{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T01:37:18Z","timestamp":1769996238940,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,9,10]],"date-time":"2023-09-10T00:00:00Z","timestamp":1694304000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS- 2245442"],"award-info":[{"award-number":["CNS- 2245442"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,9,10]]},"DOI":"10.1145\/3609021.3609301","type":"proceedings-article","created":{"date-parts":[[2023,8,18]],"date-time":"2023-08-18T17:13:20Z","timestamp":1692378800000},"page":"42-48","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3418-4982","authenticated-orcid":false,"given":"Soo Yee","family":"Lim","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of British Columbia, Vancouver, British Columbia, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1374-153X","authenticated-orcid":false,"given":"Xueyuan","family":"Han","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Wake Forest University, Winston-Salem, North Carolina, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6876-1306","authenticated-orcid":false,"given":"Thomas","family":"Pasquier","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of British Columbia, Vancouver, British Columbia, Canada"}]}],"member":"320","published-online":{"date-parts":[[2023,9,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. ARMv8.3 Pointer Authentication. ([n.d.]). https:\/\/lwn.net\/Articles\/718888\/  [n.d.]. ARMv8.3 Pointer Authentication. ([n.d.]). https:\/\/lwn.net\/Articles\/718888\/"},{"key":"e_1_3_2_1_2_1","volume-title":"d.]. ARMv8.5-A Memory Tagging Extension. Online (Accessed","year":"2023","unstructured":"[n. d.]. ARMv8.5-A Memory Tagging Extension. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/developer.arm.com\/documentation\/102925\/0100. [n. d.]. ARMv8.5-A Memory Tagging Extension. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/developer.arm.com\/documentation\/102925\/0100."},{"key":"e_1_3_2_1_3_1","volume-title":"d.]. ARMv8.5-A Pointer Authentication. Online (Accessed","year":"2023","unstructured":"[n. d.]. ARMv8.5-A Pointer Authentication. Online (Accessed : July 12, 2023 ). ([n. d.]). shorturl.at\/GHM69. [n. d.]. ARMv8.5-A Pointer Authentication. Online (Accessed: July 12, 2023). ([n. d.]). shorturl.at\/GHM69."},{"key":"e_1_3_2_1_4_1","volume-title":"d.]. CVE-2017-17856. Online (Accessed","year":"2023","unstructured":"[n. d.]. CVE-2017-17856. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17856. [n. d.]. CVE-2017-17856. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17856."},{"key":"e_1_3_2_1_5_1","volume-title":"d.]. CVE-2020-8835. Online (Accessed","year":"2023","unstructured":"[n. d.]. CVE-2020-8835. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-8835. [n. d.]. CVE-2020-8835. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-8835."},{"key":"e_1_3_2_1_6_1","volume-title":"d.]. CVE-2021-29154. Online (Accessed","year":"2023","unstructured":"[n. d.]. CVE-2021-29154. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-29154. [n. d.]. CVE-2021-29154. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-29154."},{"key":"e_1_3_2_1_7_1","volume-title":"d.]. CVE-2021-31440. Online (Accessed","year":"2023","unstructured":"[n. d.]. CVE-2021-31440. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-31440. [n. d.]. CVE-2021-31440. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-31440."},{"key":"e_1_3_2_1_8_1","volume-title":"d.]. CVE-2021-33200. Online (Accessed","year":"2023","unstructured":"[n. d.]. CVE-2021-33200. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33200. [n. d.]. CVE-2021-33200. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33200."},{"key":"e_1_3_2_1_9_1","volume-title":"d.]. CVE-2021-3490. Online (Accessed","year":"2023","unstructured":"[n. d.]. CVE-2021-3490. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3490. [n. d.]. CVE-2021-3490. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3490."},{"key":"e_1_3_2_1_10_1","volume-title":"d.]. CVE-2021-4204. Online (Accessed","year":"2023","unstructured":"[n. d.]. CVE-2021-4204. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-4204. [n. d.]. CVE-2021-4204. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-4204."},{"key":"e_1_3_2_1_11_1","volume-title":"Online (Accessed","year":"2023","unstructured":"[n.d.]. CVE-2022-0264. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-0264. [n.d.]. CVE-2022-0264. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-0264."},{"key":"e_1_3_2_1_12_1","volume-title":"d.]. CVE-2022-23222. Online (Accessed","year":"2023","unstructured":"[n. d.]. CVE-2022-23222. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-23222. [n. d.]. CVE-2022-23222. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-23222."},{"key":"e_1_3_2_1_13_1","unstructured":"[n. d.]. ibbpf-bootstrap. ([n. d.]).  [n. d.]. ibbpf-bootstrap. ([n. d.])."},{"key":"e_1_3_2_1_14_1","volume-title":"Online (Accessed","year":"2023","unstructured":"[n. d.]. Mitre : Rust CVEs . Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=rust. [n. d.]. Mitre: Rust CVEs. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=rust."},{"key":"e_1_3_2_1_15_1","volume-title":"d.]. Netperf. Online (Accessed","year":"2023","unstructured":"[n. d.]. Netperf. Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/hewlettpackard.github.io\/netperf\/. [n. d.]. Netperf. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/hewlettpackard.github.io\/netperf\/."},{"key":"e_1_3_2_1_16_1","volume-title":"Online (Accessed","year":"2023","unstructured":"[n. d.]. Reconsidering unprivileged BPF . Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/lwn.net\/Articles\/796328\/. [n. d.]. Reconsidering unprivileged BPF. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/lwn.net\/Articles\/796328\/."},{"key":"e_1_3_2_1_17_1","volume-title":"Online (Accessed","author":"Hardening Security","year":"2023","unstructured":"[n. d.]. Security Hardening : Use of eBPF by unprivileged users has been disabled by default . Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/www.suse.com\/support\/kb\/doc\/?id=000020545. [n. d.]. Security Hardening: Use of eBPF by unprivileged users has been disabled by default. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/www.suse.com\/support\/kb\/doc\/?id=000020545."},{"key":"e_1_3_2_1_18_1","volume-title":"Online (Accessed","year":"2023","unstructured":"[n. d.]. Unprivileged eBPF disabled by default for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 ESM . Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/discourse.ubuntu.com\/t\/27047. [n. d.]. Unprivileged eBPF disabled by default for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 ESM. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/discourse.ubuntu.com\/t\/27047."},{"key":"e_1_3_2_1_19_1","volume-title":"European Symposium on Programming (ESOP'19)","author":"Besson Fr\u00e9d\u00e9ric","year":"2019","unstructured":"Fr\u00e9d\u00e9ric Besson , Sandrine Blazy , Alexandre Dang , Thomas Jensen , and Pierre Wilke . 2019 . Compiling sandboxes: Formally verified software fault isolation . In European Symposium on Programming (ESOP'19) . Springer, 499--524. Fr\u00e9d\u00e9ric Besson, Sandrine Blazy, Alexandre Dang, Thomas Jensen, and Pierre Wilke. 2019. Compiling sandboxes: Formally verified software fault isolation. In European Symposium on Programming (ESOP'19). Springer, 499--524."},{"key":"e_1_3_2_1_20_1","volume-title":"Symposium on Operating Systems Principles (SOSP '09)","author":"Castro Miguel","year":"2009","unstructured":"Miguel Castro , Manuel Costa , Jean-Philippe Martin , Marcus Peinado , Periklis Akritidis , Austin Donnelly , Paul Barham , and Richard Black . 2009 . Fast byte-granularity software fault isolation . In Symposium on Operating Systems Principles (SOSP '09) . ACM, 45--58. Miguel Castro, Manuel Costa, Jean-Philippe Martin, Marcus Peinado, Periklis Akritidis, Austin Donnelly, Paul Barham, and Richard Black. 2009. Fast byte-granularity software fault isolation. In Symposium on Operating Systems Principles (SOSP '09). ACM, 45--58."},{"key":"e_1_3_2_1_21_1","volume-title":"Symposium on Operating Systems Design and Implementation (OSDI'06)","author":"Erlingsson Ulfar","year":"2006","unstructured":"Ulfar Erlingsson , Mart\u00edn Abadi , Michael Vrable , Mihai Budiu , and George C Necula . 2006 . XFI: Software guards for system address spaces . In Symposium on Operating Systems Design and Implementation (OSDI'06) . USENIX, 75--88. Ulfar Erlingsson, Mart\u00edn Abadi, Michael Vrable, Mihai Budiu, and George C Necula. 2006. XFI: Software guards for system address spaces. In Symposium on Operating Systems Design and Implementation (OSDI'06). USENIX, 75--88."},{"key":"e_1_3_2_1_22_1","first-page":"27","article-title":"Microdrivers: A new architecture for device drivers","volume":"134","author":"Ganapathy Vinod","year":"2007","unstructured":"Vinod Ganapathy , Arini Balakrishnan , Michael M Swift , and Somesh Jha . 2007 . Microdrivers: A new architecture for device drivers . Network 134 (2007), 27 -- 28 . Vinod Ganapathy, Arini Balakrishnan, Michael M Swift, and Somesh Jha. 2007. Microdrivers: A new architecture for device drivers. Network 134 (2007), 27--8.","journal-title":"Network"},{"key":"e_1_3_2_1_23_1","volume-title":"Conference on Computer and Communications Security (CCS'19)","author":"Gao Xing","year":"2019","unstructured":"Xing Gao , Zhongshu Gu , Zhengfa Li , Hani Jamjoom , and Cong Wang . 2019 . Houdini's escape: Breaking the resource rein of linux control groups . In Conference on Computer and Communications Security (CCS'19) . ACM, 1073--1086. Xing Gao, Zhongshu Gu, Zhengfa Li, Hani Jamjoom, and Cong Wang. 2019. Houdini's escape: Breaking the resource rein of linux control groups. In Conference on Computer and Communications Security (CCS'19). ACM, 1073--1086."},{"key":"e_1_3_2_1_24_1","volume-title":"Online (Accessed","author":"Incubator Meta","year":"2023","unstructured":"Meta Incubator . [n. d.]. Katran:A high performance layer 4 load balancer . Online (Accessed : July 12, 2023 ). ([n. d.]). https:\/\/github.com\/facebookincubator\/katran. Meta Incubator. [n. d.]. Katran:A high performance layer 4 load balancer. Online (Accessed: July 12, 2023). ([n. d.]). https:\/\/github.com\/facebookincubator\/katran."},{"key":"e_1_3_2_1_25_1","volume-title":"Workshop on Hot Topics in Operating Systems (HotOS'23)","author":"Jia Jinghao","year":"2023","unstructured":"Jinghao Jia , Raj Sahu , Adam Oswald , Dan Williams , Michael V Le , and Tianyin Xu . 2023 . Kernel Extension Verification is Untenable . In Workshop on Hot Topics in Operating Systems (HotOS'23) . ACM, 150--157. Jinghao Jia, Raj Sahu, Adam Oswald, Dan Williams, Michael V Le, and Tianyin Xu. 2023. Kernel Extension Verification is Untenable. In Workshop on Hot Topics in Operating Systems (HotOS'23). ACM, 150--157."},{"key":"e_1_3_2_1_26_1","volume-title":"Symposium on Operating Systems Principles (SOSP'21)","author":"Kaffes Kostis","year":"2021","unstructured":"Kostis Kaffes , Jack Tigar Humphries , David Mazi\u00e8res , and Christos Kozyrakis . 2021 . Syrup: User-defined scheduling across the stack . In Symposium on Operating Systems Principles (SOSP'21) . ACM, 605--620. Kostis Kaffes, Jack Tigar Humphries, David Mazi\u00e8res, and Christos Kozyrakis. 2021. Syrup: User-defined scheduling across the stack. In Symposium on Operating Systems Principles (SOSP'21). ACM, 605--620."},{"key":"e_1_3_2_1_27_1","volume-title":"Phoronix test suite. Phoronix Media, [Online]. Available: http:\/\/www.phoronix-test-suite.com\/. [Accessed","author":"Larabel Michael","year":"2016","unstructured":"Michael Larabel and Matthew Tippett . 2011. Phoronix test suite. Phoronix Media, [Online]. Available: http:\/\/www.phoronix-test-suite.com\/. [Accessed June 2016 ] (2011). Michael Larabel and Matthew Tippett. 2011. Phoronix test suite. Phoronix Media, [Online]. Available: http:\/\/www.phoronix-test-suite.com\/. [Accessed June 2016] (2011)."},{"key":"e_1_3_2_1_28_1","volume-title":"Secure Namespaced Kernel Audit for Containers. In Symposium on Cloud Computing (SoCC'21)","author":"Lim Soo Yee","year":"2021","unstructured":"Soo Yee Lim , Bogdan Stelea , Xueyuan Han , and Thomas Pasquier . 2021 . Secure Namespaced Kernel Audit for Containers. In Symposium on Cloud Computing (SoCC'21) . ACM, 518--532. Soo Yee Lim, Bogdan Stelea, Xueyuan Han, and Thomas Pasquier. 2021. Secure Namespaced Kernel Audit for Containers. In Symposium on Cloud Computing (SoCC'21). ACM, 518--532."},{"key":"e_1_3_2_1_29_1","volume-title":"KIT: Testing OS-Level Virtualization for Functional Interference Bugs. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'23)","author":"Liu Congyu","year":"2023","unstructured":"Congyu Liu , Sishuai Gong , and Pedro Fonseca . 2023 . KIT: Testing OS-Level Virtualization for Functional Interference Bugs. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'23) . ACM, 427--441. Congyu Liu, Sishuai Gong, and Pedro Fonseca. 2023. KIT: Testing OS-Level Virtualization for Functional Interference Bugs. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'23). ACM, 427--441."},{"key":"e_1_3_2_1_30_1","volume-title":"Symposium on Operating Systems Principles (SOSP'11)","author":"Mao Yandong","year":"2011","unstructured":"Yandong Mao , Haogang Chen , Dong Zhou , Xi Wang , Nickolai Zeldovich , and M Frans Kaashoek . 2011 . Software fault isolation with API integrity and multi-principal modules . In Symposium on Operating Systems Principles (SOSP'11) . ACM, 115--128. Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, Nickolai Zeldovich, and M Frans Kaashoek. 2011. Software fault isolation with API integrity and multi-principal modules. In Symposium on Operating Systems Principles (SOSP'11). ACM, 115--128."},{"key":"e_1_3_2_1_31_1","volume-title":"Preventing Kernel Hacks with HAKC. In Network and Distributed System Security Symposium (NDSS'22)","author":"McKee Derrick","year":"2022","unstructured":"Derrick McKee , Yianni Giannaris , Carolina Ortega Perez , Howard Shrobe , Mathias Payer , Hamed Okhravi , and Nathan Burow . 2022 . Preventing Kernel Hacks with HAKC. In Network and Distributed System Security Symposium (NDSS'22) . Internet Society. Derrick McKee, Yianni Giannaris, Carolina Ortega Perez, Howard Shrobe, Mathias Payer, Hamed Okhravi, and Nathan Burow. 2022. Preventing Kernel Hacks with HAKC. In Network and Distributed System Security Symposium (NDSS'22). Internet Society."},{"key":"e_1_3_2_1_32_1","volume-title":"LXDs: Towards Isolation of Kernel Subsystems. In Annual Technical Conference (ATC'19)","author":"Narayanan Vikram","year":"2019","unstructured":"Vikram Narayanan , Abhiram Balasubramanian , Charlie Jacobsen , Sarah Spall , Scott Bauer , Michael Quigley , Aftab Hussain , Abdullah Younis , Junjie Shen , Moinak Bhattacharyya , 2019 . LXDs: Towards Isolation of Kernel Subsystems. In Annual Technical Conference (ATC'19) . USENIX, 269--284. Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scott Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, et al. 2019. LXDs: Towards Isolation of Kernel Subsystems. In Annual Technical Conference (ATC'19). USENIX, 269--284."},{"key":"e_1_3_2_1_33_1","volume-title":"International Conference on Virtual Execution Environments. ACM, 157--171","author":"Narayanan Vikram","year":"2020","unstructured":"Vikram Narayanan , Yongzhe Huang , Gang Tan , Trent Jaeger , and Anton Burtsev . 2020 . Lightweight kernel isolation with virtualization and VM functions . In International Conference on Virtual Execution Environments. ACM, 157--171 . Vikram Narayanan, Yongzhe Huang, Gang Tan, Trent Jaeger, and Anton Burtsev. 2020. Lightweight kernel isolation with virtualization and VM functions. In International Conference on Virtual Execution Environments. ACM, 157--171."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1535\/itj.1003.01"},{"key":"e_1_3_2_1_35_1","volume-title":"Symposium on Operating Systems Principles (SOSP'13)","author":"Nikolaev Ruslan","year":"2013","unstructured":"Ruslan Nikolaev and Godmar Back . 2013 . VirtuOS: An operating system with kernel virtualization . In Symposium on Operating Systems Principles (SOSP'13) . ACM, 116--132. Ruslan Nikolaev and Godmar Back. 2013. VirtuOS: An operating system with kernel virtualization. In Symposium on Operating Systems Principles (SOSP'13). ACM, 116--132."},{"key":"e_1_3_2_1_36_1","volume-title":"Application-Informed Kernel Synchronization Primitives. In Symposium on Operating Systems Design and Implementation (OSDI'22)","author":"Park Sujin","year":"2022","unstructured":"Sujin Park , Diyu Zhou , Yuchen Qian , Irina Calciu , Taesoo Kim , and Sanidhya Kashyap . 2022 . Application-Informed Kernel Synchronization Primitives. In Symposium on Operating Systems Design and Implementation (OSDI'22) . USENIX, 667--682. Sujin Park, Diyu Zhou, Yuchen Qian, Irina Calciu, Taesoo Kim, and Sanidhya Kashyap. 2022. Application-Informed Kernel Synchronization Primitives. In Symposium on Operating Systems Design and Implementation (OSDI'22). USENIX, 667--682."},{"key":"e_1_3_2_1_37_1","volume-title":"Annual Technical Conference (ATC'09)","author":"Renzelmann Matthew J","year":"2009","unstructured":"Matthew J Renzelmann and Michael M Swift . 2009 . Decaf: Moving Device Drivers to a Modern Language .. In Annual Technical Conference (ATC'09) . USENIX. Matthew J Renzelmann and Michael M Swift. 2009. Decaf: Moving Device Drivers to a Modern Language.. In Annual Technical Conference (ATC'09). USENIX."},{"key":"e_1_3_2_1_38_1","volume-title":"MiSFIT: Constructing safe extensible systems","author":"Small Christopher","year":"1998","unstructured":"Christopher Small and Margo Seltzer . 1998. MiSFIT: Constructing safe extensible systems . IEEE concurrency 6, 3 ( 1998 ), 34--41. Christopher Small and Margo Seltzer. 1998. MiSFIT: Constructing safe extensible systems. IEEE concurrency 6, 3 (1998), 34--41."},{"key":"e_1_3_2_1_39_1","volume-title":"Symposium on Operating Systems Principles (SOSP'03)","author":"Swift Michael M","year":"2003","unstructured":"Michael M Swift , Brian N Bershad , and Henry M Levy . 2003 . Improving the reliability of commodity operating systems . In Symposium on Operating Systems Principles (SOSP'03) . ACM, 207--222. Michael M Swift, Brian N Bershad, and Henry M Levy. 2003. Improving the reliability of commodity operating systems. In Symposium on Operating Systems Principles (SOSP'03). ACM, 207--222."},{"key":"e_1_3_2_1_40_1","volume-title":"Efficient Software-based Fault Isolation. In Symposium on Operating Systems Principles (SOSP'93)","author":"Wahbe Robert","year":"1993","unstructured":"Robert Wahbe , Steven Lucco , Thomas E Anderson , and Susan L Graham . 1993 . Efficient Software-based Fault Isolation. In Symposium on Operating Systems Principles (SOSP'93) . ACM, 203--216. Robert Wahbe, Steven Lucco, Thomas E Anderson, and Susan L Graham. 1993. Efficient Software-based Fault Isolation. In Symposium on Operating Systems Principles (SOSP'93). ACM, 203--216."},{"key":"e_1_3_2_1_41_1","volume-title":"Conference on Computer and Communications Security (CCS'21)","author":"Yang Nanzi","year":"2021","unstructured":"Nanzi Yang , Wenbo Shen , Jinku Li , Yutian Yang , Kangjie Lu , Jietao Xiao , Tianyu Zhou , Chenggang Qin , Wang Yu , Jianfeng Ma , 2021 . Demons in the shared kernel: Abstract resource attacks against os-level virtualization . In Conference on Computer and Communications Security (CCS'21) . ACM, 764--778. Nanzi Yang, Wenbo Shen, Jinku Li, Yutian Yang, Kangjie Lu, Jietao Xiao, Tianyu Zhou, Chenggang Qin, Wang Yu, Jianfeng Ma, et al. 2021. Demons in the shared kernel: Abstract resource attacks against os-level virtualization. In Conference on Computer and Communications Security (CCS'21). ACM, 764--778."},{"key":"e_1_3_2_1_42_1","volume-title":"Symposium on Operating Systems Design and Implementation (OSDI'06)","author":"Zhou Feng","year":"2006","unstructured":"Feng Zhou , Jeremy Condit , Zachary Anderson , Ilya Bagrak , Rob Ennals , Matthew Harren , George Necula , and Eric Brewer . 2006 . SafeDrive: Safe and recoverable extensions using language-based techniques . In Symposium on Operating Systems Design and Implementation (OSDI'06) . USENIX, 45--60. Feng Zhou, Jeremy Condit, Zachary Anderson, Ilya Bagrak, Rob Ennals, Matthew Harren, George Necula, and Eric Brewer. 2006. SafeDrive: Safe and recoverable extensions using language-based techniques. In Symposium on Operating Systems Design and Implementation (OSDI'06). USENIX, 45--60."}],"event":{"name":"eBPF '23: 1st Workshop on eBPF and Kernel Extensions","location":"New York NY USA","acronym":"eBPF '23","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 1st Workshop on eBPF and Kernel Extensions"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609021.3609301","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:57Z","timestamp":1750182537000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609021.3609301"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,10]]},"references-count":42,"alternative-id":["10.1145\/3609021.3609301","10.1145\/3609021"],"URL":"https:\/\/doi.org\/10.1145\/3609021.3609301","relation":{},"subject":[],"published":{"date-parts":[[2023,9,10]]},"assertion":[{"value":"2023-09-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}