{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:30:01Z","timestamp":1766449801688,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":91,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"Seoul National University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690184","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"2919-2933","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["PeTAL: Ensuring Access Control Integrity against Data-only Attacks on Linux"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-5771-203X","authenticated-orcid":false,"given":"Juhee","family":"Kim","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Seoul National University, Seoul, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-2974-4905","authenticated-orcid":false,"given":"Jinbum","family":"Park","sequence":"additional","affiliation":[{"name":"Samsung Research, Seoul, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8019-2844","authenticated-orcid":false,"given":"Yoochan","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Seoul National University, Seoul, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6617-3068","authenticated-orcid":false,"given":"Chengyu","family":"Song","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7440-2067","authenticated-orcid":false,"given":"Taesoo","family":"Kim","sequence":"additional","affiliation":[{"name":"Samsung Research & Georgia Institute of Technology, Seoul, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7746-0572","authenticated-orcid":false,"given":"Byoungyoung","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Seoul National University, Seoul, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"unstructured":"x86 nx support 2004. https:\/\/lwn.net\/Articles\/87814\/.","key":"e_1_3_2_1_1_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_2_1","DOI":"10.1145\/1609956.1609960"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 32nd USENIX Security Symposium (Security)","author":"Ahmed S.","year":"2023","unstructured":"S. Ahmed, H. Liljestrand, H. Jamjoom, M. Hicks, N. Asokan, and D. D. Yao. Not all data are created equal: Data and pointer prioritization for scalable protection against {Data-Oriented} attacks. In Proceedings of the 32nd USENIX Security Symposium (Security), Anaheim, CA, Aug. 2023."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_4_1","DOI":"10.1109\/SP.2008.30"},{"key":"e_1_3_2_1_5_1","volume-title":"Security analysis of mte through examples","author":"Amar S.","year":"2022","unstructured":"S. Amar. Security analysis of mte through examples, 2022. https:\/\/msrndcdn360.blob.core.windows.net\/bluehat\/bluehatil\/2022\/assets\/doc\/Security%20Analysis%20of%20MTE%20Through%20Examples__Saar%20Amar.pdf."},{"volume-title":"Kernel control flow integrity","year":"2024","unstructured":"Android. Kernel control flow integrity, 2024. https:\/\/source.android.com\/docs\/security\/test\/kcfi.","key":"e_1_3_2_1_6_1"},{"unstructured":"Apple. Armv8.3 pointer authentication in xnu 2021. https:\/\/opensource.apple.com\/source\/xnu\/xnu-7195.60.75\/doc\/pac.md.","key":"e_1_3_2_1_7_1"},{"volume-title":"Operating system integrity","year":"2024","unstructured":"Apple. Operating system integrity, 2024. https:\/\/support.apple.com\/guide\/security\/operating-system-integrity-sec8b776536b\/web.","key":"e_1_3_2_1_8_1"},{"volume-title":"Page protection layer","year":"2024","unstructured":"Apple. Page protection layer, 2024. https:\/\/support.apple.com\/guide\/security\/operating-system-integrity-sec8b776536b\/1\/web\/1#sec314c3af61.","key":"e_1_3_2_1_9_1"},{"volume-title":"Memory tagging extension","year":"2019","unstructured":"Arm. Memory tagging extension, 2019. https:\/\/developer.arm.com\/-\/media\/Arm%20Developer%20Community\/PDF\/Arm_Memory_Tagging_Extension_Whitepaper.pdf.","key":"e_1_3_2_1_10_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_11_1","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_1_12_1","volume-title":"Examining pointer authentication on the iphone xs","author":"Azad B.","year":"2019","unstructured":"B. Azad. Examining pointer authentication on the iphone xs, 2019. https:\/\/googleprojectzero.blogspot.com\/2019\/02\/examining-pointer-authentication-on.html."},{"key":"e_1_3_2_1_13_1","volume-title":"A study in pac","author":"Azad B.","year":"2019","unstructured":"B. Azad. A study in pac, 2019. https:\/\/bazad.github.io\/presentations\/MOSEC-2019-A-study-in-PAC.pdf."},{"key":"e_1_3_2_1_14_1","volume-title":"ios kernel pac, one year later","author":"Azad B.","year":"2020","unstructured":"B. Azad. ios kernel pac, one year later, 2020. https:\/\/i.blackhat.com\/USA-20\/Wednesday\/us-20-Azad-iOS-Kernel-PAC-One-Year-Later.pdf."},{"key":"e_1_3_2_1_15_1","first-page":"10","volume-title":"FREENIX Track","volume":"41","author":"Bellard F.","year":"2005","unstructured":"F. Bellard. Qemu, a fast and portable dynamic translator. In USENIX annual technical conference, FREENIX Track, volume 41, pages 10--5555. California, USA, 2005."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.5555\/3620237.3620396"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Castro M.","year":"2006","unstructured":"M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Seattle, WA, Nov. 2006."},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 14th USENIX Security Symposium (Security)","author":"Chen S.","year":"2005","unstructured":"S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-control-data attacks are realistic threats. In Proceedings of the 14th USENIX Security Symposium (Security), Baltimore, MD, Aug. 2005."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_19_1","DOI":"10.1145\/349299.349311"},{"volume-title":"Control flow integrity","year":"2024","unstructured":"Clang. Control flow integrity, 2024. https:\/\/clang.llvm.org\/docs\/ControlFlowIntegrity.html.","key":"e_1_3_2_1_20_1"},{"key":"e_1_3_2_1_21_1","volume-title":"proc: protect mm start_code\/end_code in \/proc\/pid\/stat","author":"Cook K.","year":"2011","unstructured":"K. Cook. proc: protect mm start_code\/end_code in \/proc\/pid\/stat, 2011. https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=5883f57ca0008ffc93e09cbb9847a1928e50c6f3."},{"key":"e_1_3_2_1_22_1","volume-title":"Supervisor mode access prevention","author":"Corbet J.","year":"2012","unstructured":"J. Corbet. Supervisor mode access prevention, 2012. https:\/\/lwn.net\/Articles\/517475\/."},{"key":"e_1_3_2_1_23_1","volume-title":"the universal in-kernel virtual machine","author":"Corbet J.","year":"2014","unstructured":"J. Corbet. Bpf: the universal in-kernel virtual machine, 2014. https:\/\/lwn.net\/Articles\/599755\/."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_24_1","DOI":"10.1109\/SP.2014.26"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.1145\/178243.178263"},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS)","author":"Duy K. Dinh","year":"2023","unstructured":"K. Dinh Duy, K. Cho, T. Noh, and H. Lee. Capacity: Cryptographically-enforced in-process capabilities for modern arm architectures. In Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), Copenghagen, Denmark, Nov. 2023."},{"key":"e_1_3_2_1_27_1","volume-title":"Kernel address space layout randomization","author":"Edge J.","year":"2013","unstructured":"J. Edge. Kernel address space layout randomization, 2013. https:\/\/lwn.net\/Articles\/569635\/."},{"key":"e_1_3_2_1_28_1","volume-title":"Control-flow integrity for the kernel","author":"Edge J.","year":"2020","unstructured":"J. Edge. Control-flow integrity for the kernel, 2020. https:\/\/lwn.net\/Articles\/810077\/."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_29_1","DOI":"10.1109\/SP.2015.53"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1109\/TCAD.2022.3197511"},{"key":"e_1_3_2_1_31_1","volume-title":"Apache http server benchmarking tool","author":"Foundation T. A. S.","year":"2022","unstructured":"T. A. S. Foundation. Apache http server benchmarking tool, 2022. https:\/\/httpd.apache.org\/docs\/2.4\/programs\/ab.html."},{"key":"e_1_3_2_1_32_1","volume-title":"Apache http server project","author":"Foundation T. A. S.","year":"2022","unstructured":"T. A. S. Foundation. Apache http server project, 2022. https:\/\/httpd.apache.org."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1145\/3607199.3607219"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.1145\/3445814.3446728"},{"volume-title":"leveldb","year":"2023","unstructured":"google. leveldb, 2023. https:\/\/github.com\/google\/leveldb.","key":"e_1_3_2_1_35_1"},{"volume-title":"syzbot dashboard","year":"2024","unstructured":"Google. syzbot dashboard, 2024. https:\/\/syzkaller.appspot.com\/upstream.","key":"e_1_3_2_1_36_1"},{"volume-title":"How does rap works","year":"2024","unstructured":"Grsecurity. How does rap works, 2024. https:\/\/grsecurity.net\/rap_faq.","key":"e_1_3_2_1_37_1"},{"key":"e_1_3_2_1_38_1","volume-title":"bpf:disallow unprivileged bpf by default","author":"Gupta P.","year":"2021","unstructured":"P. Gupta. bpf:disallow unprivileged bpf by default, 2021. https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=8a03e56b253e9691c90bc52ca199323d71b96204."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the 32nd USENIX Security Symposium (Security)","author":"He Y.","year":"2023","unstructured":"Y. He, R. Guo, Y. Xing, X. Che, K. Sun, Z. Liu, K. Xu, and Q. Li. Cross container attacks: The bewildered {eBPF} on clouds. In Proceedings of the 32nd USENIX Security Symposium (Security), Anaheim, CA, Aug. 2023."},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 2019 USENIX Annual Technical Conference (ATC)","author":"Hedayati M.","year":"2019","unstructured":"M. Hedayati, S. Gravani, E. Johnson, J. Criswell, M. L. Scott, K. Shen, and M. Marty. Hodor:{Intra-Process} isolation for {High-Throughput} data plane libraries. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC), Renton, WA, July 2019."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_41_1","DOI":"10.1109\/SP.2016.62"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_42_1","DOI":"10.1145\/3243734.3243739"},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 2023 USENIX Annual Technical Conference (ATC)","author":"Jin D.","year":"2023","unstructured":"D. Jin, V. Atlidakis, and V. P. Kemerlis. {EPF}: Evil packet filter. In Proceedings of the 2023 USENIX Annual Technical Conference (ATC), Boston, MA, July 2023."},{"unstructured":"M. Kerrisk. Linux man pages online 2024. https:\/\/man7.org\/linux\/man-pages\/index.html.","key":"e_1_3_2_1_44_1"},{"key":"e_1_3_2_1_45_1","volume-title":"Tiktag: Breaking arm?s memory tagging extension with speculative execution. arXiv preprint arXiv:2406.08719","author":"Kim J.","year":"2024","unstructured":"J. Kim, J. Park, S. Roh, J. Chung, Y. Lee, T. Kim, and B. Lee. Tiktag: Breaking arm?s memory tagging extension with speculative execution. arXiv preprint arXiv:2406.08719, 2024."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_46_1","DOI":"10.1109\/SP.2019.00002"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_47_1","DOI":"10.5555\/3620237.3620473"},{"key":"e_1_3_2_1_48_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (Security)","author":"Liljestrand H.","year":"2019","unstructured":"H. Liljestrand, T. Nyman, K. Wang, C. C. Perez, J.-E. Ekberg, and N. Asokan. {PAC} it up: Towards pointer integrity using {ARM} pointer authentication. In Proceedings of the 28th USENIX Security Symposium (Security), Santa Clara, CA, Aug. 2019."},{"key":"e_1_3_2_1_49_1","volume-title":"Arm a64 instruction set for a-profile architecture","author":"Limited A.","year":"2024","unstructured":"A. Limited. Arm a64 instruction set for a-profile architecture, 2024. https:\/\/developer.arm.com\/documentation\/ddi0602\/latest\/."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_50_1","DOI":"10.1145\/3548606.3560585"},{"volume-title":"capabilities(7)","year":"2024","unstructured":"Linux. capabilities(7), 2024. https:\/\/man7.org\/linux\/man-pages\/man7\/capabilities.7.html.","key":"e_1_3_2_1_51_1"},{"key":"e_1_3_2_1_52_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (Security)","author":"Lipp M.","year":"2018","unstructured":"M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, et al. Meltdown: Reading kernel memory from user space. In Proceedings of the 27th USENIX Security Symposium (Security), Baltimore, MD, Aug. 2018."},{"unstructured":"LukeCheeseman. [aarch64] - return address signing 2018. https:\/\/reviews.llvm.org\/D49793.","key":"e_1_3_2_1_53_1"},{"key":"e_1_3_2_1_54_1","first-page":"259","volume-title":"USENIX winter","author":"McCanne S.","year":"1993","unstructured":"S. McCanne and V. Jacobson. The bsd packet filter: A new architecture for user-level packet capture. In USENIX winter, volume 46, pages 259--270, 1993."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_55_1","DOI":"10.14722\/ndss.2022.24026"},{"volume-title":"Control flow guard for platform security","year":"2024","unstructured":"Microsoft. Control flow guard for platform security, 2024. https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/secbp\/control-flow-guard.","key":"e_1_3_2_1_56_1"},{"unstructured":"MITRE. CVE-2019--2215. 2019. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019--2215.","key":"e_1_3_2_1_57_1"},{"unstructured":"MITRE. CVE-2020--8835. 2020. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020--8835.","key":"e_1_3_2_1_58_1"},{"unstructured":"MITRE. CVE-2022--4154. 2021. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021--4154.","key":"e_1_3_2_1_59_1"},{"unstructured":"M. Y. Mo. Gaining kernel code execution on an mte-enabled pixel 8 2024. https:\/\/github.blog\/security\/vulnerability-research\/gaining-kernel-code-execution-on-an-mte-enabled-pixel-8\/.","key":"e_1_3_2_1_60_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_61_1","DOI":"10.1145\/3634737.3644994"},{"unstructured":"nbench. Linux\/unix nbench 1996. https:\/\/www.math.utah.edu\/~mayer\/linux\/bmark.html.","key":"e_1_3_2_1_62_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_63_1","DOI":"10.1109\/SP40001.2021.00082"},{"unstructured":"L. Project. Iterating over def-use & use-def chains 2024. https:\/\/llvm.org\/docs\/ProgrammersManual.html#iterating-over-def-use-use-def-chains.","key":"e_1_3_2_1_64_1"},{"unstructured":"T. C. Projects. Control flow integrity 2024. https:\/\/www.chromium.org\/developers\/testing\/control-flow-integrity\/.","key":"e_1_3_2_1_65_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_66_1","DOI":"10.1109\/SP40000.2020.00041"},{"volume-title":"Pointer authentication on armv8.3","year":"2017","unstructured":"Qualcomm. Pointer authentication on armv8.3, 2017. https:\/\/www.qualcomm.com\/media\/documents\/files\/whitepaper-pointer-authentication-on-armv8--3.pdf.","key":"e_1_3_2_1_67_1"},{"unstructured":"T. Ravitch. Whole program llvm 2023. https:\/\/github.com\/travitch\/whole-program-llvm.","key":"e_1_3_2_1_68_1"},{"volume-title":"Kernel exploitation techniques: modprobe_path","year":"2022","unstructured":"sam4k. Kernel exploitation techniques: modprobe_path, 2022. https:\/\/sam4k.com\/like-techniques-modprobe_path.","key":"e_1_3_2_1_69_1"},{"volume-title":"Network platform analytics (npa)","year":"2023","unstructured":"Samsung. Network platform analytics (npa), 2023. https:\/\/docs.samsungknox.com\/admin\/fundamentals\/whitepaper\/network-security\/network-platform-analytics\/.","key":"e_1_3_2_1_70_1"},{"key":"e_1_3_2_1_71_1","first-page":"2200","author":"Samsung","year":"2024","unstructured":"Samsung. Exynos 2200, 2024. https:\/\/semiconductor.samsung.com\/processor\/mobile-processor\/exynos-2200\/.","journal-title":"Exynos"},{"volume-title":"Real-time kernel protection (rkp)","year":"2024","unstructured":"Samsung. Real-time kernel protection (rkp), 2024. https:\/\/docs.samsungknox.com\/admin\/fundamentals\/whitepaper\/samsung-knox-for-android\/core-platform-security\/real-time-kernel-protection\/.","key":"e_1_3_2_1_72_1"},{"volume-title":"Mobile","year":"2024","unstructured":"Samsung. Mobile, 2024. https:\/\/opensource.samsung.com\/uploadList?menuItem=mobile.","key":"e_1_3_2_1_73_1"},{"key":"e_1_3_2_1_74_1","volume-title":"Access control: principle and practice","author":"Sandhu R. S.","year":"1994","unstructured":"R. S. Sandhu and P. Samarati. Access control: principle and practice. IEEE communications magazine, 32(9):40--48, 1994."},{"key":"e_1_3_2_1_75_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (Security)","author":"Schrammel D.","year":"2020","unstructured":"D. Schrammel, S. Weiser, S. Steinegger, M. Schwarzl, M. Schwarz, S. Mangard, and D. Gruss. Donky: Domain keys--efficient in-process isolation for risc-v and x86. In Proceedings of the 29th USENIX Security Symposium (Security), Virtual, USA, Aug. 2020."},{"key":"e_1_3_2_1_76_1","volume-title":"Proceedings of the 31st USENIX Security Symposium (Security)","author":"Schrammel D.","year":"2022","unstructured":"D. Schrammel, S. Weiser, R. Sadek, and S. Mangard. Jenny: Securing syscalls for {PKU-based} memory isolation systems. In Proceedings of the 31st USENIX Security Symposium (Security), Boston, MA, Aug. 2022."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_77_1","DOI":"10.14722\/ndss.2016.23218"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_78_1","DOI":"10.1109\/SP.2016.9"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_79_1","DOI":"10.5555\/3691938.3691971"},{"key":"e_1_3_2_1_80_1","volume-title":"remapping attack and hlat","author":"Tanda S.","year":"2023","unstructured":"S. Tanda. Intel vt-rp - part 1. remapping attack and hlat, 2023."},{"key":"e_1_3_2_1_81_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium (Security)","author":"Tice C.","year":"2014","unstructured":"C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, \u00da. Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-flow integrity in {GCC} & {LLVM}. In Proceedings of the 23rd USENIX Security Symposium (Security), San Diego, CA, Aug. 2014."},{"key":"e_1_3_2_1_82_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (Security)","author":"Vahldiek-Oberwagner A.","year":"2019","unstructured":"A. Vahldiek-Oberwagner, E. Elnikety, N. O. Duarte, M. Sammler, P. Druschel, and D. Garg. {ERIM}: Secure, efficient in-process isolation with protection keys ({MPK}). In Proceedings of the 28th USENIX Security Symposium (Security), Santa Clara, CA, Aug. 2019."},{"key":"e_1_3_2_1_83_1","volume-title":"Proceedings of the 32nd USENIX Security Symposium (Security)","author":"Wang R.","year":"2023","unstructured":"R. Wang, K. Chen, C. Zhang, Z. Pan, Q. Li, S. Qin, S. Xu, M. Zhang, and Y. Li. AlphaEXP: An expert system for identifying Security-Sensitive kernel objects. In Proceedings of the 32nd USENIX Security Symposium (Security), Anaheim, CA, Aug. 2023."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_84_1","DOI":"10.1109\/SP40000.2020.00087"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_85_1","DOI":"10.1145\/3548606.3559344"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_86_1","DOI":"10.1145\/3576915.3623206"},{"key":"e_1_3_2_1_87_1","volume-title":"Proceedings of the 32nd USENIX Security Symposium (Security)","author":"Ye H.","year":"2023","unstructured":"H. Ye, S. Liu, Z. Zhang, and H. Hu. {VIPER}: Spotting {Syscall-Guard} variables for {Data-Only} attacks. In Proceedings of the 32nd USENIX Security Symposium (Security), Anaheim, CA, Aug. 2023."},{"key":"e_1_3_2_1_88_1","volume-title":"Jun Yao. Usma: Share kernel code with me","author":"Yong Liu X. W.","year":"2022","unstructured":"X. W. Yong Liu, Jun Yao. Usma: Share kernel code with me. May 2022."},{"key":"e_1_3_2_1_89_1","volume-title":"Proceedings of the 31st USENIX Security Symposium (Security)","author":"Yoo S.","year":"2022","unstructured":"S. Yoo, J. Park, S. Kim, Y. Kim, and T. Kim. {In-Kernel} {Control-Flow} integrity on commodity {OSes} using {ARM} pointer authentication. In Proceedings of the 31st USENIX Security Symposium (Security), Boston, MA, Aug. 2022."},{"unstructured":"G. P. Zero. Examining pointer authentication on the iphone xs 2019. https:\/\/googleprojectzero.blogspot.com\/2019\/02\/examining-pointer-authentication-on.html.","key":"e_1_3_2_1_90_1"},{"key":"e_1_3_2_1_91_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (Security)","author":"Zhang T.","year":"2019","unstructured":"T. Zhang, W. Shen, D. Lee, C. Jung, A. M. Azab, and R. Wang. Pex: A permission check analysis framework for linux kernel. In Proceedings of the 28th USENIX Security Symposium (Security), Santa Clara, CA, Aug. 2019."}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"CCS '24","name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA"},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690184","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690184","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:55:06Z","timestamp":1755842106000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690184"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":91,"alternative-id":["10.1145\/3658644.3690184","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690184","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}