{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T15:46:22Z","timestamp":1774367182870,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":112,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2238467"],"award-info":[{"award-number":["CNS-2238467"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2104148"],"award-info":[{"award-number":["CNS-2104148"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1749895"],"award-info":[{"award-number":["CNS-1749895"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3644994","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"1159-1172","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["ISLAB: Immutable Memory Management Metadata for Commodity Operating System Kernels"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-3389-9837","authenticated-orcid":false,"given":"Marius","family":"Momeu","sequence":"first","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7233-4250","authenticated-orcid":false,"given":"Fabian","family":"Kilger","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-9143-3202","authenticated-orcid":false,"given":"Christopher","family":"Roemheld","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-0740-6495","authenticated-orcid":false,"given":"Simon","family":"Schn\u00fcckel","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0524-2493","authenticated-orcid":false,"given":"Sergej","family":"Proskurin","sequence":"additional","affiliation":[{"name":"BedRock Systems, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3106-0343","authenticated-orcid":false,"given":"Michalis","family":"Polychronakis","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, New York, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6528-437X","authenticated-orcid":false,"given":"Vasileios P.","family":"Kemerlis","sequence":"additional","affiliation":[{"name":"Brown University, Providence, Rhode Island, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2021. perf(1) - Performance analysis tools for Linux. https:\/\/man7.org\/linux\/man-pages\/man1\/perf.1.html."},{"key":"e_1_3_2_1_2_1","volume-title":"MarkUs: Drop-in Use-After-Free Prevention for Low-Level Languages. In IEEE Symposium on Security and Privacy (S&P). 578--591","author":"Ainsworth Sam","year":"2020","unstructured":"Sam Ainsworth and Timothy M Jones. 2020. MarkUs: Drop-in Use-After-Free Prevention for Low-Level Languages. In IEEE Symposium on Security and Privacy (S&P). 578--591."},{"key":"e_1_3_2_1_3_1","volume-title":"USENIX Security Symposium (SEC). 177--192","author":"Akritidis Periklis","year":"2010","unstructured":"Periklis Akritidis. 2010. Cling: A Memory Allocator to Mitigate Dangling Pointers. In USENIX Security Symposium (SEC). 177--192."},{"key":"e_1_3_2_1_4_1","unstructured":"Alex Plaskett. 2021. CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) - Part 1. https:\/\/research.nccgroup.com\/2021\/07\/15\/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Alexander Popov. 2021. Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel. https:\/\/a13xp0p0v.github.io\/2021\/02\/09\/CVE-2021-26708.html."},{"key":"e_1_3_2_1_6_1","unstructured":"Awarau and pql. 2022. CVE-2022-29582 An io_uring vulnerability. https:\/\/ruia-ruia.github.io\/2022\/08\/05\/CVE-2022-29582-io-uring\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Maher Azzouzi. 2021. CVE-2017-11176. https:\/\/github.com\/MaherAzzouzi\/LinuxKernelStudy\/tree\/main\/CVE-2017-11176."},{"key":"e_1_3_2_1_8_1","unstructured":"David's Blog. 2022. How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables. http:\/\/blog.dbouman.nl\/2022\/04\/02\/How-The-Tables-Have-Turned-CVE-2022-1015-1016\/."},{"key":"e_1_3_2_1_9_1","volume-title":"The Slab Allocator: An Object-Caching Kernel Memory Allocator. In USENIX Summer Technical Conference. 87--98","author":"Bonwick Jeff","year":"1994","unstructured":"Jeff Bonwick. 1994. The Slab Allocator: An Object-Caching Kernel Memory Allocator. In USENIX Summer Technical Conference. 87--98."},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Annual Technical Conference (ATC). 15--33","author":"Bonwick Jeff","year":"2001","unstructured":"Jeff Bonwick and Jonathan Adams. 2001. Magazines and Vmem: Extending the Slab Allocator to Many CPUs and Arbitrary Resources. In USENIX Annual Technical Conference (ATC). 15--33."},{"key":"e_1_3_2_1_11_1","volume-title":"European Interdisciplinary Cybersecurity Conference (EICC). 1--6.","author":"Bouch\u00e9 Johannes","year":"2020","unstructured":"Johannes Bouch\u00e9, Lukas Atkinson, and Martin Kappes. 2020. Shadow-Heap: Preventing Heap-based Memory Corruptions by Metadata Validation. In European Interdisciplinary Cybersecurity Conference (EICC). 1--6."},{"key":"e_1_3_2_1_12_1","volume-title":"Bovet and Marco Cesati","author":"Daniel","year":"2005","unstructured":"Daniel P. Bovet and Marco Cesati. 2005. Understanding the Linux Kernel. 294--350."},{"key":"e_1_3_2_1_13_1","volume-title":"USENIX Security Symposium (SEC). 249--266","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin Von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A Systematic Evaluation of Transient Execution Attacks and Defenses. In USENIX Security Symposium (SEC). 249--266."},{"key":"e_1_3_2_1_14_1","volume-title":"ACM ASIA Conference on Computer and Communications Security (ASIA CCS). 167--178","author":"Chen Quan","year":"2017","unstructured":"Quan Chen, Ahmed M Azab, Guruprasad Ganesh, and Peng Ning. 2017. PrivWatcher: Non-bypassable Monitoring and Protection of Process Credentials from Memory Corruption Attacks. In ACM ASIA Conference on Computer and Communications Security (ASIA CCS). 167--178."},{"key":"e_1_3_2_1_15_1","volume-title":"ACM Conference on Computer and Communications Security (CCS). 1165--1184","author":"Chen Yueqi","year":"2020","unstructured":"Yueqi Chen, Zhenpeng Lin, and Xinyu Xing. 2020. A Systematic Study of Elastic Objects in Kernel Exploitation. In ACM Conference on Computer and Communications Security (CCS). 1165--1184."},{"key":"e_1_3_2_1_16_1","volume-title":"SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel. In ACM Conference on Computer and Communications Security (CCS). 1707--1722","author":"Chen Yueqi","year":"2019","unstructured":"Yueqi Chen and Xinyu Xing. 2019. SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel. In ACM Conference on Computer and Communications Security (CCS). 1707--1722."},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIA CCS). 429--442","author":"Christou George","year":"2023","unstructured":"George Christou, Grigoris Ntousakis, Eric Lahtinen, Sotiris Ioannidis, Vasileios P Kemerlis, and Nikos Vasilakis. 2023. BinWrap: Hybrid Protection against Native Node. js Add-ons. In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIA CCS). 429--442."},{"key":"e_1_3_2_1_18_1","unstructured":"Jonathan Corbet. 2009. An updated guide to debugfs. https:\/\/lwn.net\/Articles\/334546\/."},{"key":"e_1_3_2_1_19_1","unstructured":"Jonathan Corbet. 2020. Memory protection keys for the kernel. https:\/\/lwn.net\/Articles\/826554\/."},{"key":"e_1_3_2_1_20_1","volume-title":"Understanding Linux Malware. In IEEE Symposium on Security and Privacy (S&P). 161--175","author":"Cozzi Emanuele","year":"2018","unstructured":"Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, and Davide Balzarotti. 2018. Understanding Linux Malware. In IEEE Symposium on Security and Privacy (S&P). 161--175."},{"key":"e_1_3_2_1_21_1","unstructured":"cutesmilee's blog. 2022. Exploiting CVE-2019-2215. https:\/\/cutesmilee.github.io\/kernel\/linux\/android\/2022\/02\/17\/cve-2019-2215_writeup.html."},{"key":"e_1_3_2_1_22_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Davi Lucas","year":"2017","unstructured":"Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables.. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_23_1","unstructured":"Vincent Dehors. 2021. Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492). https:\/\/www.synacktiv.com\/publications\/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021-3492.html."},{"key":"e_1_3_2_1_24_1","volume-title":"ACM\/IEEE Design Automation Conference (DAC). 1--6.","author":"Denis-Courmont R\u00e9mi","year":"2020","unstructured":"R\u00e9mi Denis-Courmont, Hans Liljestrand, Carlos Chinea, and Jan-Erik Ekberg. 2020. Camouflage: Hardware-assisted CFI for the ARM Linux kernel. In ACM\/IEEE Design Automation Conference (DAC). 1--6."},{"key":"e_1_3_2_1_25_1","unstructured":"Di Shen. 2017. The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel. https:\/\/pacsec.jp\/psj17\/PSJ2017_DiShen_Pacsec_FINAL.pdf."},{"key":"e_1_3_2_1_26_1","unstructured":"Apple Security Engineering and Architecture (SEAR). 2022. Towards the next generation of XNU memory safety: kalloc_type. https:\/\/security.apple.com\/blog\/towards-the-next-generation-of-xnu-memory-safety\/."},{"key":"e_1_3_2_1_27_1","unstructured":"Jason Evans. 2011. Scalable Memory Allocation Using jemalloc. https:\/\/engineering.fb.com\/2011\/01\/03\/core-infra\/scalable-memory-allocation-using-jemalloc\/."},{"key":"e_1_3_2_1_28_1","volume-title":"Workshop on Memory System Performance (MSPC). 68--77","author":"Feng Yi","year":"2005","unstructured":"Yi Feng and Emery D Berger. 2005. A Locality-Improving Dynamic Memory Allocator. In Workshop on Memory System Performance (MSPC). 68--77."},{"key":"e_1_3_2_1_29_1","volume-title":"FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID).","author":"Gaidis Alexander J.","unstructured":"Alexander J. Gaidis, Joao Moreira, Ke Sun, Alyssa Milburn, Vaggelis Atlidakis, and Vasileios P. Kemerlis. 2023. FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID)."},{"key":"e_1_3_2_1_30_1","unstructured":"Sanjay Ghemawat and Paul Menage. 2007. TCMalloc: Thread-Caching Malloc. http:\/\/goog-perftools.sourceforge.net\/doc\/tcmalloc.html."},{"key":"e_1_3_2_1_31_1","volume-title":"Bad Binder: Android In-The-Wild Exploit. https:\/\/googleprojectzero.blogspot.com\/2019\/11\/bad-binder-android-in-wild-exploit.html.","author":"Zero Google Project","year":"2019","unstructured":"Google Project Zero. 2019. Bad Binder: Android In-The-Wild Exploit. https:\/\/googleprojectzero.blogspot.com\/2019\/11\/bad-binder-android-in-wild-exploit.html."},{"key":"e_1_3_2_1_32_1","unstructured":"Google Project Zero. 2021. CVE-2021-22555: Turning \\x00\\x00 into 10000$. https:\/\/github.com\/google\/security-research\/blob\/master\/pocs\/linux\/cve-2021-22555\/writeup.md."},{"key":"e_1_3_2_1_33_1","volume-title":"International Symposium on Research in Attacks, Intrusions and Defenses (RAID).","author":"Gravani Spyridoula","year":"2021","unstructured":"Spyridoula Gravani, Mohammad Hedayati, John Criswell, and Michael L Scott. 2021. IskiOS: Intra-kernel Isolation and Security using Memory Protection Keys. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID)."},{"key":"e_1_3_2_1_34_1","unstructured":"GRIMM. 2021. New Old Bugs in the Linux Kernel. https:\/\/blog.grimm-co.com\/2021\/03\/new-old-bugs-in-linux-kernel.html."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Daniel Gruss Moritz Lipp Michael Schwarz Richard Fellner Cl\u00e9mentine Maurice and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. In Engineering Secure Software and Systems (ESSoS). 161--176.","DOI":"10.1007\/978-3-319-62105-0_11"},{"key":"e_1_3_2_1_36_1","volume-title":"Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In USENIX Annual Technical Conference (ATC). 489--504","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In USENIX Annual Technical Conference (ATC). 489--504."},{"key":"e_1_3_2_1_37_1","unstructured":"Ian Beer. 2019. In-the-wild iOS Exploit Chain 1. https:\/\/googleprojectzero.blogspot.com\/2019\/08\/in-wild-ios-exploit-chain-1.html."},{"key":"e_1_3_2_1_38_1","unstructured":"Intel. 2023. Intel\u00ae 64 and IA-32 Architectures Software Developer's Manuals. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html."},{"key":"e_1_3_2_1_39_1","unstructured":"Jann Horn. 2021. How a simple Linux kernel memory corruption bug can lead to complete system compromise. https:\/\/googleprojectzero.blogspot.com\/2021\/10\/how-simple-linux-kernel-memory.html."},{"key":"e_1_3_2_1_40_1","volume-title":"EPF: Evil Packet Filter. In USENIX Annual Technical Conference (ATC). 735--751","author":"Jin Di","year":"2023","unstructured":"Di Jin, Vaggelis Atlidakis, and Vasileios P Kemerlis. 2023. EPF: Evil Packet Filter. In USENIX Annual Technical Conference (ATC). 735--751."},{"key":"e_1_3_2_1_41_1","unstructured":"Kees Cook. 2017. mm: Add SLUB free list pointer obfuscation. https:\/\/patchwork.kernel.org\/patch\/9864165\/."},{"key":"e_1_3_2_1_42_1","volume-title":"USENIX Security Symposium (SEC). 957--972","author":"Kemerlis Vasileios P","year":"2014","unstructured":"Vasileios P Kemerlis, Michalis Polychronakis, and Angelos D Keromytis. 2014. ret2dir: Rethinking Kernel Isolation. In USENIX Security Symposium (SEC). 957--972."},{"key":"e_1_3_2_1_43_1","volume-title":"USENIX Security Symposium (SEC). 459--474","author":"Kemerlis Vasileios P.","unstructured":"Vasileios P. Kemerlis, Georgios Portokalidis, and Angelos D. Keromytis. 2012. kGuard: Lightweight Kernel Protection against Return-to-User Attacks. In USENIX Security Symposium (SEC). 459--474."},{"key":"e_1_3_2_1_44_1","unstructured":"The Linux Kernel. 2023. Page Table Isolation (PTI). https:\/\/www.kernel.org\/doc\/html\/next\/x86\/pti.html."},{"key":"e_1_3_2_1_45_1","unstructured":"The Linux Kernel. 2023. Physical Memory Model."},{"key":"e_1_3_2_1_46_1","unstructured":"The Linux Kernel. 2023. What is RCU? - \"Read Copy Update\". https:\/\/www.kernel.org\/doc\/html\/next\/RCU\/whatisRCU.html."},{"key":"e_1_3_2_1_47_1","volume-title":"VULNCON CTF 2021 - IPS. https:\/\/kileak.github.io\/ctf\/2021\/vulncon-ips\/.","year":"2021","unstructured":"kileak. 2021. VULNCON CTF 2021 - IPS. https:\/\/kileak.github.io\/ctf\/2021\/vulncon-ips\/."},{"key":"e_1_3_2_1_48_1","volume-title":"USENIX Summer Technical Conference. 203--207","author":"Killian Thomas J","year":"1984","unstructured":"Thomas J Killian. 1984. Processes as Files. In USENIX Summer Technical Conference. 203--207."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/365628.365655"},{"key":"e_1_3_2_1_50_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In IEEE Symposium on Security and Privacy (S&P). 1--19","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In IEEE Symposium on Security and Privacy (S&P). 1--19."},{"key":"e_1_3_2_1_51_1","volume-title":"Ottawa Linux Symposium (OLS). 263--271","author":"Kroah-Hartman Greg","year":"2003","unstructured":"Greg Kroah-Hartman. 2003. udev - A Userspace Implementation of devfs. In Ottawa Linux Symposium (OLS). 263--271."},{"key":"e_1_3_2_1_52_1","volume-title":"Annual Computer Security Applications Conference (ACSAC). 91--100","author":"Kruegel Christopher","year":"2004","unstructured":"Christopher Kruegel, William Robertson, and Giovanni Vigna. 2004. Detecting Kernel-level Rootkits through Binary Analysis. In Annual Computer Security Applications Conference (ACSAC). 91--100."},{"key":"e_1_3_2_1_53_1","volume-title":"Code-Pointer Integrity. In USENIX Symposium on Operating System Design and Implementation (OSDI). 147--163","author":"Kuznetzov Volodymyr","year":"2014","unstructured":"Volodymyr Kuznetzov, L\u00e1szl\u00f3 Szekeres, Mathias Payer, George Candea, R Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In USENIX Symposium on Operating System Design and Implementation (OSDI). 147--163."},{"key":"e_1_3_2_1_54_1","unstructured":"kylebot's Blog. 2022. [CVE-2022-1786] A Journey To The Dawn. https:\/\/blog.kylebot.net\/2022\/10\/16\/CVE-2022-1786\/."},{"key":"e_1_3_2_1_55_1","unstructured":"Lam Jun Rong. 2022. io_uring - new code new bugs and a new exploit technique. https:\/\/www.starlabs.sg\/blog\/2022\/06-io_uring-new-code-new-bugs-and-a-new-exploit-technique\/."},{"key":"e_1_3_2_1_56_1","unstructured":"Christoph Lameter. 2014. Slab Allocators in the Linux Kernel: SLAB SLOB SLUB. In Open Source Summit (LinuxCon)."},{"key":"e_1_3_2_1_57_1","volume-title":"Coccinelle: 10 Years of Automated Evolution in the Linux Kernel. In USENIX Annual Technical Conference (ATC). 601--614","author":"Lawall Julia","year":"2018","unstructured":"Julia Lawall and Gilles Muller. 2018. Coccinelle: 10 Years of Automated Evolution in the Linux Kernel. In USENIX Annual Technical Conference (ATC). 601--614."},{"key":"e_1_3_2_1_58_1","volume-title":"DirtyCred: Escalating Privilege in Linux Kernel. In ACM Conference on Computer and Communications Security (CCS). 1963--1976","author":"Lin Zhenpeng","year":"2022","unstructured":"Zhenpeng Lin, Yuhang Wu, and Xinyu Xing. 2022. DirtyCred: Escalating Privilege in Linux Kernel. In ACM Conference on Computer and Communications Security (CCS). 1963--1976."},{"key":"e_1_3_2_1_59_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (SEC). 973--990","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the 27th USENIX Security Symposium (SEC). 973--990."},{"key":"e_1_3_2_1_60_1","volume-title":"USENIX Security Symposium (SEC). 125--142","author":"Liu Jian","year":"2022","unstructured":"Jian Liu, Lin Yi, Weiteng Chen, Chengyu Song, Zhiyun Qian, and Qiuping Yi. 2022. LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution. In USENIX Security Symposium (SEC). 125--142."},{"key":"e_1_3_2_1_61_1","volume-title":"Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation. In ACM Conference on Computer and Communications Security (CCS). 1607--1619","author":"Liu Yutao","year":"2015","unstructured":"Yutao Liu, Tianyu Zhou, Kexin Chen, Haibo Chen, and Yubin Xia. 2015. Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation. In ACM Conference on Computer and Communications Security (CCS). 1607--1619."},{"key":"e_1_3_2_1_62_1","unstructured":"Maxime Peterlin Philip Pettersson Alexandre Adamski and Alex Radocea. 2020. Exploiting a Single Instruction Race Condition in Binder. https:\/\/www.longterm.io\/cve-2020-0423.html."},{"key":"e_1_3_2_1_63_1","volume-title":"USENIX Annual Technical Conference (ATC). 279--294","author":"McVoy Larry W","year":"1996","unstructured":"Larry W McVoy and Carl Staelin. 1996. lmbench: Portable Tools for Performance Analysis. In USENIX Annual Technical Conference (ATC). 279--294."},{"key":"e_1_3_2_1_64_1","volume-title":"Handbook of Applied Cryptography","author":"Menezes Alfred J","unstructured":"Alfred J Menezes, Paul C van Oorschot, and Scott A Vanstone. 2018. Handbook of Applied Cryptography. CRC press."},{"key":"e_1_3_2_1_65_1","unstructured":"Otto Moerbeek. 2009. A new malloc(3) for OpenBSD. https:\/\/www.openbsd.org\/papers\/eurobsdcon2009\/otto-malloc.pdf. In EuroBSDCon."},{"key":"e_1_3_2_1_66_1","unstructured":"Arthur Mongodin. 2022. [CVE-2022-34918] A crack in the Linux firewall. https:\/\/www.randorisec.fr\/crack-linux-firewall\/."},{"key":"e_1_3_2_1_67_1","unstructured":"James Morse. 2015. arm64: kernel: Add support for Privileged Access Never. https:\/\/lwn.net\/Articles\/651614\/."},{"key":"e_1_3_2_1_68_1","unstructured":"Andy Nguyen. 2020. BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution. https:\/\/google.github.io\/security-research\/pocs\/linux\/bleedingtooth\/writeup.html."},{"key":"e_1_3_2_1_69_1","unstructured":"Nick Gregory. 2022. The Discovery and Exploitation of CVE-2022-25636. https:\/\/nickgregory.me\/post\/2022\/03\/12\/cve-2022-25636\/."},{"key":"e_1_3_2_1_70_1","unstructured":"Vitaly Nikolenko. 2016. CVE-2016-6187: Exploiting Linux kernel heap off-by-one. https:\/\/duasynt.com\/blog\/cve-2016-6187-heap-off-by-one-exploit."},{"key":"e_1_3_2_1_71_1","volume-title":"DieHarder: Securing the Heap. In ACM Conference on Computer and Communications Security (CCS). 573--584","author":"Novark Gene","year":"2010","unstructured":"Gene Novark and Emery Berger. 2010. DieHarder: Securing the Heap. In ACM Conference on Computer and Communications Security (CCS). 573--584."},{"key":"e_1_3_2_1_72_1","volume-title":"DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection. In IEEE Symposium on Security and Privacy (S&P). 1919--1937","author":"Palit Tapti","year":"2021","unstructured":"Tapti Palit, Jarin Firose Moon, Fabian Monrose, and Michalis Polychronakis. 2021. DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection. In IEEE Symposium on Security and Privacy (S&P). 1919--1937."},{"key":"e_1_3_2_1_73_1","volume-title":"USENIX Annual Technical Conference (ATC). 241--254","author":"Park Soyeon","year":"2019","unstructured":"Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim. 2019. libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK). In USENIX Annual Technical Conference (ATC). 241--254."},{"key":"e_1_3_2_1_74_1","unstructured":"Manfred Paul. 2020. CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification. https:\/\/www.zerodayinitiative.com\/blog\/2020\/4\/8\/cve-2020-8835-linux-kernel-privilege-escalation-via-improper-ebpf-program-verification."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"crossref","unstructured":"Enrico Perla and Massimiliano Oldani. 2010. A Guide To Kernel Exploitation: Attacking the Core. 47--99.","DOI":"10.1016\/B978-1-59749-486-1.00003-6"},{"key":"e_1_3_2_1_76_1","unstructured":"Phantasmal Phantasmagoria. 2005. The Malloc Maleficarum. https:\/\/seclists.org\/bugtraq\/2005\/Oct\/118."},{"key":"e_1_3_2_1_77_1","unstructured":"Phoronix Test Suite. [n. d.]. Open-Source Automated Benchmarking. https:\/\/www.phoronix-test-suite.com."},{"key":"e_1_3_2_1_78_1","volume-title":"European Conference on Computer Systems (EuroSys). 420--436","author":"Pomonis Marios","year":"2017","unstructured":"Marios Pomonis, Theofilos Petsios, Angelos D Keromytis, Michalis Polychronakis, and Vasileios P Kemerlis. 2017. kR\u02c6 X: Comprehensive Kernel Protection against Just-In-Time Code Reuse. In European Conference on Computer Systems (EuroSys). 420--436."},{"key":"e_1_3_2_1_79_1","unstructured":"Alexander Popov. 2017. Race for Root: The Analysis of the Linux Kernel Race Condition Exploit. https:\/\/media.ccc.de\/v\/SHA2017-295-race_for_root_the_analysis_of_the_linux_kernel_race_condition_exploit."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"e_1_3_2_1_81_1","volume-title":"Libsec: A Hardware Virtualization-based Isolation for Shared Library","author":"Qiang Weizhong","year":"2017","unstructured":"Weizhong Qiang, Yong Cao, Weiqi Dai, Deqing Zou, Hai Jin, and Benxi Liu. 2017. Libsec: A Hardware Virtualization-based Isolation for Shared Library. In IEEE International Conference on High Performance Computing and Communications (HPCC); IEEE International Conference on Smart City (SmartCity); IEEE International Conference on Data Science and Systems (DSS). 34--41."},{"key":"e_1_3_2_1_82_1","volume-title":"PACMAN: Attacking ARM Pointer Authentication with Speculative Execution. In International Symposium on Computer Architecture (ISCA). 685--698","author":"Ravichandran Joseph","year":"2022","unstructured":"Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan. 2022. PACMAN: Attacking ARM Pointer Authentication with Speculative Execution. In International Symposium on Computer Architecture (ISCA). 685--698."},{"key":"e_1_3_2_1_83_1","volume-title":"International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 296--311","author":"Roessler Nick","year":"2021","unstructured":"Nick Roessler, Lucas Atayde, Imani Palmer, Derrick McKee, Jai Pandey, Vasileios P Kemerlis, Mathias Payer, Adam Bates, Jonathan M Smith, Andre DeHon, et al. 2021. \u03bcSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 296--311."},{"key":"e_1_3_2_1_84_1","unstructured":"Dan Rosenberg. 2011. A Heap of Trouble: Exploiting the Linux Kernel SLOB Allocator. http:\/\/vulnfactory.org\/research\/slob.pdf."},{"key":"e_1_3_2_1_85_1","unstructured":"Satoshi's notes. 2023. Intel VT-rp - Part 1. remapping attack and HLAT. https:\/\/tandasat.github.io\/blog\/2023\/07\/05\/intel-vt-rp-part-1.html."},{"key":"e_1_3_2_1_86_1","unstructured":"SecWiki. 2023. Linux Kernel Exploits. https:\/\/github.com\/SecWiki\/linux-kernel-exploits."},{"key":"e_1_3_2_1_87_1","unstructured":"SecWiki. 2023. Windows Kernel Exploits. https:\/\/github.com\/SecWiki\/windows-kernel-exploits."},{"key":"e_1_3_2_1_88_1","unstructured":"Shellphish. 2023. Educational Heap Exploitation. https:\/\/github.com\/shellphish\/how2heap."},{"key":"e_1_3_2_1_89_1","volume-title":"FreeGuard: A Faster Secure Heap Allocator. In ACM Conference on Computer and Communications Security (CCS). 2389--2403","author":"Silvestro Sam","year":"2017","unstructured":"Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, and Tongping Liu. 2017. FreeGuard: A Faster Secure Heap Allocator. In ACM Conference on Computer and Communications Security (CCS). 2389--2403."},{"key":"e_1_3_2_1_90_1","volume-title":"Guarder: A Tunable Secure Allocator. In USENIX Security Symposium (SEC). 117--133","author":"Silvestro Sam","year":"2018","unstructured":"Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, and Tongping Liu. 2018. Guarder: A Tunable Secure Allocator. In USENIX Security Symposium (SEC). 117--133."},{"key":"e_1_3_2_1_91_1","volume-title":"Attacking the Core: Kernel Exploiting Notes. Phrack","year":"2007","unstructured":"sqrkkyu and twzi. 2007. Attacking the Core: Kernel Exploiting Notes. Phrack (2007)."},{"key":"e_1_3_2_1_92_1","unstructured":"jemalloc. 2023. memory allocator. https:\/\/jemalloc.net."},{"key":"e_1_3_2_1_93_1","unstructured":"The Linux Kernel. [n. d.]. Kernel stacks on x86-64 bit. https:\/\/www.kernel.org\/doc\/Documentation\/x86\/kernel-stacks."},{"key":"e_1_3_2_1_94_1","unstructured":"The Linux Kernel. 2023. percpu memory allocator."},{"key":"e_1_3_2_1_95_1","unstructured":"Theori BLOG. [n. d.]. Linux Kernel Exploit (CVE-2022-32250) with mqueue. https:\/\/blog.theori.io\/linux-kernel-exploit-cve-2022-32250-with-mqueue-a8468f32aab5."},{"key":"e_1_3_2_1_96_1","volume-title":"USENIX Security Symposium (SEC). 1221--1238","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In USENIX Security Symposium (SEC). 1221--1238."},{"key":"e_1_3_2_1_97_1","unstructured":"Valentina Palmiotti. 2022. Put an io_uring on it: Exploiting the Linux Kernel. https:\/\/chompie.rip\/Blog+Posts\/Put+an+io_uring+on+it+-+Exploiting+the+Linux+Kernel."},{"key":"e_1_3_2_1_98_1","volume-title":"European Conference on Computer Systems (EuroSys). 266--282","author":"Voulimeneas Alexios","year":"2022","unstructured":"Alexios Voulimeneas, Jonas Vinck, Ruben Mechelinck, and Stijn Volckaert. 2022. You Shall Not (by)Pass! Practical, Secure, and Fast PKU-based Sandboxing. In European Conference on Computer Systems (EuroSys). 266--282."},{"key":"e_1_3_2_1_99_1","volume-title":"Countering Kernel Rootkits with Lightweight Hook Protection. In ACM Conference on Computer and Communications Security (CCS). 545--554","author":"Wang Zhi","year":"2009","unstructured":"Zhi Wang, Xuxian Jiang, Weidong Cui, and Peng Ning. 2009. Countering Kernel Rootkits with Lightweight Hook Protection. In ACM Conference on Computer and Communications Security (CCS). 545--554."},{"key":"e_1_3_2_1_100_1","volume-title":"SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation. In IEEE Symposium on Security and Privacy (S&P). 592--607","author":"Wang Zhe","year":"2020","unstructured":"Zhe Wang, Chenggang Wu, Mengyao Xie, Yinqian Zhang, Kangjie Lu, Xiaofeng Zhang, Yuanming Lai, Yan Kang, and Min Yang. 2020. SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation. In IEEE Symposium on Security and Privacy (S&P). 592--607."},{"key":"e_1_3_2_1_101_1","unstructured":"Wang Yong. 2019. From Zero to Root: Building Universal Android Rooting with a Type Confusion Vulnerability. In Zer0Con."},{"key":"e_1_3_2_1_102_1","volume-title":"Preventing Use-After-Free Attacks with Fast Forward Allocation. In USENIX Security Symposium (SEC). 2453--2470","author":"Wickman Brian","year":"2021","unstructured":"Brian Wickman, Hong Hu, Insu Yun, Daehee Jang, JungWon Lim, Sanidhya Kashyap, and Taesoo Kim. 2021. Preventing Use-After-Free Attacks with Fast Forward Allocation. In USENIX Security Symposium (SEC). 2453--2470."},{"key":"e_1_3_2_1_103_1","unstructured":"Wolfram Gloger. 2006. ptmalloc. http:\/\/www.malloc.de\/en\/."},{"key":"e_1_3_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3168089"},{"key":"e_1_3_2_1_105_1","volume-title":"CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation. In ACM Conference on Computer and Communications Security (CCS). 2989--3002","author":"Xie Mengyao","year":"2022","unstructured":"Mengyao Xie, Chenggang Wu, Yinqian Zhang, Jiali Xu, Yuanming Lai, Yan Kang, Wei Wang, and Zhe Wang. 2022. CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation. In ACM Conference on Computer and Communications Security (CCS). 2989--3002."},{"key":"e_1_3_2_1_106_1","unstructured":"Xingyu Jin and Richard Neal. 2021. The Art of Exploiting UAF by Ret2bpf in Android Kernel. In Black Hat Europe (BHEU)."},{"key":"e_1_3_2_1_107_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442479"},{"key":"e_1_3_2_1_108_1","volume-title":"ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels. arXiv preprint arXiv:1912.10666","author":"Yang Yutian","year":"2019","unstructured":"Yutian Yang, Songbo Zhu, Wenbo Shen, Yajin Zhou, Jiadong Sun, and Kui Ren. 2019. ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels. arXiv preprint arXiv:1912.10666 (2019)."},{"key":"e_1_3_2_1_109_1","volume-title":"USENIX Security Symposium (SEC). 89--106","author":"Yoo Sungbae","year":"2022","unstructured":"Sungbae Yoo, Jinbum Park, Seolheui Kim, Yeji Kim, and Taesoo Kim. 2022. In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication. In USENIX Security Symposium (SEC). 89--106."},{"key":"e_1_3_2_1_110_1","volume-title":"USENIX Security Symposium (SEC). 71--88","author":"Zeng Kyle","year":"2022","unstructured":"Kyle Zeng, Yueqi Chen, Haehyun Cho, Xinyu Xing, Adam Doup\u00e9, Yan Shoshitaishvili, and Tiffany Bao. 2022. Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability. In USENIX Security Symposium (SEC). 71--88."},{"key":"e_1_3_2_1_111_1","volume-title":"IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 215--223","author":"Zhong Bingnan","year":"2021","unstructured":"Bingnan Zhong and Qingkai Zeng. 2021. SecPT: Providing Efficient Page Table Protection based on SMAP Feature in an Untrusted Commodity Kernel. In IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 215--223."},{"key":"e_1_3_2_1_112_1","volume-title":"Dynamic Memory Protection via Intel SGX-Supported Heap Allocation","author":"Zonouz Saman","unstructured":"Saman Zonouz, Mingbo Zhang, Pengfei Sun, Luis Garcia, and Xiruo Liu. 2018. Dynamic Memory Protection via Intel SGX-Supported Heap Allocation. In IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC); IEEE International Conference on Pervasive Intelligence and Computing (PICom); IEEE International Conference on Big Data Intelligence and Computing (DataCom); IEEE International Conference on Cyber Science and Technology Congress (CyberSciTech). 608--617."}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","location":"Singapore Singapore","acronym":"ASIA CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3644994","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:06Z","timestamp":1750290246000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3644994"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":112,"alternative-id":["10.1145\/3634737.3644994","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3644994","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}