{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,9]],"date-time":"2025-06-09T12:40:01Z","timestamp":1749472801857,"version":"3.41.0"},"reference-count":83,"publisher":"Association for Computing Machinery (ACM)","issue":"1-2","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Comput. Syst."],"published-print":{"date-parts":[[2025,5,31]]},"abstract":"<jats:p>Memory corruption vulnerabilities pose a significant threat to system security. The traditional paging-based approach cannot protect fine-grained runtime data (e.g., function pointers), which are often mixed with other data in memory. To protect the runtime data, data space randomization is proposed to encrypt the in-memory data so that the attacker cannot control the decrypted result. Unfortunately, current hardware does not provide dedicated support for fine-grained data encryption.<\/jats:p>\n          <jats:p\/>\n          <jats:p>This article presents RegVault II, a cross-architectural hardware-assisted lightweight data randomization scheme for OS kernels. To achieve robust, fine-grained, and lightweight data protection, we first identify five required capabilities for efficient and secure data randomization. Guided by these requirements, we design and implement novel hardware primitives that provide cryptographically strong encryption and decryption, thus ensuring both confidentiality and integrity for register-grained data. At the software level, we propose identification- and annotation-based approaches to automatically mark sensitive data and instrument the corresponding load and store operations. We also introduce new techniques to protect the interrupt context and safeguard the sensitive data spilling. We implement RegVault II on an actual FPGA hardware board for RISC-V and on QEMU for Arm, applying it to protect six types of sensitive data in the Linux kernel. Our thorough security and performance evaluations show that RegVault II effectively defends against a broad range of kernel data attacks while incurring minimal performance overhead.<\/jats:p>","DOI":"10.1145\/3734521","type":"journal-article","created":{"date-parts":[[2025,5,6]],"date-time":"2025-05-06T11:20:37Z","timestamp":1746530437000},"page":"1-34","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["RegVault II: Achieving Hardware-Assisted Selective Kernel Data Randomization for Multiple Architectures"],"prefix":"10.1145","volume":"43","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-5436-6724","authenticated-orcid":false,"given":"Ruorong","family":"Guo","sequence":"first","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8251-2424","authenticated-orcid":false,"given":"Yangye","family":"Zhou","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-6254-2004","authenticated-orcid":false,"given":"Jinyan","family":"Xu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2899-6121","authenticated-orcid":false,"given":"Wenbo","family":"Shen","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7610-4736","authenticated-orcid":false,"given":"Yajin","family":"Zhou","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0178-0171","authenticated-orcid":false,"given":"Rui","family":"Chang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,6,9]]},"reference":[{"key":"e_1_3_1_2_2","first-page":"1433","volume-title":"Proceedings of the 32nd USENIX Security Symposium.","author":"Ahmed Salman","year":"2023","unstructured":"Salman Ahmed, Hans Liljestrand, Hani Jamjoom, Matthew Hicks, N. Asokan, and Danfeng (Daphne) Yao. 2023. Not all data are created equal: Data and pointer prioritization for scalable protection against data-oriented attacks. In Proceedings of the 32nd USENIX Security Symposium.USENIX Association, Anaheim, CA, 1433\u20131450. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/ahmed-salman"},{"key":"e_1_3_1_3_2","first-page":"11","volume-title":"Breakthrough AES Performance with Intel AES New Instructions","author":"Akdemir Kahraman","year":"2010","unstructured":"Kahraman Akdemir, Martin Dixon, Wajdi Feghali, Patrick Fay, Vinodh Gopal, Jim Guilford, Erdinc Ozturk, Gil Wolrich, and Ronen Zohar. 2010. Breakthrough AES Performance with Intel AES New Instructions. Technical Report. Intel. 11 pages."},{"key":"e_1_3_1_4_2","unstructured":"akopytov. 2025. Sysbench. Retrieved 19 May 2025 from https:\/\/github.com\/akopytov\/sysbench"},{"key":"e_1_3_1_5_2","first-page":"51","volume-title":"Proceedings of the 18th Conference on USENIX Security Symposium","author":"Akritidis Periklis","year":"2009","unstructured":"Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In Proceedings of the 18th Conference on USENIX Security Symposium (Montreal, Canada). USENIX Association, USA, 51\u201366."},{"key":"e_1_3_1_6_2","unstructured":"ARM. 2019. ARM Memory Tagging Extension. Retrieved 19 May 2025 from https:\/\/developer.arm.com\/-\/media\/ArmDeveloperCommunity\/PDF\/Arm_Memory_Tagging_Extension_Whitepaper.pdf"},{"key":"e_1_3_1_7_2","unstructured":"ARM. 2021. ARM Cryptography Extension. Retrieved 19 May 2025 from https:\/\/developer.arm.com\/documentation\/ddi0514\/g\/introduction\/about-the-cortex-a57-processor-cryptography-engine"},{"key":"e_1_3_1_8_2","volume-title":"The Rocket Chip Generator","author":"Asanovi\u0107 Krste","year":"2016","unstructured":"Krste Asanovi\u0107, Rimas Avizienis, Jonathan Bachrach, Scott Beamer, David Biancolin, Christopher Celio, Henry Cook, Daniel Dabbelt, John Hauser, Adam Izraelevitz, et al.2016. The Rocket Chip Generator. Technical Report UCB\/EECS-2016-17. EECS Department, University of California, Berkeley. Retrieved from http:\/\/www2.eecs.berkeley.edu\/Pubs\/TechRpts\/2016\/EECS-2016-17.html"},{"key":"e_1_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.13154\/tosc.v2017.i1.4-44"},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660350"},{"key":"e_1_3_1_11_2","volume-title":"Proceedings of the 2016 Network and Distributed System Security Symposium","author":"Azab Ahmed M.","year":"2016","unstructured":"Ahmed M. Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, and Peng Ning. 2016. SKEE: A lightweight Secure Kernel-level Execution Environment for ARM. In Proceedings of the 2016 Network and Distributed System Security Symposium. NDSS, San Diego, California, USA."},{"key":"e_1_3_1_12_2","unstructured":"Brandon Azad. 2020. iOS Kernel PAC One Year Later. Retrieved 19 May 2025 from https:\/\/i.blackhat.com\/USA-20\/Wednesday\/us-20-Azad-iOS-Kernel-PAC-One-Year-Later.pdf"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/2228360.2228584"},{"key":"e_1_3_1_14_2","first-page":"335","volume-title":"Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation","author":"Belay Adam","year":"2012","unstructured":"Adam Belay, Andrea Bittau, Ali Mashtizadeh, David Terei, David Mazi\u00e8res, and Christos Kozyrakis. 2012. Dune: Safe user-level access to privileged CPU features. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (Hollywood, CA, USA). USENIX Association, USA, 335\u2013348."},{"key":"e_1_3_1_15_2","first-page":"337","volume-title":"Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses","author":"Belleville Brian","year":"2018","unstructured":"Brian Belleville, Hyungon Moon, Jangseop Shin, Dongil Hwang, Joseph M. Nash, Seonhwa Jung, Yeoul Na, Stijn Volckaert, Per Larsen, Yunheung Paek, et\u00a0al. 2018. Hardware assisted randomization of data. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Association for Computing Machinery, New York, NY, USA, 337\u2013358."},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_1"},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/3302424.3303952"},{"key":"e_1_3_1_19_2","volume-title":"Data Randomization","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Periklis Akritidis, Manuel Costa, Jean-Phillipe Martin, and Miguel Castro. 2008. Data Randomization. Technical Report. Technical Report TR-2008-120, Microsoft Research, 2008. Cited on."},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052983"},{"key":"e_1_3_1_21_2","unstructured":"RISC-V Community. 2021. RISC-V Cryptography Extension. Retrieved 19 May 2025 from https:\/\/github.com\/riscv\/riscv-crypto"},{"key":"e_1_3_1_22_2","unstructured":"Microsoft Corporation. 2019. A Proactive Approach to More Secure Code. Retrieved 19 May 2025 from https:\/\/msrc-blog.microsoft.com\/2019\/07\/16\/a-proactive-approach-to-more-secure-code\/"},{"key":"e_1_3_1_23_2","first-page":"267","volume-title":"Proceedings of the Advances in Cryptology","author":"Courtois Nicolas T.","year":"2002","unstructured":"Nicolas T. Courtois and Josef Pieprzyk. 2002. Cryptanalysis of block ciphers with overdefined systems of equations. In Proceedings of the Advances in Cryptology. Springer, Berlin, 267\u2013287."},{"key":"e_1_3_1_24_2","first-page":"7","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12","author":"Cowan Crispin","year":"2003","unstructured":"Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. 2003. PointguardTM: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (Washington, DC). USENIX Association, USA, 7."},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2019.8714980"},{"key":"e_1_3_1_26_2","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium.","author":"Delshadtehrani Leila","year":"2020","unstructured":"Leila Delshadtehrani, Sadullah Canakci, Boyou Zhou, Schuyler Eldridge, Ajay Joshi, and Manuel Egele. 2020. PHMon: A programmable hardware monitor and its security use cases. In Proceedings of the 29th USENIX Conference on Security Symposium.USENIX Association, USA, Article 46, 18 pages."},{"key":"e_1_3_1_27_2","volume-title":"Proceedings of the 57th ACM\/EDAC\/IEEE Design Automation Conference","author":"Denis-Courmont R\u00e9mi","year":"2020","unstructured":"R\u00e9mi Denis-Courmont, Hans Liljestrand, Carlos Chinea, and Jan-Erik Ekberg. 2020. Camouflage: Hardware-assisted CFI for the ARM Linux kernel. In Proceedings of the 57th ACM\/EDAC\/IEEE Design Automation Conference (Virtual Event, USA). IEEE Press, USA, Article 224, 6 pages."},{"key":"e_1_3_1_28_2","unstructured":"Docker. 2025. Docker. Retrieved 19 May 2025 from https:\/\/www.docker.com\/"},{"key":"e_1_3_1_29_2","first-page":"1037","volume-title":"Proceedings of the 30th USENIX Security Symposium","author":"farkhani Reza Mirzazade","year":"2021","unstructured":"Reza Mirzazade farkhani, Mansour Ahmadi, and Long Lu. 2021. PTAuth: Temporal memory safety via robust points-to authentication. In Proceedings of the 30th USENIX Security Symposium. USENIX Association, USA, 1037\u20131054. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/mirzazade"},{"key":"e_1_3_1_30_2","unstructured":"The Apache Software Foundation. 2025. ab. Retrieved 19 May 2025 from https:\/\/httpd.apache.org\/docs\/2.4\/programs\/ab.html"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134037"},{"key":"e_1_3_1_32_2","first-page":"83","volume-title":"Proceedings of the 27th USENIX Conference on Security Symposium","author":"Frassetto Tommaso","year":"2018","unstructured":"Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2018. IMIX: In-process memory isolation extension. In Proceedings of the 27th USENIX Conference on Security Symposium (Baltimore, MD, USA) . USENIX Association, USA, 83\u201397."},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304037"},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304037"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18074.2021.9586216"},{"key":"e_1_3_1_36_2","first-page":"609","volume-title":"Proceedings of the 2022 USENIX Annual Technical Conference","author":"Gu Jinyu","year":"2022","unstructured":"Jinyu Gu, Hao Li, Wentai Li, Yubin Xia, and Haibo Chen. 2022. EPK: Scalable and efficient memory protection keys. In Proceedings of the 2022 USENIX Annual Technical Conference (Carlsbad, CA, USA). USENIX Association, USA, 609\u2013624."},{"key":"e_1_3_1_37_2","first-page":"735","volume-title":"Proceedings of the 2023 USENIX Annual Technical Conference","author":"Jin Di","year":"2023","unstructured":"Di Jin, Vaggelis Atlidakis, and Vasileios P. Kemerlis. 2023. EPF: Evil packet filter. In Proceedings of the 2023 USENIX Annual Technical Conference. USENIX Association, Boston, MA, 735\u2013751. https:\/\/www.usenix.org\/conference\/atc23\/presentation\/jin"},{"key":"e_1_3_1_38_2","first-page":"147","volume-title":"Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation","author":"Kuznetsov Volodymyr","year":"2014","unstructured":"Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-pointer integrity. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, Broomfield, CO, 147\u2013163. Retrieved from https:\/\/www.usenix.org\/conference\/osdi14\/technical-sessions\/presentation\/kuznetsov"},{"key":"e_1_3_1_39_2","unstructured":"MWR Labs. 2014. Windows 8 Kernel Memory Protections Bypass. Retrieved 19 May 2025 from https:\/\/labs.withsecure.com\/publications\/windows-8-kernel-memory-protections-bypass"},{"key":"e_1_3_1_40_2","first-page":"206","volume-title":"Proceedings of the Advances in Cryptology","author":"Leander Gregor","year":"2011","unstructured":"Gregor Leander, Mohamed Ahmed Abdelraheem, Hoda AlKhzaimi, and Erik Zenner. 2011. A cryptanalysis of PRINTcipher: The invariant subspace attack. In Proceedings of the Advances in Cryptology. Phillip Rogaway (Ed.), Springer, Berlin, 206\u2013221."},{"key":"e_1_3_1_41_2","volume-title":"Proceedings of the USENIX Security","author":"Liljestrand Hans","year":"2021","unstructured":"Hans Liljestrand, Thomas Nyman, Lachlan J. Gunn, Jan-Erik Ekberg, and N. Asokan. 2021. PACStack: An authenticated call stack. In Proceedings of the USENIX Security. USENIX Association, USA. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/liljestrand"},{"key":"e_1_3_1_42_2","first-page":"177","volume-title":"Proceedings of the 28th USENIX Security Symposium","author":"Liljestrand Hans","year":"2019","unstructured":"Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea Perez, Jan-Erik Ekberg, and N. Asokan. 2019. PAC it up: Towards pointer integrity using ARM pointer authentication. In Proceedings of the 28th USENIX Security Symposium. USENIX Association, Santa Clara, CA, 177\u2013194. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/liljestrand"},{"key":"e_1_3_1_43_2","first-page":"31","volume-title":"Proceedings of the Advances in Cryptology","author":"Liskov Moses","year":"2002","unstructured":"Moses Liskov, Ronald L. Rivest, and David Wagner. 2002. Tweakable block ciphers. In Proceedings of the Advances in Cryptology. Moti Yung (Ed.), Springer, Berlin, 31\u201346."},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"e_1_3_1_45_2","unstructured":"LWN. 2017. Randomizing Structure Layout. Retrieved 19 May 2025 from https:\/\/lwn.net\/Articles\/722293\/"},{"key":"e_1_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i1.109-136"},{"key":"e_1_3_1_47_2","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813676"},{"key":"e_1_3_1_48_2","first-page":"2","volume-title":"Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings","author":"McCanne Steven","year":"1993","unstructured":"Steven McCanne and Van Jacobson. 1993. The BSD packet filter: A new architecture for user-level packet capture. In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings (San Diego, California). USENIX Association, USA, 2."},{"key":"e_1_3_1_49_2","volume-title":"Report on Lightweight Cryptography","author":"McKay Kerry","year":"2016","unstructured":"Kerry McKay, Lawrence Bassham, Meltem S\u00f6nmez Turan, and Nicky Mouha. 2016. Report on Lightweight Cryptography. Technical Report. National Institute of Standards and Technology."},{"key":"e_1_3_1_50_2","first-page":"23","volume-title":"Proceedings of the 1996 Annual Conference on USENIX Annual Technical Conference","author":"McVoy Larry","year":"1996","unstructured":"Larry McVoy and Carl Staelin. 1996. lmbench: Portable tools for performance analysis. In Proceedings of the 1996 Annual Conference on USENIX Annual Technical Conference (San Diego, CA). USENIX Association, USA, 23."},{"key":"e_1_3_1_51_2","volume-title":"Kernel WX\u0302 Improvements In OpenBSD","author":"Mike Larkin","year":"2015","unstructured":"Larkin Mike. 2015. Kernel WX\u0302 Improvements In OpenBSD. Technical Report. OpenBSD."},{"key":"e_1_3_1_52_2","doi-asserted-by":"crossref","first-page":"359","DOI":"10.1007\/978-3-030-00470-5_17","volume-title":"Proceedings of the Research in Attacks, Intrusions, and Defenses.","author":"Mogosanu Lucian","year":"2018","unstructured":"Lucian Mogosanu, Ashay Rane, and Nathan Dautenhahn. 2018. MicroStache: A lightweight execution context for in-process safe region isolation. In Proceedings of the Research in Attacks, Intrusions, and Defenses.Michael Bailey, Thorsten Holz, Manolis Stamatogiannakis, and Sotiris Ioannidis (Eds.), Springer International Publishing, Cham, 359\u2013379."},{"key":"e_1_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3644994"},{"key":"e_1_3_1_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670279"},{"key":"e_1_3_1_55_2","unstructured":"MySQL. 2025. MySQL. Retrieved 19 May 2025 from https:\/\/www.mysql.com\/"},{"key":"e_1_3_1_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/1543135.1542504"},{"key":"e_1_3_1_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/1837855.1806657"},{"key":"e_1_3_1_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/1065887.1065892"},{"key":"e_1_3_1_59_2","unstructured":"Nginx. 2025. Nginx. Retrieved 19 May 2025 from https:\/\/www.nginx.com\/"},{"key":"e_1_3_1_60_2","unstructured":"Enrique E. Nissim Nicolas A. Economou. 2016. Getting Physical: Extreme Abuse of Intel Based Paging Systems. Retrieved 19 May 2025 from https:\/\/www.coresecurity.com\/core-labs\/articles\/getting-physical-extreme-abuse-of-intel-based-paging-systems"},{"key":"e_1_3_1_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359815"},{"key":"e_1_3_1_62_2","volume-title":"Proceedings of the 2021 IEEE Symposium on Security and Privacy","author":"Palit Tapti","year":"2021","unstructured":"Tapti Palit, Jarin Firose Moon, Fabian Monrose, and Michalis Polychronakis. 2021. DynPTA: Combining static and dynamic analysis for practical selective data protection. In Proceedings of the 2021 IEEE Symposium on Security and Privacy. IEEE, San Francisco, CA, USA."},{"key":"e_1_3_1_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179284"},{"key":"e_1_3_1_64_2","doi-asserted-by":"publisher","DOI":"10.1145\/3314058.3314064"},{"key":"e_1_3_1_65_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.152"},{"key":"e_1_3_1_66_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"e_1_3_1_67_2","unstructured":"Inc. Qualcomm Technologies. 2017. Pointer Authentication on ARMv8.3. Retrieved 19 May 2025 from https:\/\/www.qualcomm.com\/media\/documents\/files\/whitepaper-pointer-authentication-on-armv8-3.pdf"},{"key":"e_1_3_1_68_2","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384757"},{"key":"e_1_3_1_69_2","first-page":"154","volume-title":"Proceedings of the 2014 IEEE\/ACM International Conference on Computer-Aided Design","author":"Sayilar Gokhan","year":"2014","unstructured":"Gokhan Sayilar and Derek Chiou. 2014. Cryptoraptor: High throughput reconfigurable cryptographic processor. In Proceedings of the 2014 IEEE\/ACM International Conference on Computer-Aided Design (San Jose, California). IEEE Press, San Jose, California, 154\u2013161."},{"key":"e_1_3_1_70_2","unstructured":"INetCop Security. 2016. New Reliable Android Kernel Root Exploitation Techniques. Retrieved 19 May 2025 from http:\/\/powerofcommunity.net\/poc2016\/x82.pdf"},{"key":"e_1_3_1_71_2","first-page":"28","volume-title":"Proceedings of the 2012 USENIX Conference on Annual Technical Conference","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference (Boston, MA) . USENIX Association, USA, 28."},{"key":"e_1_3_1_72_2","unstructured":"Di Shen. 2017. Defeating Samsung KNOX with Zero Privilege. Retrieved 19 May 2025 from https:\/\/www.blackhat.com\/docs\/us-17\/thursday\/us-17-Shen-Defeating-Samsung-KNOX-With-Zero-Privilege.pdf"},{"key":"e_1_3_1_73_2","volume-title":"Proceedings of the NDSS","author":"Shi Lei","year":"2017","unstructured":"Lei Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, and Jinming Li. 2017. Deconstructing Xen. In Proceedings of the NDSS. NDSS, San Diego, CA, USA."},{"key":"e_1_3_1_74_2","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"Song Chengyu","year":"2016","unstructured":"Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. 2016. HDFI: Hardware-assisted data-flow isolation. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, IEEE, San Jose, CA, USA."},{"key":"e_1_3_1_75_2","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3590331"},{"key":"e_1_3_1_76_2","first-page":"1221","volume-title":"Proceedings of the 28th USENIX Security Symposium","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, efficient in-process isolation with protection keys (MPK). In Proceedings of the 28th USENIX Security Symposium. USENIX Association, Santa Clara, CA, 1221\u20131238. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/vahldiek-oberwagner"},{"key":"e_1_3_1_77_2","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660316"},{"key":"e_1_3_1_78_2","volume-title":"The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Version 2.0","author":"Waterman Andrew","year":"2014","unstructured":"Andrew Waterman, Yunsup Lee, David A. Patterson, and Krste Asanovi\u0107. 2014. The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Version 2.0. Technical Report UCB\/EECS-2014-54. EECS Department, University of California, Berkeley. Retrieved from http:\/\/www2.eecs.berkeley.edu\/Pubs\/TechRpts\/2014\/EECS-2014-54.html"},{"key":"e_1_3_1_79_2","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076739"},{"key":"e_1_3_1_80_2","doi-asserted-by":"publisher","DOI":"10.1145\/3575693.3575735"},{"key":"e_1_3_1_81_2","doi-asserted-by":"publisher","DOI":"10.1145\/3652892.3700786"},{"key":"e_1_3_1_82_2","volume-title":"Proceedings of the NDSS","author":"Yun Min Hong","year":"2019","unstructured":"Min Hong Yun and Lin Zhong. 2019. Ginseng: Keeping secrets in registers when you distrust the operating system.. In Proceedings of the NDSS. San Diego, CA, USA."},{"key":"e_1_3_1_83_2","first-page":"1205","volume-title":"Proceedings of the 28th USENIX Conference on Security Symposium","author":"Zhang Tong","year":"2019","unstructured":"Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed M. Azab, and Ruowen Wang. 2019. PeX: A permission check analysis framework for Linux kernel. In Proceedings of the 28th USENIX Conference on Security Symposium (Santa Clara, CA, USA). USENIX Association, USA, 1205\u20131220."},{"key":"e_1_3_1_84_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSSC.2017.2776302"}],"container-title":["ACM Transactions on Computer Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3734521","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,9]],"date-time":"2025-06-09T12:18:24Z","timestamp":1749471504000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3734521"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,31]]},"references-count":83,"journal-issue":{"issue":"1-2","published-print":{"date-parts":[[2025,5,31]]}},"alternative-id":["10.1145\/3734521"],"URL":"https:\/\/doi.org\/10.1145\/3734521","relation":{},"ISSN":["0734-2071","1557-7333"],"issn-type":[{"type":"print","value":"0734-2071"},{"type":"electronic","value":"1557-7333"}],"subject":[],"published":{"date-parts":[[2025,5,31]]},"assertion":[{"value":"2024-07-02","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-04-28","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-06-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}