{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T08:44:32Z","timestamp":1773737072116,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,9,10]],"date-time":"2023-09-10T00:00:00Z","timestamp":1694304000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002151"],"award-info":[{"award-number":["62002151"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Shenzhen Science and Technology Program","award":["SGDX20201103095408029"],"award-info":[{"award-number":["SGDX20201103095408029"]}]},{"name":"Shenzhen Science and Technology Program","award":["ZDSYS20210623092007023"],"award-info":[{"award-number":["ZDSYS20210623092007023"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,9,10]]},"DOI":"10.1145\/3609021.3609304","type":"proceedings-article","created":{"date-parts":[[2023,8,18]],"date-time":"2023-08-18T17:13:20Z","timestamp":1692378800000},"page":"56-62","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["RingGuard: Guard io_uring with eBPF"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-4990-2606","authenticated-orcid":false,"given":"Wanning","family":"He","sequence":"first","affiliation":[{"name":"Southern University of Science and Technology (SUSTech), Shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6864-5409","authenticated-orcid":false,"given":"Hongyi","family":"Lu","sequence":"additional","affiliation":[{"name":"Southern University of Science and Technology (SUSTech), Shenzhen, China"},{"name":"Hong Kong University of Science and Technology (HKUST), Hong Kong, Hong Kong"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3365-2526","authenticated-orcid":false,"given":"Fengwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Southern University of Science and Technology (SUSTech), Shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0866-0308","authenticated-orcid":false,"given":"Shuai","family":"Wang","sequence":"additional","affiliation":[{"name":"Hong Kong University of Science and Technology (HKUST), Hong Kong, Hong Kong"}]}],"member":"320","published-online":{"date-parts":[[2023,9,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2023. aio(7) - Linux Manual Page.  2023. aio(7) - Linux Manual Page."},{"key":"e_1_3_2_1_2_1","unstructured":"2023. BPF Documentation --- The Linux Kernel Documentation.  2023. BPF Documentation --- The Linux Kernel Documentation."},{"key":"e_1_3_2_1_3_1","unstructured":"2023. clock_gettime(3) --- Linux manual page.  2023. clock_gettime(3) --- Linux manual page."},{"key":"e_1_3_2_1_4_1","unstructured":"2023. Linux Manual Page.  2023. Linux Manual Page."},{"key":"e_1_3_2_1_5_1","unstructured":"2023. Seccomp BPF (SECure COMPuting with filters) - The Linux kernel user-space API guide.  2023. Seccomp BPF (SECure COMPuting with filters) - The Linux kernel user-space API guide."},{"key":"e_1_3_2_1_6_1","unstructured":"2023. seccomp(2) - Linux Manual Page.  2023. seccomp(2) - Linux Manual Page."},{"key":"e_1_3_2_1_7_1","unstructured":"Gilberto Bertin. 2017. XDP in practice: integrating XDP into our DDoS mitigation pipeline. https:\/\/netdevconf.info\/2.1\/papers\/Gilberto_Bertin_XDP_in_practice.pdf  Gilberto Bertin. 2017. XDP in practice: integrating XDP into our DDoS mitigation pipeline. https:\/\/netdevconf.info\/2.1\/papers\/Gilberto_Bertin_XDP_in_practice.pdf"},{"key":"e_1_3_2_1_8_1","unstructured":"Jonathan Corbet. 2020. Operations restrictions for io_uring. https:\/\/lwn.net\/Articles\/826053\/. (2020).  Jonathan Corbet. 2020. Operations restrictions for io_uring. https:\/\/lwn.net\/Articles\/826053\/. (2020)."},{"key":"e_1_3_2_1_9_1","unstructured":"Jonathan Corbet. 2021. Auditing io_uring. https:\/\/lwn.net\/Articles\/858023\/. (2021).  Jonathan Corbet. 2021. Auditing io_uring. https:\/\/lwn.net\/Articles\/858023\/. (2021)."},{"key":"e_1_3_2_1_10_1","unstructured":"Jonathan Corbet. 2022. Security requirements for new kernel features. https:\/\/lwn.net\/Articles\/902466\/. (2022).  Jonathan Corbet. 2022. Security requirements for new kernel features. https:\/\/lwn.net\/Articles\/902466\/. (2022)."},{"key":"e_1_3_2_1_11_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020","author":"DeMarinis Nicholas","year":"2020","unstructured":"Nicholas DeMarinis , Kent Williams-King , Di Jin , Rodrigo Fonseca , and Vasileios P. Kemerlis . 2020. sysfilter: Automated System Call Filtering for Commodity Software . In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020 ). USENIX Association, San Sebastian, 459--474. https:\/\/www.usenix.org\/conference\/raid 2020 \/presentation\/demarinis Nicholas DeMarinis, Kent Williams-King, Di Jin, Rodrigo Fonseca, and Vasileios P. Kemerlis. 2020. sysfilter: Automated System Call Filtering for Commodity Software. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX Association, San Sebastian, 459--474. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/demarinis"},{"key":"e_1_3_2_1_12_1","unstructured":"Jake Edge. 2020. Seccomp and deep argument inspection. https:\/\/lwn.net\/Articles\/822256\/. (2020).  Jake Edge. 2020. Seccomp and deep argument inspection. https:\/\/lwn.net\/Articles\/822256\/. (2020)."},{"key":"e_1_3_2_1_13_1","unstructured":"William Findlay David Barrera and Anil Somayaji. 2021. BPFContain: Fixing the Soft Underbelly of Container Security. (2021). arXiv:cs.CR\/2102.06972  William Findlay David Barrera and Anil Somayaji. 2021. BPFContain: Fixing the Soft Underbelly of Container Security. (2021). arXiv:cs.CR\/2102.06972"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411495.3421358"},{"key":"e_1_3_2_1_15_1","volume-title":"Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia , Tapti Palit , Shachee Mishra , and Michalis Polychronakis . 2020 . Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association, 1749--1766. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/ghavamnia Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis. 2020. Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1749--1766. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/ghavamnia"},{"key":"e_1_3_2_1_16_1","unstructured":"Axboe Jens. 2023. Efficient IO with io_uring. https:\/\/kernel.dk\/io_uring.pdf. (2023).  Axboe Jens. 2023. Efficient IO with io_uring. https:\/\/kernel.dk\/io_uring.pdf. (2023)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3593856.3595892"},{"key":"e_1_3_2_1_18_1","volume-title":"Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference (USENIX ATC 13)","author":"Kim Taesoo","year":"2013","unstructured":"Taesoo Kim and Nickolai Zeldovich . 2013 . Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference (USENIX ATC 13) . USENIX Association, San Jose, CA, 139--144. https:\/\/www.usenix.org\/conference\/atc13\/technical-sessions\/presentation\/kim Taesoo Kim and Nickolai Zeldovich. 2013. Practical and Effective Sandboxing for Non-root Users. In 2013 USENIX Annual Technical Conference (USENIX ATC 13). USENIX Association, San Jose, CA, 139--144. https:\/\/www.usenix.org\/conference\/atc13\/technical-sessions\/presentation\/kim"},{"key":"e_1_3_2_1_19_1","volume-title":"MOAT: Towards Safe BPF Kernel Extension.","author":"Lu Hongyi","year":"2023","unstructured":"Hongyi Lu , Shuai Wang , Yechang Wu , Wanning He , and Fengwei Zhang . 2023 . MOAT: Towards Safe BPF Kernel Extension. (2023). arXiv:cs.CR\/2301.13421 Hongyi Lu, Shuai Wang, Yechang Wu, Wanning He, and Fengwei Zhang. 2023. MOAT: Towards Safe BPF Kernel Extension. (2023). arXiv:cs.CR\/2301.13421"},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the USENIX","author":"McCanne Steven","year":"1993","unstructured":"Steven McCanne and Van Jacobson . 1993 . The BSD Packet Filter: A New Architecture for User-Level Packet Capture . In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings (USENIX'93). USENIX Association, USA, 2. Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-Level Packet Capture. In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings (USENIX'93). USENIX Association, USA, 2."},{"key":"e_1_3_2_1_21_1","unstructured":"MITRE. 2021. CVE-2021-3491. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3491. (2021).  MITRE. 2021. CVE-2021-3491. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3491. (2021)."},{"key":"e_1_3_2_1_22_1","unstructured":"MITRE. 2022. CVE-2020-29534. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-29534. (2022).  MITRE. 2022. CVE-2020-29534. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-29534. (2022)."},{"key":"e_1_3_2_1_23_1","unstructured":"MITRE. 2022. CVE-2021-20226. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20226. (2022).  MITRE. 2022. CVE-2021-20226. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20226. (2022)."},{"key":"e_1_3_2_1_24_1","unstructured":"MITRE. 2022. CVE-2022-1508. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-1508. (2022).  MITRE. 2022. CVE-2022-1508. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-1508. (2022)."},{"key":"e_1_3_2_1_25_1","unstructured":"MITRE. 2022. CVE-2022-1976. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-1976. (2022).  MITRE. 2022. CVE-2022-1976. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-1976. (2022)."},{"key":"e_1_3_2_1_26_1","unstructured":"MITRE. 2022. CVE-2022-2327. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2327. (2022).  MITRE. 2022. CVE-2022-2327. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2327. (2022)."},{"key":"e_1_3_2_1_27_1","unstructured":"MITRE. 2022. CVE-2022-29582. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-29582. (2022).  MITRE. 2022. CVE-2022-29582. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-29582. (2022)."},{"key":"e_1_3_2_1_28_1","unstructured":"MITRE. 2022. CVE-2022-4696. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-4696. (2022).  MITRE. 2022. CVE-2022-4696. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-4696. (2022)."},{"key":"e_1_3_2_1_29_1","volume-title":"Exploiting and Protecting Dynamic Code Generation. In Network and Distributed System Security Symposium.","author":"Song Chengyu","year":"2015","unstructured":"Chengyu Song , Chao Zhang , Tielei Wang , Wenke Lee , and David Melski . 2015 . Exploiting and Protecting Dynamic Code Generation. In Network and Distributed System Security Symposium. Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, and David Melski. 2015. Exploiting and Protecting Dynamic Code Generation. In Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00041"},{"key":"e_1_3_2_1_31_1","volume-title":"CoRR abs\/2105.05398","author":"Vishwanathan Harishankar","year":"2021","unstructured":"Harishankar Vishwanathan , Matan Shachnai , Srinivas Narayana , and Santosh Nagarakatte . 2021. Semantics, Verification, and Efficient Implementations for Tristate Numbers . CoRR abs\/2105.05398 ( 2021 ). arXiv:2105.05398 https:\/\/arxiv.org\/abs\/2105.05398 Harishankar Vishwanathan, Matan Shachnai, Srinivas Narayana, and Santosh Nagarakatte. 2021. Semantics, Verification, and Efficient Implementations for Tristate Numbers. CoRR abs\/2105.05398 (2021). arXiv:2105.05398 https:\/\/arxiv.org\/abs\/2105.05398"},{"key":"e_1_3_2_1_32_1","volume-title":"Linux Security Modules: General Security Support for the Linux Kernel. In 11th USENIX Security Symposium (USENIX Security 02)","author":"Wright Chris","year":"2002","unstructured":"Chris Wright , Crispin Cowan , Stephen Smalley , James Morris , and Greg Kroah-Hartman . 2002 . Linux Security Modules: General Security Support for the Linux Kernel. In 11th USENIX Security Symposium (USENIX Security 02) . USENIX Association, San Francisco, CA. https:\/\/www.usenix.org\/conference\/11th-usenix-security-symposium\/linux-security-modules-general-security-support-linux Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, and Greg Kroah-Hartman. 2002. Linux Security Modules: General Security Support for the Linux Kernel. In 11th USENIX Security Symposium (USENIX Security 02). USENIX Association, San Francisco, CA. https:\/\/www.usenix.org\/conference\/11th-usenix-security-symposium\/linux-security-modules-general-security-support-linux"},{"key":"e_1_3_2_1_33_1","unstructured":"Zhenpeng Li Yueqi Chen. 2022. HotBPF - An On-demand and On-the-fly Memory Protection for the Linux Kernel. (2022). Linux Security Summit Europe.  Zhenpeng Li Yueqi Chen. 2022. HotBPF - An On-demand and On-the-fly Memory Protection for the Linux Kernel. (2022). Linux Security Summit Europe."}],"event":{"name":"eBPF '23: 1st Workshop on eBPF and Kernel Extensions","location":"New York NY USA","acronym":"eBPF '23","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 1st Workshop on eBPF and Kernel Extensions"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609021.3609304","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:57Z","timestamp":1750182537000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609021.3609304"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,10]]},"references-count":33,"alternative-id":["10.1145\/3609021.3609304","10.1145\/3609021"],"URL":"https:\/\/doi.org\/10.1145\/3609021.3609304","relation":{},"subject":[],"published":{"date-parts":[[2023,9,10]]},"assertion":[{"value":"2023-09-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}