{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:21:51Z","timestamp":1772040111053,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,23]],"date-time":"2023-10-23T00:00:00Z","timestamp":1698019200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,23]]},"DOI":"10.1145\/3625275.3625399","type":"proceedings-article","created":{"date-parts":[[2023,10,20]],"date-time":"2023-10-20T13:09:57Z","timestamp":1697807397000},"page":"33-40","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["CIVSCOPE: Analyzing Potential Memory Corruption Bugs in Compartment Interfaces"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-6215-8050","authenticated-orcid":false,"given":"Yi","family":"Chien","sequence":"first","affiliation":[{"name":"Rice University, Houston, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-2890-7980","authenticated-orcid":false,"given":"Vlad-Andrei","family":"B\u0103doiu","sequence":"additional","affiliation":[{"name":"University Politehnica of Bucharest, Bucharest, Romania"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-3156-0637","authenticated-orcid":false,"given":"Yudi","family":"Yang","sequence":"additional","affiliation":[{"name":"Rice University, Houston, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-0189-0854","authenticated-orcid":false,"given":"Yuqian","family":"Huo","sequence":"additional","affiliation":[{"name":"Rice University, Houston, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-1479-7069","authenticated-orcid":false,"given":"Kelly","family":"Kaoudis","sequence":"additional","affiliation":[{"name":"Trail of Bits, New York, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9547-7458","authenticated-orcid":false,"given":"Hugo","family":"Lefeuvre","sequence":"additional","affiliation":[{"name":"The University of Manchester, Manchester, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7781-1299","authenticated-orcid":false,"given":"Pierre","family":"Olivier","sequence":"additional","affiliation":[{"name":"The University of Manchester, Manchester, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8456-6957","authenticated-orcid":false,"given":"Nathan","family":"Dautenhahn","sequence":"additional","affiliation":[{"name":"Rice University, Houston, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,10,23]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660350"},{"key":"e_1_3_2_1_2_1","volume-title":"Intel sgx explained. Cryptology ePrint Archive","author":"Costan V.","year":"2016","unstructured":"Costan , V. , and Devadas , S . Intel sgx explained. Cryptology ePrint Archive ( 2016 ). Costan, V., and Devadas, S. Intel sgx explained. Cryptology ePrint Archive (2016)."},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of 29th Network and Distributed System Security (NDSS) (2022), NDSS'22.","author":"Cui R.","unstructured":"Cui , R. , Zhao , L. , and Lie , D . Emilia: Catching iago in legacy code . In Proceedings of 29th Network and Distributed System Security (NDSS) (2022), NDSS'22. Cui, R., Zhao, L., and Lie, D. Emilia: Catching iago in legacy code. In Proceedings of 29th Network and Distributed System Security (NDSS) (2022), NDSS'22."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813611"},{"key":"e_1_3_2_1_5_1","first-page":"312","volume-title":"Proceedings of the 20th European Symposium on Research in Computer Security (Cham, 2015), G. Pernul, P. Y A Ryan, and E. Weippl, Eds., ESORICS'15, Springer International Publishing","author":"Hu H.","unstructured":"Hu , H. , Chua , Z. L. , Liang , Z. , and Saxena , P . Identifying arbitrary memory access vulnerabilities in privilege-separated software . In Proceedings of the 20th European Symposium on Research in Computer Security (Cham, 2015), G. Pernul, P. Y A Ryan, and E. Weippl, Eds., ESORICS'15, Springer International Publishing , pp. 312 -- 331 . Hu, H., Chua, Z. L., Liang, Z., and Saxena, P. Identifying arbitrary memory access vulnerabilities in privilege-separated software. In Proceedings of the 20th European Symposium on Research in Computer Security (Cham, 2015), G. Pernul, P. Y A Ryan, and E. Weippl, Eds., ESORICS'15, Springer International Publishing, pp. 312--331."},{"key":"e_1_3_2_1_6_1","first-page":"613","volume-title":"16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22)","author":"Huang Y.","year":"2022","unstructured":"Huang , Y. , Narayanan , V. , Detweiler , D. , Huang , K. , Tan , G. , Jaeger , T. , and Burtsev , A . Ksplit: Automating device driver isolation . In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22) ( 2022 ), pp. 613 -- 631 . Huang, Y., Narayanan, V., Detweiler, D., Huang, K., Tan, G., Jaeger, T., and Burtsev, A. Ksplit: Automating device driver isolation. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22) (2022), pp. 613--631."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3593856.3595892"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","first-page":"2990","DOI":"10.1109\/SP46215.2023.10179285","volume-title":"2023 IEEE Symposium on Security and Privacy (SP)","author":"Khan A.","year":"2023","unstructured":"Khan , A. , Xu , D. , and Tian , D. J . Ec: Embedded systems compartmentalization via intra-kernel isolation . In 2023 IEEE Symposium on Security and Privacy (SP) ( 2023 ), IEEE, pp. 2990 -- 3007 . Khan, A., Xu, D., and Tian, D. J. Ec: Embedded systems compartmentalization via intra-kernel isolation. In 2023 IEEE Symposium on Security and Privacy (SP) (2023), IEEE, pp. 2990--3007."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","first-page":"3008","DOI":"10.1109\/SP46215.2023.10179388","volume-title":"2023 IEEE Symposium on Security and Privacy (SP)","author":"Khan A.","year":"2023","unstructured":"Khan , A. , Xu , D. , and Tian , D. J . Low-cost privilege separation with compile time compartmentalization for embedded systems . In 2023 IEEE Symposium on Security and Privacy (SP) ( 2023 ), IEEE, pp. 3008 -- 3025 . Khan, A., Xu, D., and Tian, D. J. Low-cost privilege separation with compile time compartmentalization for embedded systems. In 2023 IEEE Symposium on Security and Privacy (SP) (2023), IEEE, pp. 3008--3025."},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 30th Annual Network and Distributed System Security Symposium (2023), NDSS'23.","author":"Lefeuvre H.","unstructured":"Lefeuvre , H. , B\u0103doiu , V.-A. , Chien , Y. , Huici , F. , Dautenhahn , N. , and Olivier , P . Assessing the impact of interface vulnerabilities in compartmentalized software . In Proceedings of the 30th Annual Network and Distributed System Security Symposium (2023), NDSS'23. Lefeuvre, H., B\u0103doiu, V.-A., Chien, Y., Huici, F., Dautenhahn, N., and Olivier, P. Assessing the impact of interface vulnerabilities in compartmentalized software. In Proceedings of the 30th Annual Network and Distributed System Security Symposium (2023), NDSS'23."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507759"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1145\/3458336.3465292","volume-title":"Proceedings of the Workshop on Hot Topics in Operating Systems","author":"Lefeuvre H.","year":"2021","unstructured":"Lefeuvre , H. , B\u0103doiu , V.-A. , Teodorescu , \u015e., Olivier , P. , Mosnoi , T. , Deaconescu , R. , Huici , F. , and Raiciu , C . Flexos: Making os isolation flexible . In Proceedings of the Workshop on Hot Topics in Operating Systems ( 2021 ), pp. 79 -- 87 . Lefeuvre, H., B\u0103doiu, V.-A., Teodorescu, \u015e., Olivier, P., Mosnoi, T., Deaconescu, R., Huici, F., and Raiciu, C. Flexos: Making os isolation flexible. In Proceedings of the Workshop on Hot Topics in Operating Systems (2021), pp. 79--87."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3458336.3465277"},{"key":"e_1_3_2_1_14_1","volume-title":"Checked-cbox: Type directed program partitioning with checked c for incremental spatial memory safety. arXiv preprint arXiv:2302.01811","author":"Li L.","year":"2023","unstructured":"Li , L. , Bhattar , A. , Chang , L. , Zhu , M. , and Machiry , A . Checked-cbox: Type directed program partitioning with checked c for incremental spatial memory safety. arXiv preprint arXiv:2302.01811 ( 2023 ). Li, L., Bhattar, A., Chang, L., Zhu, M., and Machiry, A. Checked-cbox: Type directed program partitioning with checked c for incremental spatial memory safety. arXiv preprint arXiv:2302.01811 (2023)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043568"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043568"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24026"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/3489212.3489252"},{"key":"e_1_3_2_1_19_1","volume-title":"Retrofitting fine grain isolation in the firefox renderer (extended version). arXiv preprint arXiv:2003.00572","author":"Narayan S.","year":"2020","unstructured":"Narayan , S. , Disselkoen , C. , Garfinkel , T. , Froyd , N. , Rahm , E. , Lerner , S. , Shacham , H. , and Stefan , D . Retrofitting fine grain isolation in the firefox renderer (extended version). arXiv preprint arXiv:2003.00572 ( 2020 ). Narayan, S., Disselkoen, C., Garfinkel, T., Froyd, N., Rahm, E., Lerner, S., Shacham, H., and Stefan, D. Retrofitting fine grain isolation in the firefox renderer (extended version). arXiv preprint arXiv:2003.00572 (2020)."},{"key":"e_1_3_2_1_20_1","first-page":"7","volume-title":"Workshop on Systems for Post-Moore Architectures 3","author":"Olivier P.","year":"2020","unstructured":"Olivier , P. , Barbalace , A. , and Ravindran , B . The case for intra-unikernel isolation . Workshop on Systems for Post-Moore Architectures 3 , 7 ( 2020 ), 8--12. Olivier, P., Barbalace, A., and Ravindran, B. The case for intra-unikernel isolation. Workshop on Systems for Post-Moore Architectures 3, 7 (2020), 8--12."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471839"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446731"},{"key":"e_1_3_2_1_24_1","first-page":"143","volume-title":"Proceedings of the 16th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (New York, NY, USA, 2020), VEE '20, Association for Computing Machinery","author":"Sung M.","unstructured":"Sung , M. , Olivier , P. , Lankes , S. , and Ravindran , B . Intra-unikernel isolation with intel memory protection keys . In Proceedings of the 16th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (New York, NY, USA, 2020), VEE '20, Association for Computing Machinery , p. 143 -- 156 . Sung, M., Olivier, P., Lankes, S., and Ravindran, B. Intra-unikernel isolation with intel memory protection keys. In Proceedings of the 16th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (New York, NY, USA, 2020), VEE '20, Association for Computing Machinery, p. 143--156."},{"key":"e_1_3_2_1_25_1","first-page":"1221","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Vahldiek-Oberwagner A.","year":"2019","unstructured":"Vahldiek-Oberwagner , A. , Elnikety , E. , Duarte , N. O. , Sammler , M. , Druschel , P. , and Garg , D . Erim: Secure, efficient in-process isolation with protection keys mpk . In 28th USENIX Security Symposium (USENIX Security 19) ( 2019 ), pp. 1221 -- 1238 . Vahldiek-Oberwagner, A., Elnikety, E., Duarte, N. O., Sammler, M., Druschel, P., and Garg, D. Erim: Secure, efficient in-process isolation with protection keys mpk. In 28th USENIX Security Symposium (USENIX Security 19) (2019), pp. 1221--1238."},{"key":"e_1_3_2_1_26_1","first-page":"1741","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2019), CCS '19, Association for Computing Machinery","author":"Van Bulck J.","unstructured":"Van Bulck , J. , Oswald , D. , Marin , E. , Aldoseri , A. , Garcia , F. D. , and Piessens , F . A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes . In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2019), CCS '19, Association for Computing Machinery , p. 1741 -- 1758 . Van Bulck, J., Oswald, D., Marin, E., Aldoseri, A., Garcia, F. D., and Piessens, F. A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2019), CCS '19, Association for Computing Machinery, p. 1741--1758."},{"key":"e_1_3_2_1_27_1","volume-title":"NDSS","author":"Vasilakis N.","year":"2018","unstructured":"Vasilakis , N. , Karel , B. , Roessler , N. , Dautenhahn , N. , DeHon , A. , and Smith , J. M . Breakapp: Automated, flexible application compartmentalization . In NDSS ( 2018 ). Vasilakis, N., Karel, B., Roessler, N., Dautenhahn, N., DeHon, A., and Smith, J. M. Breakapp: Automated, flexible application compartmentalization. In NDSS (2018)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.9"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1984.5010248"}],"event":{"name":"KISV '23: 1st Workshop on Kernel Isolation, Safety and Verification","location":"Koblenz Germany","acronym":"KISV '23","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems","USENIX"]},"container-title":["Proceedings of the 1st Workshop on Kernel Isolation, Safety and Verification"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3625275.3625399","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:50:04Z","timestamp":1750287004000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3625275.3625399"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,23]]},"references-count":30,"alternative-id":["10.1145\/3625275.3625399","10.1145\/3625275"],"URL":"https:\/\/doi.org\/10.1145\/3625275.3625399","relation":{},"subject":[],"published":{"date-parts":[[2023,10,23]]},"assertion":[{"value":"2023-10-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}