{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T04:11:25Z","timestamp":1751602285671,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":70,"publisher":"ACM","funder":[{"name":"Singapore Ministry of Education","award":["MOE-T2EP20124-0007"],"award-info":[{"award-number":["MOE-T2EP20124-0007"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,7,8]]},"DOI":"10.1145\/3734436.3734449","type":"proceedings-article","created":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T17:32:44Z","timestamp":1751563964000},"page":"33-44","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Caplification: Bridging Capability-Aware and Capability-Oblivious Software"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6013-157X","authenticated-orcid":false,"given":"Jason Zhijingcheng","family":"Yu","sequence":"first","affiliation":[{"name":"National University of Singapore, National University of Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3191-0890","authenticated-orcid":false,"given":"Mingkai","family":"Li","sequence":"additional","affiliation":[{"name":"Columbia University, New York, New York, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8555-4152","authenticated-orcid":false,"given":"Aditya","family":"Badole","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8742-134X","authenticated-orcid":false,"given":"Trevor E.","family":"Carlson","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7926-648X","authenticated-orcid":false,"given":"Michael","family":"Swift","sequence":"additional","affiliation":[{"name":"University of Wisconsin-Madison, Madison, Wisconsin, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1875-8675","authenticated-orcid":false,"given":"Prateek","family":"Saxena","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,7,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.] AMD64 Architecture Programmer's Manual Volumes 1-5 40332 24592 24593 24594 26568 26569. ()."},{"key":"e_1_3_2_1_2_1","unstructured":"2023. Arm Architecture Reference Manual for A-profile architecture. (2023)."},{"key":"e_1_3_2_1_3_1","unstructured":"[n.d.] Arm CCA Security Model. ()."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629579"},{"key":"e_1_3_2_1_5_1","volume-title":"2005 USENIX Annual Technical Conference (USENIX ATC 05)","author":"Bellard Fabrice","year":"2005","unstructured":"Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator. In 2005 USENIX Annual Technical Conference (USENIX ATC 05). USENIX Association, Anaheim, CA, (Apr. 2005)."},{"key":"e_1_3_2_1_6_1","unstructured":"Borna Blazevic Michael Peter Mohammad Hamad and Sebastian Steinhorst. [n.d.] TEEVseL4: Trusted Execution Environment for Virtualized seL4-based Systems."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/195473.195579"},{"key":"e_1_3_2_1_8_1","volume-title":"Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX. (Oct","author":"Chen Yuan","year":"2020","unstructured":"Yuan Chen, Jiaqi Li, Guorui Xu, Yajin Zhou, Zhi Wang, Cong Wang, and Kui Ren. 2020. Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX. (Oct. 2020). Retrieved July 1, 2023 from arXiv: 2010.12400 [cs]."},{"key":"e_1_3_2_1_9_1","unstructured":"Tyler Close. 2009. ACLs don't. Pre-published."},{"key":"e_1_3_2_1_10_1","unstructured":"Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. IACR Cryptol. ePrint Arch. 86."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484821"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.3390\/electronics11244201"},{"key":"e_1_3_2_1_13_1","volume-title":"13th USENIX Security Symposium (USENIX Security 04)","author":"Dean Drew","year":"2004","unstructured":"Drew Dean and Alan J. Hu. 2004. Fixing races for fun and profit: How to use access(2). In 13th USENIX Security Symposium (USENIX Security 04). USENIX Association, San Diego, CA, (Aug. 2004)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/365230.365252"},{"key":"e_1_3_2_1_15_1","unstructured":"Joe Devietti Colin Blundell Milo M K Martin and Steve Zdancewic. [n. d.] HardBound: Architectural Support for Spatial Safety of the C Programming Language."},{"key":"e_1_3_2_1_16_1","unstructured":"Lawrence G Esswood. [n. d.] CheriOS: designing an untrusted single-addressspace capability operating system utilising capability hardware and a minimal hypervisor."},{"key":"e_1_3_2_1_17_1","unstructured":"Marco Fillo Stephen W Keckler William J Dally Nicholas P Carter Andrew Chang Yevgeny Gurevich and Whay S Lee. [n. d.] The M Machine Multicomputer."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3434287"},{"key":"e_1_3_2_1_19_1","first-page":"489 03","volume-title":"Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In 2019 USENIX Annual Technical Conference (USENIX ATC 19)","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L. Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, (July 2019), 489-504. isbn: 978-1-939133-03-8."},{"key":"e_1_3_2_1_20_1","volume-title":"The seL4 Microkernel - An Introduction, (June","author":"Heiser Gernot","year":"2020","unstructured":"Gernot Heiser. 2020. The seL4 Microkernel - An Introduction, (June 2020)."},{"key":"e_1_3_2_1_21_1","first-page":"341","volume-title":"Proceedings of the 8th Annual Symposium on Computer Architecture (ISCA '81)","author":"Houdek Merle E.","unstructured":"Merle E. Houdek, Frank G. Soltis, and Roy L. Hoffman. 1981. IBM system\/38 support for capability-based addressing. In Proceedings of the 8th Annual Symposium on Computer Architecture (ISCA '81). IEEE Computer Society Press, Washington, DC, USA, 341-348."},{"key":"e_1_3_2_1_22_1","first-page":"255 01","volume-title":"2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Hua Zhichao","year":"2018","unstructured":"Zhichao Hua, Dong Du, Yubin Xia, Haibo Chen, and Binyu Zang. 2018. EPTI: Efficient defence against meltdown attack for unpatched VMs. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, (July 2018), 255-266. isbn: ISBN 978-1-939133-01-4."},{"key":"e_1_3_2_1_23_1","volume-title":"Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4.","year":"2023","unstructured":"2023. Intel\u00ae 64 and IA-32 Architectures Software Developer's Manual, Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4. (2023)."},{"key":"e_1_3_2_1_24_1","unstructured":"1981. Introduction to the iAPX 432 Architecture."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3516807.3516823"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","unstructured":"Yonghae Kim Anurag Kar Jaewon Lee Jaekyu Lee and Hyesoon Kim. 2023. RV-CURE: A RISC-V Capability Architecture for Full Memory Safety. doi:10.48550\/ARXIV.2308.02945.","DOI":"10.48550\/ARXIV.2308.02945"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387532"},{"key":"e_1_3_2_1_28_1","volume-title":"Capability-Based Computer Systems","author":"Levy Henry M.","unstructured":"Henry M. Levy. 1984. Capability-Based Computer Systems. Digital Press, Bedford, Mass. isbn: 978-0-932376-22-0."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"e_1_3_2_1_30_1","volume-title":"CVA6's Data cache: Structure and Behavior. (July","author":"Martinoli Valentin","year":"2022","unstructured":"Valentin Martinoli, Yannick Teglia, Abdellah Bouagoun, and R\u00e9gis Leveugle. 2022. CVA6's Data cache: Structure and Behavior. (July 2022). Retrieved Apr. 4, 2024 from arXiv: 2202.03749 [cs]."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3302424.3303946"},{"key":"e_1_3_2_1_32_1","unstructured":"Mark S Miller Ka-Ping Yee and Jonathan Shapiro. [n.d.] Capability Myths Demolished."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2023.3251385"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3381052.3381328"},{"key":"e_1_3_2_1_35_1","first-page":"269 03","volume-title":"LXDs: Towards Isolation of Kernel Subsystems. In 2019 USENIX Annual Technical Conference (USENIX ATC 19)","author":"Vikram","year":"2019","unstructured":"Vikram Narayanan et al. 2019. LXDs: Towards Isolation of Kernel Subsystems. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, (July 2019), 269-284. isbn: 978-1-939133-03-8."},{"key":"e_1_3_2_1_36_1","volume-title":"Hardware Support for Compartmentalisation. Tech. rep. (May","year":"2016","unstructured":"RobertMNorton. 2016. Hardware Support for Compartmentalisation. Tech. rep. (May 2016)."},{"key":"e_1_3_2_1_37_1","volume-title":"Retrieved","year":"2024","unstructured":"[n.d.] Null block device driver. Retrieved Jan. 24, 2024 from https:\/\/docs.kernel.org\/block\/null_blk.html ()."},{"key":"e_1_3_2_1_38_1","unstructured":"Wing-Chi Poon and Aloysius K Mok. [n.d.] Bounding the Running Time of Interrupt and Exception Forwarding in Recursive Virtualization for the x86 Architecture."},{"key":"e_1_3_2_1_39_1","volume-title":"Retrieved","author":"Feb Caplifive-Buildroot","year":"2025","unstructured":"[SW], Project-Starch\/Caplifive-Buildroot Feb. 6, 2025. Project STARCH. Retrieved May 10, 2025 from. url: https:\/\/github.com\/project-starch\/caplifive-buildroot"},{"key":"e_1_3_2_1_40_1","volume-title":"url: https:\/\/github.com\/project-starch\/caplifive-qemuRetrieved","author":"Jan Caplifive-Qemu","year":"2025","unstructured":"[SW], Project-Starch\/Caplifive-Qemu Jan. 21, 2025. Project STARCH. url: https:\/\/github.com\/project-starch\/caplifive-qemuRetrieved May 10, 2025 from."},{"key":"e_1_3_2_1_41_1","volume-title":"Secure Linking in the CheriBSD Operating System. (Jan","author":"Richardson Alexander","year":"2019","unstructured":"Alexander Richardson. 2019. Secure Linking in the CheriBSD Operating System. (Jan. 2019)."},{"key":"e_1_3_2_1_42_1","unstructured":"2023. RISC-V Supervisor Binary Interface Specification."},{"key":"e_1_3_2_1_43_1","unstructured":"2024. Riscv-software-src\/opensbi. RISC-V Software. (Apr. 2024). Retrieved Apr. 30 2024 from."},{"key":"e_1_3_2_1_44_1","unstructured":"Vasily A Sartakov Llu\u00eds Vilanova David Eyers Takahiro Shinagawa and Peter Pietzuch. [n.d.] CAP-VMs: Capability-Based Isolation and Sharing in the Cloud."},{"key":"e_1_3_2_1_45_1","first-page":"573 34","volume-title":"17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23)","author":"Sartakov Vasily A.","year":"2023","unstructured":"Vasily A. Sartakov, Llu\u00eds Vilanova, Munir Geden, David Eyers, Takahiro Shinagawa, and Peter Pietzuch. 2023. ORC: Increasing Cloud Memory Density via Object Reuse with Capabilities. In 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23). USENIX Association, Boston, MA, (July 2023), 573-587. isbn: 978-1-939133-34-2."},{"key":"e_1_3_2_1_46_1","volume-title":"Retrieved","author":"Schl\u00fcter Benedict","year":"2024","unstructured":"Benedict Schl\u00fcter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde. 2024. WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP. (Apr. 2024). Retrieved Apr. 30, 2024 from arXiv: 2404.03526 [cs]."},{"key":"e_1_3_2_1_47_1","volume-title":"Retrieved","author":"Schl\u00fcter Benedict","year":"2024","unstructured":"Benedict Schl\u00fcter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, and Shweta Shinde. 2024. Heckler: Breaking Confidential VMs with Malicious Interrupts. (Apr. 2024). Retrieved Apr. 30, 2024 from arXiv: 2404.03387 [cs]."},{"key":"e_1_3_2_1_48_1","first-page":"936 31","volume-title":"Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Schrammel David","year":"2022","unstructured":"David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard. 2022. Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, (Aug. 2022), 936-952. isbn: 978-1-939133-31-1."},{"key":"e_1_3_2_1_49_1","first-page":"1677 17","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Schrammel David","year":"2020","unstructured":"David Schrammel, SamuelWeiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, (Aug. 2020), 1677-1694. isbn: 978-1-939133-17-5."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290332"},{"key":"e_1_3_2_1_51_1","unstructured":"[SW] Wilson Snyder Paul Wasson Duane Galbi and et al Verilator. url: https:\/\/github.com\/verilator\/verilator."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3381052.3381326"},{"key":"e_1_3_2_1_53_1","unstructured":"[n.d.] The Capstone-RISC-V Instruction Set Reference. Retrieved May 10 2025 from https:\/\/capstone.kisp-lab.org\/specs-caplifive\/."},{"key":"e_1_3_2_1_54_1","volume-title":"https:\/\/capstone.kisplab.org\/specs\/. (). Retrieved","author":"Instruction Set Reference The","year":"2024","unstructured":"[n.d.] The Capstone-RISC-V Instruction Set Reference. https:\/\/capstone.kisplab.org\/specs\/. (). Retrieved Jan. 22, 2024 from."},{"key":"e_1_3_2_1_55_1","volume-title":"28th USENIX Security Symposium, USENIX Security 2019","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019. Nadia Heninger and Patrick Traynor, (Eds.) USENIX Association, 1221-1238."},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the 8th IEEE European Symposium on Security and Privacy.","author":"Strydonck Thomas Van","year":"2023","unstructured":"Thomas Van Strydonck, Job Noorman, Jennifer Jackson, Leonardo Alves Dias, Robin Vanderstraeten, David Oswald, Frank Piessens, and Dominique Devriese. 2023. CHERI-TrEE: Flexible enclaves on capability machines. In Proceedings of the 8th IEEE European Symposium on Security and Privacy."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2678373.2665741"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064197"},{"key":"e_1_3_2_1_59_1","unstructured":"Andrew Waterman Krste Asanovic and CS Division. [n.d.] The RISC-V Instruction Set Manual (Volume I: Unprivileged ISA). ()."},{"key":"e_1_3_2_1_60_1","unstructured":"Andrew Waterman Krste Asanovic John Hauser and CS Division. [n.d.] The RISC-V Instruction Set Manual (Volume II: Privileged Architecture). ()."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.48456\/TR-987"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.9"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/605397.605429"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/355616.364017"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2018.00023"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA45697.2020.00062"},{"key":"e_1_3_2_1_67_1","volume-title":"url: https:\/\/github.com\/jasonyu1996\/capstone-cRetrieved","author":"Yu Jason","year":"2025","unstructured":"[SW] Jason Yu, Jasonyu1996\/Capstone-c Dec. 2, 2024. url: https:\/\/github.com\/jasonyu1996\/capstone-cRetrieved May 10, 2025 from."},{"key":"e_1_3_2_1_68_1","first-page":"787 37","volume-title":"Capstone: A Capability-based Foundation for Trustless Secure Memory Access. In 32nd USENIX Security Symposium (USENIX Security . USENIX Association","author":"Yu Jason Zhijingcheng","year":"2023","unstructured":"Jason Zhijingcheng Yu, Conrad Watt, Aditya Badole, Trevor E. Carlson, and Prateek Saxena. 2023. Capstone: A Capability-based Foundation for Trustless Secure Memory Access. In 32nd USENIX Security Symposium (USENIX Security . USENIX Association, Anaheim, CA, (Aug. 2023), 787-804. isbn: 978-1-939133-37-3."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.2302.13863"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVLSI.2019.2926114"}],"event":{"name":"SACMAT '25:SACMAT '25","location":"Stony Brook NY USA","sponsor":["sigsac ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 30th ACM Symposium on Access Control Models and Technologies"],"original-title":[],"deposited":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T17:33:12Z","timestamp":1751563992000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3734436.3734449"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,7]]},"references-count":70,"alternative-id":["10.1145\/3734436.3734449","10.1145\/3734436"],"URL":"https:\/\/doi.org\/10.1145\/3734436.3734449","relation":{},"subject":[],"published":{"date-parts":[[2025,7,7]]},"assertion":[{"value":"2025-07-07","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}