{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T15:33:37Z","timestamp":1772724817230,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":61,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670332","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"1091-1105","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["On Kernel's Safety in the Spectre Era (And KASLR is Formally Dead)"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-2981-2962","authenticated-orcid":false,"given":"Davide","family":"Davoli","sequence":"first","affiliation":[{"name":"Inria, Universit\u00e9 C\u00f4te d'Azur, Sophia Antipolis, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6445-8833","authenticated-orcid":false,"given":"Martin","family":"Avanzini","sequence":"additional","affiliation":[{"name":"Inria, Universit\u00e9 C\u00f4te d'Azur, Sophia Antipolis, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3744-0248","authenticated-orcid":false,"given":"Tamara","family":"Rezk","sequence":"additional","affiliation":[{"name":"Inria, Universit\u00e9 C\u00f4te d'Azur, Sophia Antipolis, France"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_3_2_1_2_1","volume-title":"Principles of Security and Trust, David Basin and John C","author":"Abadi Mart\u00edn","unstructured":"Mart\u00edn Abadi and J\u00e9r\u00e9my Planul. 2013. On Layout Randomization for Arrays and Functions. In Principles of Security and Trust, David Basin and John C. Mitchell (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 167--185."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-06880-0_1"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2240276.2240279"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560689"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF57540.2023.00037"},{"key":"e_1_3_2_1_7_1","volume-title":"Pierce","author":"de Amorim Arthur Azevedo","year":"2018","unstructured":"Arthur Azevedo de Amorim, C\u0103t\u0103lin Hri\u0163cu, and Benjamin C. Pierce. 2018. The Meaning of Memory Safety. In Principles of Security and Trust, Lujo Bauer and Ralf K\u00fcsters (Eds.). Springer International Publishing, Cham, 79--105."},{"key":"e_1_3_2_1_8_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Barberis Enrico","year":"2022","unstructured":"Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida. 2022. Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 971--988. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/barberis"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660283"},{"key":"e_1_3_2_1_10_1","volume-title":"High-Assurance Cryptography in the Spectre Era. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE","author":"Barthe Gilles","year":"2021","unstructured":"Gilles Barthe, Sunjay Cauligi, Benjamin Gr\u00e9goire, Adrien Koutsos, Kevin Liao, Tiago Oliveira, Swarn Priya, Tamara Rezk, and Peter Schwabe. 2021. High-Assurance Cryptography in the Spectre Era. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, New York, NY, USA, 1884--1901. https:\/\/doi.org\/10.1109\/ SP40001.2021.00046"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133981.1134000"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384747"},{"key":"e_1_3_2_1_13_1","unstructured":"Chandler Carruth. 2018. Speculative Load Hardening. https:\/\/llvm.org\/docs\/SpeculativeLoadHardening.html"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3385970"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423353"},{"key":"e_1_3_2_1_16_1","unstructured":"Jonathan Corbet. 2012. Supervisor mode access prevention. https:\/\/lwn.net\/Articles\/517475\/"},{"key":"e_1_3_2_1_17_1","volume-title":"ProSpeCT: Provably Secure Speculation for the Constant-Time Policy. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Daniel Lesly-Ann","year":"2023","unstructured":"Lesly-Ann Daniel, Marton Bognar, Job Noorman, S\u00e9bastien Bardin, Tamara Rezk, and Frank Piessens. 2023. ProSpeCT: Provably Secure Speculation for the Constant-Time Policy. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 7161--7178. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/daniel"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Davide Davoli Martin Avanzini and Tamara Rezk. 2024. On Kernel's Safety in the Spectre Era (Extended Version). arXiv:2406.07278","DOI":"10.1145\/3658644.3670332"},{"key":"e_1_3_2_1_19_1","unstructured":"Theo de Raadt. 2017. OpenBSD 6.3. https:\/\/www.openbsd.org\/33.html"},{"key":"e_1_3_2_1_20_1","unstructured":"Jake Edge. 2013. Kernel address space layout randomization. https:\/\/lwn.net\/Articles\/569635\/"},{"key":"e_1_3_2_1_21_1","unstructured":"Stephen Fischer. 2011. Supervisor Mode Execution Protection. https:\/\/www.ncsi.com\/nsatc11\/presentations\/wednesday\/emerging_technologies\/fischer.pdf"},{"key":"e_1_3_2_1_22_1","unstructured":"Thomas Garnier. 2016. Randomizing the Linux kernel heap freelists. https:\/\/mxatone.medium.com\/randomizing-the-linux-kernel-heap-freelists-b899bb99c767"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.24"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.1982.10014"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417289"},{"key":"e_1_3_2_1_26_1","volume-title":"KASLR is Dead: Long Live KASLR","author":"Gruss Daniel","unstructured":"Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Cl\u00e9mentine Maurice, and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. In Engineering Secure Software and Systems, Eric Bodden, Mathias Payer, and Elias Athanasopoulos (Eds.). Springer International Publishing, Cham, 161--176."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978356"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00011"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00036"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.23"},{"key":"e_1_3_2_1_31_1","unstructured":"Apple Inc. 2011. Mac OS X has you Covered. http:\/\/www.apple.com\/macosx\/security\/"},{"key":"e_1_3_2_1_32_1","volume-title":"Intel \u00ae64 and IA-32 Architectures Software Developer's Manual","author":"Intel Corporation 2023.","unstructured":"Intel Corporation 2023. Intel \u00ae64 and IA-32 Architectures Software Developer's Manual. Intel Corporation."},{"key":"e_1_3_2_1_33_1","unstructured":"The kernel development community. 2023. Page Table Isolation (PTI). https:\/\/www.kernel.org\/doc\/html\/next\/x86\/pti.html"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_35_1","volume-title":"Uncontained: Uncovering Container Confusion in the Linux Kernel. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Koschel Jakob","year":"2023","unstructured":"Jakob Koschel, Pietro Borrello, Daniele Cono D'Elia, Herbert Bos, and Cristiano Giuffrida. 2023. Uncontained: Uncovering Container Confusion in the Linux Kernel. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 5055--5072. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/koschel"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00027"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2159712"},{"key":"e_1_3_2_1_38_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp"},{"key":"e_1_3_2_1_39_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3623652.3623669"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3246170"},{"key":"e_1_3_2_1_42_1","volume-title":"2021 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society","author":"Mambretti A.","year":"1992","unstructured":"A. Mambretti, A. Sandulescu, A. Sorniotti,W. Robertson, E. Kirda, and A. Kurmus. 2021. Bypassing memory safety mechanisms through speculative control flow hijacks. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society, Los Alamitos, CA, USA, 633--649. https:\/\/doi.org\/10. 1109\/EuroSP51992.2021.00048"},{"key":"e_1_3_2_1_43_1","unstructured":"Tarjei Mandt. 2013. Attacking the iOS Kernel: A Look at 'evasi0n'. https:\/\/papers.put.as\/papers\/ios\/2013\/NISlecture201303.pdf"},{"key":"e_1_3_2_1_44_1","unstructured":"Ed Maste. 2023. Address Space Layout Randomization (ASLR). https:\/\/wiki.freebsd.org\/AddressSpaceLayoutRandomization"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3571208"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Jo\u00e3o Moreira Sandro Rigo Michalis Polychronakis and Vasileios P Kemerlis. 2017. DROP THE ROP Fine-grained Control-flow Integrity for the Linux Kernel.","DOI":"10.5753\/sbseg.2016.19322"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1543135.1542504"},{"key":"e_1_3_2_1_48_1","unstructured":"Android Open Source Project. 2022. Kernel Hardening. https:\/\/source.android.com\/docs\/core\/architecture\/kernel\/hardening"},{"key":"e_1_3_2_1_49_1","unstructured":"Liam Proven. 2022. Linux 6.1: Rust to hit mainline kernel. https:\/\/www.theregister.com\/2022\/10\/05\/rust_kernel_pull_request_pulled\/"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3470496.3527429"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2638"},{"key":"e_1_3_2_1_52_1","unstructured":"Mark Rutland. 2017. ARMv8. 3 Pointer Authentication."},{"key":"e_1_3_2_1_53_1","volume-title":"Linux kernel heap feng shui","author":"Vitaly Nikolenko Michael","year":"2022","unstructured":"Michael S and Vitaly Nikolenko. 2022. Linux kernel heap feng shui in 2022. https:\/\/duasynt.com\/blog\/linux-kernel-heap-feng-shui-2022"},{"key":"e_1_3_2_1_54_1","unstructured":"SecurityScorecard. 2022. Threat overview for Linux Kernel. https:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_3_2_1_56_1","volume-title":"Tanenbaum and Herbert Bos","author":"Andrew","year":"2014","unstructured":"Andrew S. Tanenbaum and Herbert Bos. 2014. Modern Operating Systems (4th ed.). Prentice Hall Press, USA."},{"key":"e_1_3_2_1_57_1","unstructured":"PaX Team. 2003. Documentation for the PaX project. https:\/\/pax.grsecurity.net\/docs\/"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3434330"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.30"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358306"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358274"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670332","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670332","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:55:49Z","timestamp":1755842149000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670332"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":61,"alternative-id":["10.1145\/3658644.3670332","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670332","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}