{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:22:18Z","timestamp":1772040138817,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":113,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T00:00:00Z","timestamp":1743292800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"Cisco Systems","doi-asserted-by":"publisher","award":["Gift"],"award-info":[{"award-number":["Gift"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Intel Corporation","doi-asserted-by":"publisher","award":["Gift"],"award-info":[{"award-number":["Gift"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Sloan Foundation"},{"DOI":"10.13039\/501100006374","name":"Mozilla Foundation","doi-asserted-by":"publisher","award":["Gift"],"award-info":[{"award-number":["Gift"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Google","doi-asserted-by":"publisher","award":["V8 Gift"],"award-info":[{"award-number":["V8 Gift"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2327337, 2327336, 2154964, 2155235, 2048262, and 2146755"],"award-info":[{"award-number":["2327337, 2327336, 2154964, 2155235, 2048262, and 2146755"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,3,30]]},"DOI":"10.1145\/3669940.3707249","type":"proceedings-article","created":{"date-parts":[[2025,2,6]],"date-time":"2025-02-06T12:28:01Z","timestamp":1738844881000},"page":"987-1002","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern Architectures"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0065-6611","authenticated-orcid":false,"given":"Shravan","family":"Narayan","sequence":"first","affiliation":[{"name":"UT Austin, Austin, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4213-4755","authenticated-orcid":false,"given":"Tal","family":"Garfinkel","sequence":"additional","affiliation":[{"name":"UC San Diego, San Diego, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1784-4512","authenticated-orcid":false,"given":"Evan","family":"Johnson","sequence":"additional","affiliation":[{"name":"UC San Diego, San Diego, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4244-1690","authenticated-orcid":false,"given":"Zachary","family":"Yedidia","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-4140-307X","authenticated-orcid":false,"given":"Yingchen","family":"Wang","sequence":"additional","affiliation":[{"name":"UC Berkeley, Berkeley, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6857-019X","authenticated-orcid":false,"given":"Andrew","family":"Brown","sequence":"additional","affiliation":[{"name":"Intel, Hillsboro, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6983-0630","authenticated-orcid":false,"given":"Anjo","family":"Vahldiek-Oberwagner","sequence":"additional","affiliation":[{"name":"Intel Labs, Berlin, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6206-9642","authenticated-orcid":false,"given":"Michael","family":"LeMay","sequence":"additional","affiliation":[{"name":"Intel Labs, Hillsboro, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-9011-2796","authenticated-orcid":false,"given":"Wenyong","family":"Huang","sequence":"additional","affiliation":[{"name":"Intel, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9346-6931","authenticated-orcid":false,"given":"Xin","family":"Wang","sequence":"additional","affiliation":[{"name":"Intel, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-5822-2040","authenticated-orcid":false,"given":"Mingqiu","family":"Sun","sequence":"additional","affiliation":[{"name":"Intel, Hillsboro, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3174-9316","authenticated-orcid":false,"given":"Dean","family":"Tullsen","sequence":"additional","affiliation":[{"name":"UC San Diego, San Diego, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7041-7464","authenticated-orcid":false,"given":"Deian","family":"Stefan","sequence":"additional","affiliation":[{"name":"UC San Diego, San Diego, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,3,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Akamai. Serverless computing with akamai edgeworkers. https:\/\/www.akamai.com\/products\/serverless-computing-edgeworkers. Accessed: 2024-01-01."},{"key":"e_1_3_2_1_2_1","volume-title":"AMD64 Architecture Programmer's Manual Volume 3: General-Purpose and System Instructions. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/processor-tech-docs\/programmer-references\/24594.pdf","author":"AMD.","year":"2024","unstructured":"AMD. AMD64 Architecture Programmer's Manual Volume 3: General-Purpose and System Instructions. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/processor-tech-docs\/programmer-references\/24594.pdf, 2024."},{"key":"e_1_3_2_1_3_1","volume-title":"Memory64 proposal for webassembly. https:\/\/github.com\/WebAssembly\/memory64","author":"Rossberg Andreas","year":"2020","unstructured":"Andreas Rossberg (Ed.). Memory64 proposal for webassembly. https:\/\/github.com\/WebAssembly\/memory64, 2020."},{"key":"e_1_3_2_1_4_1","volume-title":"Bulk memory operations proposal for webassembly. https:\/\/github.com\/WebAssembly\/bulk-memory-operations","author":"Rossberg Andreas","year":"2021","unstructured":"Andreas Rossberg (Ed.). Bulk memory operations proposal for webassembly. https:\/\/github.com\/WebAssembly\/bulk-memory-operations, 2021."},{"key":"e_1_3_2_1_5_1","volume-title":"Multi memory proposal for webassembly. https:\/\/github.com\/WebAssembly\/multi-memory","author":"Rossberg Andreas","year":"2022","unstructured":"Andreas Rossberg (Ed.). Multi memory proposal for webassembly. https:\/\/github.com\/WebAssembly\/multi-memory, 2022."},{"key":"e_1_3_2_1_6_1","volume-title":"Segue pr in WAMR. Anonymized for double-blind reviewing","author":"Anonymous","year":"2023","unstructured":"Anonymous. Segue pr in WAMR. Anonymized for double-blind reviewing, 2023."},{"key":"e_1_3_2_1_7_1","unstructured":"ARM. Armv8.5-a memory tagging extension. https:\/\/developer.arm.com\/-\/media\/Arm%20Developer%20Community\/PDF\/Arm_Memory_Tagging_Extension_Whitepaper.pdf."},{"key":"e_1_3_2_1_8_1","unstructured":"ARM. Permission Overlays. https:\/\/developer.arm.com\/documentation\/102376\/0200\/Permission-indirection-and-permission-overlay-extensions\/Permission-overlays."},{"key":"e_1_3_2_1_9_1","volume-title":"ARM architecture reference manual for A-profile architecture. https:\/\/developer.arm.com\/documentation\/ddi0487\/latest\/","year":"2024","unstructured":"Arm. ARM architecture reference manual for A-profile architecture. https:\/\/developer.arm.com\/documentation\/ddi0487\/latest\/, 2024."},{"key":"e_1_3_2_1_10_1","first-page":"6947","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Bang Inyoung","year":"2023","unstructured":"Inyoung Bang, Martin Kayondo, Hyungon Moon, and Yunheung Paek. {TRust}: A compilation framework for in-process isolation to protect safe rust against untrusted code. In 32nd USENIX Security Symposium (USENIX Security 23), pages 6947--6964, 2023."},{"key":"e_1_3_2_1_11_1","volume-title":"OSDI. USENIX","author":"Belay Adam","year":"2012","unstructured":"Adam Belay, Andrea Bittau, Ali Jos\u00e9 Mashtizadeh, David Terei, David Mazi\u00e8res, and Christos Kozyrakis. Dune: Safe user-level access to privileged CPU features. In OSDI. USENIX, 2012."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179472"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3185768.3185771"},{"key":"e_1_3_2_1_14_1","volume-title":"November","author":"Sandbox","year":"2021","unstructured":"Sandbox libexpat using rlbox. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1688452#c37, November 2021."},{"key":"e_1_3_2_1_15_1","volume-title":"Sightglass: a benchmark suite and tool to compare different implementations of the same primitives. https:\/\/github.com\/bytecodealliance\/sightglass","author":"Alliance Bytecode","year":"2019","unstructured":"Bytecode Alliance. Sightglass: a benchmark suite and tool to compare different implementations of the same primitives. https:\/\/github.com\/bytecodealliance\/sightglass, 2019."},{"key":"e_1_3_2_1_16_1","volume-title":"https:\/\/wasmtime.dev","author":"Alliance Bytecode","year":"2021","unstructured":"Bytecode Alliance. Wasmtime. https:\/\/wasmtime.dev, 2021."},{"key":"e_1_3_2_1_17_1","volume-title":"Wasmtime: wasmtime\/benches\/call.rs. https:\/\/github.com\/bytecodealliance\/wasmtime\/blob\/main\/benches\/call.rs","author":"Alliance ByteCode","year":"2024","unstructured":"ByteCode Alliance. Wasmtime: wasmtime\/benches\/call.rs. https:\/\/github.com\/bytecodealliance\/wasmtime\/blob\/main\/benches\/call.rs, 2024."},{"key":"e_1_3_2_1_18_1","unstructured":"Varnish HTTP Cache. Varnish modules. https:\/\/developer.fastly.com\/solutions\/examples\/. Accessed: 2024-01-01."},{"key":"e_1_3_2_1_19_1","first-page":"1409","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Connor R Joseph","year":"2020","unstructured":"R Joseph Connor, Tyler McDaniel, JaredMSmith, and Max Schuchard. {PKU} pitfalls: Attacks on {PKU-based} memory isolation systems. In 29th USENIX Security Symposium (USENIX Security 20), pages 1409--1426, 2020."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488716"},{"key":"e_1_3_2_1_21_1","volume-title":"Programming the 80386","author":"Crawford John H.","year":"1987","unstructured":"John H. Crawford and Patrick P. Gelsinger. Programming the 80386. Sybex Books, 1987."},{"key":"e_1_3_2_1_22_1","volume-title":"June","author":"Crichton Alex","year":"2022","unstructured":"Alex Crichton. Cve-2022-31104: Miscompilation of i8x16.swizzle and select with v128 inputs. https:\/\/www.cve.org\/CVERecord?id=CVE-2022-31104, June 2022."},{"key":"e_1_3_2_1_23_1","volume-title":"June","author":"Crichton Alex","year":"2023","unstructured":"Alex Crichton. Cve-2023-26489: Guest-controlled out-of-bounds read\/write on x86_64. https:\/\/www.cve.org\/CVERecord?id=CVE-2023-26489, June 2023."},{"key":"e_1_3_2_1_24_1","volume-title":"Memory64: bounds-checking strategies. https:\/\/github.com\/WebAssembly\/memory64\/issues\/3#issuecomment-700841972","author":"Discussions WebAssembly","year":"2020","unstructured":"WebAssembly Memory64 Discussions. Memory64: bounds-checking strategies. https:\/\/github.com\/WebAssembly\/memory64\/issues\/3#issuecomment-700841972, 2020."},{"key":"e_1_3_2_1_25_1","volume-title":"How Shopify uses WebAssembly outside of the browser. https:\/\/shopify.engineering\/shopify-webassembly","author":"Uszkay Duncan","year":"2020","unstructured":"Duncan Uszkay. How Shopify uses WebAssembly outside of the browser. https:\/\/shopify.engineering\/shopify-webassembly, 2020."},{"key":"e_1_3_2_1_26_1","unstructured":"Dylan Schiemann. Zoom onweb:WebAssembly SIMD WebTransport and WebCodecs. https:\/\/www.infoq.com\/news\/2020\/08\/zoom-web-chrome-apis\/."},{"key":"e_1_3_2_1_27_1","unstructured":"Engineers at large (anonymized for submission) FaaS\/CDN provider. private\/direct communication."},{"key":"e_1_3_2_1_28_1","unstructured":"Engineers at Mozilla Firefox. private\/direct communication."},{"key":"e_1_3_2_1_29_1","volume-title":"Web Assembly cut Figma's load time by 3x. https:\/\/www.figma.com\/blog\/webassembly-cut-figmas-load-time-by-3x\/","author":"Wallace Evan","year":"2017","unstructured":"Evan Wallace. Web Assembly cut Figma's load time by 3x. https:\/\/www.figma.com\/blog\/webassembly-cut-figmas-load-time-by-3x\/, 2017."},{"key":"e_1_3_2_1_30_1","volume-title":"May","author":"Fallin Chris","year":"2021","unstructured":"Chris Fallin. Cve-2021-32629: Memory access due to code generation flaw in cranelift module. https:\/\/www.cve.org\/CVERecord?id=CVE-2021-32629, May 2021."},{"key":"e_1_3_2_1_31_1","volume-title":"September","author":"Fallin Chris","year":"2022","unstructured":"Chris Fallin. Wasmtime 1.0: A look at performance. https:\/\/bytecodealliance.org\/articles\/wasmtime-10-performance, September 2022."},{"key":"e_1_3_2_1_32_1","unstructured":"Fastly. Fastly: Code examples. https:\/\/developer.fastly.com\/solutions\/examples\/. Accessed: 2024-01-01."},{"key":"e_1_3_2_1_33_1","volume-title":"The lifecycle and performance of a lucet instance. https:\/\/www.fastly.com\/blog\/lucet-performance-and-lifecycle","author":"Foltzer Adam","year":"2019","unstructured":"Adam Foltzer. The lifecycle and performance of a lucet instance. https:\/\/www.fastly.com\/blog\/lucet-performance-and-lifecycle, 2019. Accessed: 2022-08-10."},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of USENIX ATC 2008","author":"Ford Bryan","year":"2008","unstructured":"Bryan Ford and Russ Cox. Vx32: Lightweight user-level sandboxing on the x86. In Proceedings of USENIX ATC 2008. USENIX, 2008."},{"key":"e_1_3_2_1_35_1","volume-title":"Securing Firefox with WebAssembly. https:\/\/hacks.mozilla.org\/2020\/02\/securing-firefox-with-webassembly\/","author":"Froyd Nathan","year":"2020","unstructured":"Nathan Froyd. Securing Firefox with WebAssembly. https:\/\/hacks.mozilla.org\/2020\/02\/securing-firefox-with-webassembly\/, 2020."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3423211.3425680"},{"key":"e_1_3_2_1_37_1","unstructured":"Gcc. Named address spaces. https:\/\/gcc.gnu.org\/onlinedocs\/gcc-9.1.0\/gcc\/Named-Address-Spaces.html."},{"key":"e_1_3_2_1_38_1","volume-title":"LibVM: an architecture for shared library sandboxing. Software: Practice and Experience, 45(12)","author":"Goonasekera Nuwan","year":"2015","unstructured":"Nuwan Goonasekera, William Caelli, and Colin Fidge. LibVM: an architecture for shared library sandboxing. Software: Practice and Experience, 45(12), 2015."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00263"},{"key":"e_1_3_2_1_40_1","volume-title":"November","author":"Gouly Joey","year":"2023","unstructured":"Joey Gouly. [PATCH] Permission Overlay Extension . https:\/\/patchwork.kernel.org\/project\/linux-fsdevel\/cover\/20231124163510.1835740-1-joey.gouly@arm.com\/, November 2023."},{"key":"e_1_3_2_1_41_1","volume-title":"http:\/\/scripts.sil.org\/RenderingGraphite","author":"Graphite","year":"2012","unstructured":"Graphite - A free and open rendering engine for complex scripts. http:\/\/scripts.sil.org\/RenderingGraphite, 2012."},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (ATC)","author":"Gu Jinyu","year":"2022","unstructured":"Jinyu Gu, Hao Li,Wentai Li, Yubin Xia, and Haibo Chen. Epk: Scalable and efficient memory protection keys. In Proceedings of the USENIX Annual Technical Conference (ATC), 2022."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062363"},{"key":"e_1_3_2_1_44_1","volume-title":"Mark the jump_table_entry instruction as loading. https:\/\/github.com\/bytecodealliance\/cranelift\/pull\/805","author":"Hansen L.","year":"2019","unstructured":"L. Hansen. Mark the jump_table_entry instruction as loading. https:\/\/github.com\/bytecodealliance\/cranelift\/pull\/805, 2019."},{"key":"e_1_3_2_1_45_1","volume-title":"2019 USENIX Annual Technical Conference, USENIX ATC 2019","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L Scott, Kai Shen, and Mike Marty. Hodor: Intraprocess isolation for high-throughput data plane libraries. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10--12, 2019. USENIX Association, 2019."},{"key":"e_1_3_2_1_46_1","volume-title":"November","author":"Holley Bobby","year":"2021","unstructured":"Bobby Holley. WebAssembly and back again: Fine-grained sandboxing in Firefox 95. https:\/\/hacks.mozilla.org\/2021\/12\/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95\/, November 2021."},{"key":"e_1_3_2_1_47_1","volume-title":"May","year":"2017","unstructured":"Intel. 5-level paging and 5-level ept white paper. https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/671442\/5-level-paging-and-5-level-ept-white-paper.html, May 2017."},{"key":"e_1_3_2_1_48_1","volume-title":"WebAssembly Micro Runtime. https:\/\/github.com\/bytecodealliance\/wasm-micro-runtime","year":"2020","unstructured":"Intel. WebAssembly Micro Runtime. https:\/\/github.com\/bytecodealliance\/wasm-micro-runtime, 2020."},{"key":"e_1_3_2_1_49_1","volume-title":"November","year":"2023","unstructured":"Intel. Envisioning a simplified intel architecture. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/envisioning-future-simplified-architecture.html, November 2023."},{"key":"e_1_3_2_1_50_1","volume-title":"https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html","author":"Intel\u00ae","year":"2023","unstructured":"Intel\u00ae 64 and IA-32 architectures software developer's manual. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html, 2023."},{"key":"e_1_3_2_1_51_1","volume-title":"https:\/\/github.com\/bytecodealliance\/wasm-micro-runtime\/releases\/tag\/WAMR-1.2.3","author":"Wamr","year":"2023","unstructured":"Intel.Wamr release 1.2.3. https:\/\/github.com\/bytecodealliance\/wasm-micro-runtime\/releases\/tag\/WAMR-1.2.3, 2023."},{"key":"e_1_3_2_1_52_1","volume-title":"WAMR vectorization optimizations. https:\/\/github.com\/bytecodealliance\/wasm-micro-runtime\/blob\/b3f728ceb36f9c72047a934436ef41699643ab99\/core\/iwasm\/compilation\/aot_llvm_extra.cpp# L330","year":"2024","unstructured":"Intel. WAMR vectorization optimizations. https:\/\/github.com\/bytecodealliance\/wasm-micro-runtime\/blob\/b3f728ceb36f9c72047a934436ef41699643ab99\/core\/iwasm\/compilation\/aot_llvm_extra.cpp# L330, 2024."},{"key":"e_1_3_2_1_53_1","volume-title":"October","year":"2024","unstructured":"formatted by felix coultier Intel. x86 and amd64 instruction reference. https:\/\/www.felixcloutier.com\/x86\/wrpkru, October 2024."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485376"},{"key":"e_1_3_2_1_55_1","volume-title":"ATC. USENIX","author":"Jangda Abhinav","year":"2019","unstructured":"Abhinav Jangda, Bobby Powers, Emery D. Berger, and Arjun Guha. Not so fast: Analyzing the performance of WebAssembly vs. native code. In ATC. USENIX, 2019."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3582016.3582066"},{"key":"e_1_3_2_1_57_1","volume-title":"WebAssembly on Cloudflare Workers. https:\/\/blog.cloudflare.com\/webassembly-on-cloudflare-workers\/","author":"Varda Kenton","year":"2018","unstructured":"Kenton Varda. WebAssembly on Cloudflare Workers. https:\/\/blog.cloudflare.com\/webassembly-on-cloudflare-workers\/, 2018."},{"key":"e_1_3_2_1_58_1","volume-title":"June","year":"2024","unstructured":"kernel.org. The linux kernel documentation. https:\/\/www.kernel.org\/doc\/html\/next\/x86\/x86_64\/fsgs.html, June 2024."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519582"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3498688"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/775265.775268"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243748"},{"key":"e_1_3_2_1_64_1","volume-title":"Proceedings of the ACM on Programming Languages, 7(PLDI):1533--1557","author":"Lehmann Nico","year":"2023","unstructured":"Nico Lehmann, Adam T Geller, Niki Vazou, and Ranjit Jhala. Flux: Liquid types for rust. Proceedings of the ACM on Programming Languages, 7(PLDI):1533--1557, 2023."},{"key":"e_1_3_2_1_65_1","unstructured":"Expat XML parser. https:\/\/libexpat.github.io\/."},{"key":"e_1_3_2_1_66_1","unstructured":"Louis-No\u00ebl Pouchet. Polybench\/c: the polyhedral benchmark suite. https:\/\/web.archive.org\/web\/20231102034252\/http:\/\/web.cse.ohio-state.edu\/~pouchet.2\/software\/polybench\/."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132763"},{"key":"e_1_3_2_1_68_1","volume-title":"June","author":"Marinas Catalin","year":"2023","unstructured":"Catalin Marinas. Linux 6.5 ARM updates. https:\/\/lore.kernel.org\/lkml\/20230626174435.1791242-1-catalin.marinas@arm.com\/, June 2023."},{"key":"e_1_3_2_1_69_1","volume-title":"verifiable binary sandboxing for a CISC architecture. CSAIL Tech report","author":"McCamant Stephen","year":"2005","unstructured":"Stephen McCamant and Greg Morrisett. Efficient, verifiable binary sandboxing for a CISC architecture. CSAIL Tech report, 2005."},{"key":"e_1_3_2_1_70_1","volume-title":"Security. USENIX","author":"McCamant Stephen","year":"2006","unstructured":"Stephen McCamant and Greg Morrisett. Evaluating SFI for a CISC architecture. In Security. USENIX, 2006."},{"key":"e_1_3_2_1_71_1","volume-title":"Lucet: A compiler and runtime for high-concurrency low-latency sandboxing","author":"McMullen Tyler","year":"2020","unstructured":"Tyler McMullen. Lucet: A compiler and runtime for high-concurrency low-latency sandboxing. In PriSC, 2020."},{"key":"e_1_3_2_1_72_1","volume-title":"SEC. USENIX","author":"Narayan Shravan","year":"2020","unstructured":"Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. Retrofitting fine grain isolation in the Firefox renderer. In SEC. USENIX, 2020."},{"key":"e_1_3_2_1_73_1","first-page":"1433","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Narayan Shravan","year":"2021","unstructured":"Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, and Deian Stefan. Swivel: Hardening {WebAssembly} against spectre. In 30th USENIX Security Symposium (USENIX Security 21), pages 1433--1450, 2021."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3582016.3582023"},{"key":"e_1_3_2_1_75_1","unstructured":"Robert M. Norton. Hardware support for compartmentalisation. Technical Report UCAM-CL-TR-887 University of Cambridge Computer Laboratory May 2016."},{"key":"e_1_3_2_1_76_1","first-page":"241","volume-title":"Proceedings of the USENIX Annual Technical Conference (ATC)","author":"Park Soyeon","year":"2019","unstructured":"Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim. libmpk: Software abstraction for intel memory protection keys (intel mpk). In Proceedings of the USENIX Annual Technical Conference (ATC), pages 241--254, 2019."},{"key":"e_1_3_2_1_77_1","volume-title":"Announcing Lucet: Fastly's native WebAssembly compiler and runtime. https:\/\/www.fastly.com\/blog\/announcing-lucet-fastly-native-webassembly-compiler-runtime","author":"Hickey Pat","year":"2019","unstructured":"Pat Hickey. Announcing Lucet: Fastly's native WebAssembly compiler and runtime. https:\/\/www.fastly.com\/blog\/announcing-lucet-fastly-native-webassembly-compiler-runtime, 2019."},{"key":"e_1_3_2_1_78_1","volume-title":"HowFastly and the developer community are investing in the WebAssembly ecosystem. https:\/\/www.fastly.com\/blog\/how-fastly-and-developer-community-invest-in-webassembly-ecosystem","author":"Hickey Pat","year":"2020","unstructured":"Pat Hickey. HowFastly and the developer community are investing in the WebAssembly ecosystem. https:\/\/www.fastly.com\/blog\/how-fastly-and-developer-community-invest-in-webassembly-ecosystem, 2020."},{"key":"e_1_3_2_1_79_1","volume-title":"Istio and EnvoyWebAssembly extensibility, one year on. https:\/\/istio.io\/latest\/blog\/2021\/wasm-progress\/","author":"Bian Pengyuan","year":"2021","unstructured":"Pengyuan Bian. Istio and EnvoyWebAssembly extensibility, one year on. https:\/\/istio.io\/latest\/blog\/2021\/wasm-progress\/, 2021."},{"key":"e_1_3_2_1_80_1","volume-title":"March","author":"V.","year":"2022","unstructured":"RISC-V. Risc-v gets sv57-based virtual memory. https:\/\/riscv.org\/news\/2022\/03\/risc-v-gets-sv57-based-virtual-memory-other-improvements-for-linux-5-18-michael-larabel-phoronix\/, March 2022."},{"key":"e_1_3_2_1_81_1","volume-title":"Callee-saved XMM (FP) registers are not actually saved. https:\/\/github.com\/bytecodealliance\/wasmtime\/issues\/1177","author":"Rydgard Henrik","year":"2020","unstructured":"Henrik Rydgard. Windows (Fastcall) calling convention: Callee-saved XMM (FP) registers are not actually saved. https:\/\/github.com\/bytecodealliance\/wasmtime\/issues\/1177, 2020."},{"key":"e_1_3_2_1_82_1","first-page":"936","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Schrammel David","year":"2022","unstructured":"David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard. Jenny: Securing syscalls for {PKU-based} memory isolation systems. In 31st USENIX Security Symposium (USENIX Security 22), pages 936--952, 2022."},{"key":"e_1_3_2_1_83_1","first-page":"1677","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Schrammel David","year":"2020","unstructured":"David Schrammel, SamuelWeiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. Donky: Domain keys -- efficient in-process isolation for risc-v and x86. In 29th USENIX Security Symposium (USENIX Security 20), pages 1677--1694. USENIX Association, August 2020."},{"key":"e_1_3_2_1_84_1","volume-title":"Sandboxing libraries in Chrome using SFI: zlib proofof-concept. https:\/\/docs.google.com\/presentation\/d\/1RD3bxsBfTZOIfrlq7HzGMsygPHgb61A1eTdelIYOurs\/","author":"Seaborn Mark","year":"2013","unstructured":"Mark Seaborn. Sandboxing libraries in Chrome using SFI: zlib proofof-concept. https:\/\/docs.google.com\/presentation\/d\/1RD3bxsBfTZOIfrlq7HzGMsygPHgb61A1eTdelIYOurs\/, 2013."},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/3600006.3613156"},{"key":"e_1_3_2_1_86_1","volume-title":"Security. USENIX","author":"Sehr David","year":"2010","unstructured":"David Sehr, Robert Muth, Cliff Biffle, Victor Khimenko, Egor Pasko, Karl Schimpf, Bennet Yee, and Brad Chen. Adapting software fault isolation to contemporary CPU architectures. In Security. USENIX, 2010."},{"key":"e_1_3_2_1_87_1","volume-title":"May","author":"Sene Rafael","year":"2024","unstructured":"Rafael Sene. Risc-v memory tagging task group. https:\/\/github.com\/riscv-admin\/riscv-memory-tagging, May 2024."},{"key":"e_1_3_2_1_88_1","first-page":"205","volume-title":"Serverless in the wild: Characterizing and optimizing the serverless workload at a large cloud provider. In 2020 USENIX annual technical conference (USENIX ATC","author":"Shahrad Mohammad","year":"2020","unstructured":"Mohammad Shahrad, Rodrigo Fonseca, Inigo Goiri, Gohar Chaudhry, Paul Batum, Jason Cooke, Eduardo Laureano, Colby Tresness, Mark Russinovich, and Ricardo Bianchini. Serverless in the wild: Characterizing and optimizing the serverless workload at a large cloud provider. In 2020 USENIX annual technical conference (USENIX ATC , pages 205--218, 2020."},{"key":"e_1_3_2_1_89_1","volume-title":"Pointer compression in V8. https:\/\/v8.dev\/blog\/pointer-compression","author":"Sheludko Igor","year":"2020","unstructured":"Igor Sheludko and Santiago Aboy Solanes. Pointer compression in V8. https:\/\/v8.dev\/blog\/pointer-compression, 2020."},{"key":"e_1_3_2_1_90_1","volume-title":"ATC. USENIX","author":"Shillaker Simon","year":"2020","unstructured":"Simon Shillaker and Peter Pietzuch. FAASM: Lightweight isolation for efficient stateful serverless computing. In ATC. USENIX, 2020."},{"key":"e_1_3_2_1_91_1","unstructured":"SingleStore. Docs: Code engine - powered by wasm. https:\/\/docs.singlestore.com\/cloud\/reference\/code-engine-powered-by-wasm\/."},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1145\/3579371.3589068"},{"key":"e_1_3_2_1_93_1","volume-title":"Principles and implementation techniques of softwarebased fault isolation. Foundations and Trends in Privacy and Security, 1(3)","author":"Tan Gang","year":"2017","unstructured":"Gang Tan. Principles and implementation techniques of softwarebased fault isolation. Foundations and Trends in Privacy and Security, 1(3), 2017."},{"key":"e_1_3_2_1_94_1","volume-title":"wasm2c. https:\/\/github.com\/WebAssembly\/wabt\/tree\/master\/wasm2c","author":"WebAssembly Binary Toolkit The","year":"2018","unstructured":"The WebAssembly Binary Toolkit. wasm2c. https:\/\/github.com\/WebAssembly\/wabt\/tree\/master\/wasm2c, 2018."},{"key":"e_1_3_2_1_95_1","volume-title":"WebAssembly brings Google Earth to more browsers. https:\/\/blog.chromium.org\/2019\/06\/webassembly-brings-google-earth-to-more.html","author":"Nattestad Thomas","year":"2019","unstructured":"Thomas Nattestad. WebAssembly brings Google Earth to more browsers. https:\/\/blog.chromium.org\/2019\/06\/webassembly-brings-google-earth-to-more.html, 2019."},{"key":"e_1_3_2_1_96_1","volume-title":"Photoshop's journey to the web. https:\/\/web.dev\/ps-on-the-web\/","author":"Al-Shamma Thomas Nabeel","year":"2022","unstructured":"Nabeel Al-Shamma Thomas Nattestad. Photoshop's journey to the web. https:\/\/web.dev\/ps-on-the-web\/, 2022."},{"key":"e_1_3_2_1_97_1","unstructured":"Tokio. An asynchronous rust runtime. https:\/\/tokio.rs\/. Accessed: 2024-01-01."},{"key":"e_1_3_2_1_98_1","volume-title":"Security. USENIX","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. ERIM: Secure, efficient in-process isolation with protection keys (MPK). In Security. USENIX, 2019."},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519560"},{"key":"e_1_3_2_1_100_1","unstructured":"Luke Wagner. Component model design and specification. https:\/\/github.com\/WebAssembly\/component-model."},{"key":"e_1_3_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_3_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00087"},{"key":"e_1_3_2_1_103_1","unstructured":"WebAssembly system interface. https:\/\/wasi.dev. Accessed: 2024-01-01."},{"key":"e_1_3_2_1_104_1","volume-title":"February","year":"2024","unstructured":"Wasmtime. Security advisories. https:\/\/github.com\/bytecodealliance\/wasmtime\/security\/advisories, February 2024."},{"key":"e_1_3_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.9"},{"key":"e_1_3_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1145\/358274.358283"},{"key":"e_1_3_2_1_107_1","volume-title":"August","author":"Winkel Sebastian","year":"2023","unstructured":"Sebastian Winkel and Jason Agron. Introducing intel advanced performance extensions (intel apx). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/advanced-performance-extensions-apx.html, August 2023."},{"key":"e_1_3_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559344"},{"key":"e_1_3_2_1_109_1","doi-asserted-by":"publisher","DOI":"10.1145\/3620665.3640408"},{"key":"e_1_3_2_1_110_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"key":"e_1_3_2_1_111_1","volume-title":"Simple, easy, and fast vm-less sandboxing. https:\/\/kripken.github.io\/blog\/wasm\/2020\/07\/27\/wasmboxc.html","author":"Zakai Alon","year":"2020","unstructured":"Alon Zakai. Wasmboxc: Simple, easy, and fast vm-less sandboxing. https:\/\/kripken.github.io\/blog\/wasm\/2020\/07\/27\/wasmboxc.html, 2020."},{"key":"e_1_3_2_1_112_1","volume-title":"CCS","author":"Zeng Bin","year":"2011","unstructured":"Bin Zeng, Gang Tan, and Greg Morrisett. Combining control-flow integrity and static analysis for efficient and validated data sandboxing. In CCS, 2011."},{"key":"e_1_3_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660344"}],"event":{"name":"ASPLOS '25: 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems","location":"Rotterdam Netherlands","acronym":"ASPLOS '25","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems","SIGARCH ACM Special Interest Group on Computer Architecture"]},"container-title":["Proceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 1"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3669940.3707249","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3669940.3707249","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T14:51:20Z","timestamp":1755787880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3669940.3707249"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,30]]},"references-count":113,"alternative-id":["10.1145\/3669940.3707249","10.1145\/3669940"],"URL":"https:\/\/doi.org\/10.1145\/3669940.3707249","relation":{},"subject":[],"published":{"date-parts":[[2025,3,30]]},"assertion":[{"value":"2025-03-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}