filters).  https:\/\/lwn.net\/Articles\/656307\/ \t\t\t\t  The kernel development community. [n. d.]. Seccomp BPF (SECure COMPuting with filters).  https:\/\/lwn.net\/Articles\/656307\/"},{"key":"e_1_3_2_1_57_1","volume-title":"Adaptive Call-site Sensitive Control Flow Integrity. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). 95\u2013110","author":"Khandaker Mustakimur","year":"2019","unstructured":"Mustakimur Khandaker , Abu Naser , Wenqing Liu , Zhi Wang , Yajin Zhou , and Yueqiang Cheng . 2019 . Adaptive Call-site Sensitive Control Flow Integrity. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). 95\u2013110 . Mustakimur Khandaker, Abu Naser, Wenqing Liu, Zhi Wang, Yajin Zhou, and Yueqiang Cheng. 2019. Adaptive Call-site Sensitive Control Flow Integrity. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). 95\u2013110."},{"key":"e_1_3_2_1_58_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Khandaker Mustakimur Rahman","year":"2019","unstructured":"Mustakimur Rahman Khandaker , Wenqing Liu , Abu Naser , Zhi Wang , and Jie Yang . 2019 . Origin-sensitive control flow integrity . In 28th USENIX Security Symposium (USENIX Security 19) . 195\u2013211. Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, and Jie Yang. 2019. Origin-sensitive control flow integrity. In 28th USENIX Security Symposium (USENIX Security 19). 195\u2013211."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_60_1","volume-title":"Code-pointer Integrity. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Kuznetsov Volodymyr","year":"2014","unstructured":"Volodymyr Kuznetsov , L\u00e1szl\u00f3 Szekeres , Mathias Payer , George Candea , R Sekar , and Dawn Song . 2014 . Code-pointer Integrity. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI) . Broomfield, Colorado. 147\u2013163. Volodymyr Kuznetsov, L\u00e1szl\u00f3 Szekeres, Mathias Payer, George Candea, R Sekar, and Dawn Song. 2014. Code-pointer Integrity. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Broomfield, Colorado. 147\u2013163."},{"key":"e_1_3_2_1_61_1","unstructured":"Larabel Michael. 2018. Glibc 2.28 Released With Unicode 11.0 Support Statx & Intel Improvements.  https:\/\/www.phoronix.com\/news\/Glibc-2.28-Released \t\t\t\t  Larabel Michael. 2018. Glibc 2.28 Released With Unicode 11.0 Support Statx & Intel Improvements.  https:\/\/www.phoronix.com\/news\/Glibc-2.28-Released"},{"key":"e_1_3_2_1_62_1","unstructured":"Larabel Michael. 2020. Intel Confirms CET Security Support For Tiger Lake.  https:\/\/www.phoronix.com\/news\/Intel-CET-Tiger-Lake \t\t\t\t  Larabel Michael. 2020. Intel Confirms CET Security Support For Tiger Lake.  https:\/\/www.phoronix.com\/news\/Intel-CET-Tiger-Lake"},{"key":"e_1_3_2_1_63_1","volume-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 230\u2013251","author":"Lei Lingguang","year":"2017","unstructured":"Lingguang Lei , Jianhua Sun , Kun Sun , Chris Shenefiel , Rui Ma , Yuewu Wang , and Qi Li . 2017 . SPEAKER: Split-phase execution of application containers . In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 230\u2013251 . Lingguang Lei, Jianhua Sun, Kun Sun, Chris Shenefiel, Rui Ma, Yuewu Wang, and Qi Li. 2017. SPEAKER: Split-phase execution of application containers. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 230\u2013251."},{"key":"e_1_3_2_1_64_1","unstructured":"Linux Programmer\u2019s Manual. 2023. PTRACE(2) \u2013 Linux manual page.  https:\/\/man7.org\/linux\/man-pages\/man2\/ptrace.2.html \t\t\t\t  Linux Programmer\u2019s Manual. 2023. PTRACE(2) \u2013 Linux manual page.  https:\/\/man7.org\/linux\/man-pages\/man2\/ptrace.2.html"},{"key":"e_1_3_2_1_65_1","unstructured":"lwn.net. 2018. GNU C Library 2.28 released.  https:\/\/lwn.net\/Articles\/761462\/ \t\t\t\t  lwn.net. 2018. GNU C Library 2.28 released.  https:\/\/lwn.net\/Articles\/761462\/"},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS)","author":"Mashtizadeh Ali Jose","year":"2015","unstructured":"Ali Jose Mashtizadeh , Andrea Bittau , Dan Boneh , and David Mazi\u00e8res . 2015 . CCFI: Cryptographically Enforced Control Flow Integrity . In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS) . Denver, Colorado. Ali Jose Mashtizadeh, Andrea Bittau, Dan Boneh, and David Mazi\u00e8res. 2015. CCFI: Cryptographically Enforced Control Flow Integrity. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado."},{"key":"e_1_3_2_1_67_1","volume-title":"Windows XP Tablet PC Edition","author":"Support Microsoft","year":"2005","unstructured":"Microsoft Support . 2017. A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2 , Windows XP Tablet PC Edition 2005 , and Windows Server 2003. https:\/\/support.microsoft.com\/en-us\/help\/875352\/a-detailed-description-of-the-data-execution-prevention-dep-feature-in Microsoft Support. 2017. A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. https:\/\/support.microsoft.com\/en-us\/help\/875352\/a-detailed-description-of-the-data-execution-prevention-dep-feature-in"},{"key":"e_1_3_2_1_68_1","volume-title":"2020 IEEE European Symposium on Security and Privacy (EuroS&P). 17\u201333","author":"Mishra Shachee","year":"2020","unstructured":"Shachee Mishra and Michalis Polychronakis . 2020 . Saffire: Context-sensitive function specialization against code reuse attacks . In 2020 IEEE European Symposium on Security and Privacy (EuroS&P). 17\u201333 . Shachee Mishra and Michalis Polychronakis. 2020. Saffire: Context-sensitive function specialization against code reuse attacks. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P). 17\u201333."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594295"},{"key":"e_1_3_2_1_70_1","volume-title":"National Vulnerability Database","author":"National Institute of Standards and Technology.","year":"2015","unstructured":"National Institute of Standards and Technology. National Vulnerability Database . 2015 . CVE- 2012-0809. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2012-0809 National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2012-0809. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2012-0809"},{"key":"e_1_3_2_1_71_1","volume-title":"National Vulnerability Database","author":"National Institute of Standards and Technology.","year":"2015","unstructured":"National Institute of Standards and Technology. National Vulnerability Database . 2015 . CVE- 2013-2028. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2013-2028 National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2013-2028. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2013-2028"},{"key":"e_1_3_2_1_72_1","volume-title":"National Vulnerability Database","author":"National Institute of Standards and Technology.","year":"2015","unstructured":"National Institute of Standards and Technology. National Vulnerability Database . 2015 . CVE- 2014-1912. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-1912 National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2014-1912. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-1912"},{"key":"e_1_3_2_1_73_1","volume-title":"National Vulnerability Database","author":"National Institute of Standards and Technology.","year":"2015","unstructured":"National Institute of Standards and Technology. National Vulnerability Database . 2015 . CVE- 2014-8668. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-8668 National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2014-8668. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-8668"},{"key":"e_1_3_2_1_74_1","volume-title":"National Vulnerability Database","author":"National Institute of Standards and Technology.","year":"2015","unstructured":"National Institute of Standards and Technology. National Vulnerability Database . 2015 . CVE- 2015-8617. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-8617 National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2015-8617. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-8617"},{"key":"e_1_3_2_1_75_1","volume-title":"National Vulnerability Database","author":"National Institute of Standards and Technology.","year":"2016","unstructured":"National Institute of Standards and Technology. National Vulnerability Database . 2016 . CVE- 2016-10190. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-10190 National Institute of Standards and Technology. National Vulnerability Database. 2016. CVE-2016-10190. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-10190"},{"key":"e_1_3_2_1_76_1","volume-title":"National Vulnerability Database","author":"National Institute of Standards and Technology.","year":"2016","unstructured":"National Institute of Standards and Technology. National Vulnerability Database . 2016 . CVE- 2016-10191. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-10191 National Institute of Standards and Technology. National Vulnerability Database. 2016. CVE-2016-10191. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-10191"},{"key":"e_1_3_2_1_77_1","volume-title":"Proceedings of the ACM on Programming Languages, 4, OOPSLA","author":"Pailoor Shankara","year":"2020","unstructured":"Shankara Pailoor , Xinyu Wang , Hovav Shacham , and Isil Dillig . 2020 . Automated policy synthesis for system call sandboxing . Proceedings of the ACM on Programming Languages, 4, OOPSLA (2020), 1\u201326. Shankara Pailoor, Xinyu Wang, Hovav Shacham, and Isil Dillig. 2020. Automated policy synthesis for system call sandboxing. Proceedings of the ACM on Programming Languages, 4, OOPSLA (2020), 1\u201326."},{"key":"e_1_3_2_1_78_1","volume-title":"Proceedings of the 22th USENIX Security Symposium (Security)","author":"Pappas Vasilis","year":"2013","unstructured":"Vasilis Pappas , Michalis Polychronakis , and Angelos D Keromytis . 2013 . Transparent ROP Exploit Mitigation Using Indirect Branch Tracing . In Proceedings of the 22th USENIX Security Symposium (Security) . Washington, DC. Vasilis Pappas, Michalis Polychronakis, and Angelos D Keromytis. 2013. Transparent ROP Exploit Mitigation Using Indirect Branch Tracing. In Proceedings of the 22th USENIX Security Symposium (Security). Washington, DC."},{"key":"e_1_3_2_1_79_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (Security)","author":"Qian Chenxiong","year":"2019","unstructured":"Chenxiong Qian , Hong Hu , Mansour A Alharthi , Pak Ho Chung , Taesoo Kim , and Wenke Lee . 2019 . RAZOR: A Framework for Post-deployment Software Debloating . In Proceedings of the 28th USENIX Security Symposium (Security) . Santa Clara, CA. Chenxiong Qian, Hong Hu, Mansour A Alharthi, Pak Ho Chung, Taesoo Kim, and Wenke Lee. 2019. RAZOR: A Framework for Post-deployment Software Debloating. In Proceedings of the 28th USENIX Security Symposium (Security). Santa Clara, CA."},{"key":"e_1_3_2_1_80_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (Security)","author":"Quach Anh","year":"2018","unstructured":"Anh Quach , Aravind Prakash , and Lok Yan . 2018 . Debloating software through piece-wise compilation and loading . In Proceedings of the 27th USENIX Security Symposium (Security) . Baltimore, MD. 869\u2013886. Anh Quach, Aravind Prakash, and Lok Yan. 2018. Debloating software through piece-wise compilation and loading. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD. 869\u2013886."},{"key":"e_1_3_2_1_81_1","volume-title":"Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS)","author":"Rudd Robert","year":"2017","unstructured":"Robert Rudd , Richard Skowyra , David Bigelow , Veer Dedhia , Thomas Hobson , Stephen Crane , Christopher Liebchen , Per Larsen , Lucas Davi , and Michael Franz . 2017 . Address-Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity . In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS) . San Diego, CA. Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, and Michael Franz. 2017. Address-Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/3337167.3337175"},{"key":"e_1_3_2_1_84_1","unstructured":"sourceware.org. 2018. V2 [PATCH 24\/24] Intel CET: Document \u2013enable-cet.  https:\/\/sourceware.org\/legacy-ml\/libc-alpha\/2018-07\/msg00550.html \t\t\t\t  sourceware.org. 2018. V2 [PATCH 24\/24] Intel CET: Document \u2013enable-cet.  https:\/\/sourceware.org\/legacy-ml\/libc-alpha\/2018-07\/msg00550.html"},{"key":"e_1_3_2_1_85_1","unstructured":"SQLite. [n. d.]. SQLite.  https:\/\/www.sqlite.org\/index.html \t\t\t\t  SQLite. [n. d.]. SQLite.  https:\/\/www.sqlite.org\/index.html"},{"key":"e_1_3_2_1_86_1","volume-title":"2020 IEEE Symposium on Security and Privacy (SP). 1433\u20131449","author":"Sun Zhichuang","year":"2020","unstructured":"Zhichuang Sun , Bo Feng , Long Lu , and Somesh Jha . 2020 . OAT: Attesting operation integrity of embedded devices . In 2020 IEEE Symposium on Security and Privacy (SP). 1433\u20131449 . Zhichuang Sun, Bo Feng, Long Lu, and Somesh Jha. 2020. OAT: Attesting operation integrity of embedded devices. In 2020 IEEE Symposium on Security and Privacy (SP). 1433\u20131449."},{"key":"e_1_3_2_1_87_1","unstructured":"The Clang Team. 2022. Clang 16 documentation: CONTROL FLOW INTEGRITY.  https:\/\/clang.llvm.org\/docs\/ControlFlowIntegrity.html \t\t\t\t  The Clang Team. 2022. Clang 16 documentation: CONTROL FLOW INTEGRITY.  https:\/\/clang.llvm.org\/docs\/ControlFlowIntegrity.html"},{"key":"e_1_3_2_1_88_1","unstructured":"The PAX Team. 2003. Address Space Layout Randomization.  https:\/\/pax.grsecurity.net\/docs\/aslr.txt \t\t\t\t  The PAX Team. 2003. Address Space Layout Randomization.  https:\/\/pax.grsecurity.net\/docs\/aslr.txt"},{"key":"e_1_3_2_1_89_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium (Security)","author":"Tice Caroline","year":"2014","unstructured":"Caroline Tice , Tom Roeder , Peter Collingbourne , Stephen Checkoway , \u00dalfar Erlingsson , Luis Lozano , and Geoff Pike . 2014 . Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM . In Proceedings of the 23rd USENIX Security Symposium (Security) . San Diego, CA. Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, \u00dalfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA."},{"key":"e_1_3_2_1_90_1","unstructured":"Torvalds Linus. 2022. syscall_64.tbl.  https:\/\/github.com\/torvalds\/linux\/blob\/master\/arch\/x86\/entry\/syscalls\/syscall_64.tbl \t\t\t\t  Torvalds Linus. 2022. syscall_64.tbl.  https:\/\/github.com\/torvalds\/linux\/blob\/master\/arch\/x86\/entry\/syscalls\/syscall_64.tbl"},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813673"},{"key":"e_1_3_2_1_92_1","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 927\u2013940","author":"der Veen Victor Van","year":"2015","unstructured":"Victor Van der Veen , Dennis Andriesse , Enes G\u00f6kta\u015f , Ben Gras , Lionel Sambuc , Asia Slowinska , Herbert Bos , and Cristiano Giuffrida . 2015 . Practical context-sensitive CFI . In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 927\u2013940 . Victor Van der Veen, Dennis Andriesse, Enes G\u00f6kta\u015f, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, and Cristiano Giuffrida. 2015. Practical context-sensitive CFI. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 927\u2013940."},{"key":"e_1_3_2_1_93_1","volume-title":"Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS)","author":"van der Veen Victor","year":"2017","unstructured":"Victor van der Veen , Dennis Andriesse , Manolis Stamatogiannakis , Xi Chen , Herbert Bos , and Cristiano Giuffrdia . 2017 . The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later . In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS) . Dallas, TX. Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, and Cristiano Giuffrdia. 2017. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS). Dallas, TX."},{"key":"e_1_3_2_1_94_1","volume-title":"2017 IEEE International Conference on Software Testing, Verification and Validation (ICST). 92\u2013102","author":"Wan Zhiyuan","year":"2017","unstructured":"Zhiyuan Wan , David Lo , Xin Xia , Liang Cai , and Shanping Li . 2017 . Mining sandboxes for linux containers . In 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST). 92\u2013102 . Zhiyuan Wan, David Lo, Xin Xia, Liang Cai, and Shanping Li. 2017. Mining sandboxes for linux containers. In 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST). 92\u2013102."},{"key":"e_1_3_2_1_95_1","volume-title":"Proceedings of the 22th USENIX Security Symposium (Security)","author":"Zhang Mingwei","year":"2013","unstructured":"Mingwei Zhang and R Sekar . 2013 . Control Flow Integrity for COTS Binaries . In Proceedings of the 22th USENIX Security Symposium (Security) . Washington, DC. Mingwei Zhang and R Sekar. 2013. Control Flow Integrity for COTS Binaries. In Proceedings of the 22th USENIX Security Symposium (Security). Washington, DC."}],"event":{"name":"ASPLOS '23: 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3","location":"Vancouver BC Canada","acronym":"ASPLOS '23","sponsor":["SIGARCH ACM Special Interest Group on Computer Architecture","SIGOPS ACM Special Interest Group on Operating Systems","SIGPLAN ACM Special Interest Group on Programming Languages","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3582016.3582066","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:46Z","timestamp":1750178806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3582016.3582066"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,25]]},"references-count":95,"alternative-id":["10.1145\/3582016.3582066","10.1145\/3582016"],"URL":"https:\/\/doi.org\/10.1145\/3582016.3582066","relation":{},"subject":[],"published":{"date-parts":[[2023,3,25]]},"assertion":[{"value":"2023-03-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}