{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:48:04Z","timestamp":1756385284349,"version":"3.44.0"},"reference-count":88,"publisher":"Association for Computing Machinery (ACM)","issue":"3","funder":[{"name":"PPS","award":["ANR-19-C48-0014 and UCA DS4H ANR-17-EURE-0004"],"award-info":[{"award-number":["ANR-19-C48-0014 and UCA DS4H ANR-17-EURE-0004"]}]},{"name":"Wallenberg AI, Autonomous Systems and Software Program"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,8,31]]},"abstract":"<jats:p>The efficacy of address space layout randomization has been formally demonstrated in a shared-memory model by Abadi et\u00a0al., contingent on specific assumptions about victim programs. However, modern operating systems, implementing layout randomization in the kernel, diverge from these assumptions and operate on a separate memory model with communication through system calls. In this work, we relax Abadi et\u00a0al.\u2019s language assumptions while demonstrating that layout randomization offers a comparable safety guarantee in a system with memory separation. However, in practice, speculative execution and side-channels are recognized threats to layout randomization. We show that kernel safety cannot be restored for attackers capable of using side-channels and speculative execution, and introduce enforcement mechanisms that can guarantee speculative kernel safety for safe system calls in the Spectre era. We implement three suitable mechanisms and we evaluate their performance overhead on the Linux kernel.<\/jats:p>","DOI":"10.1145\/3743678","type":"journal-article","created":{"date-parts":[[2025,6,12]],"date-time":"2025-06-12T07:32:08Z","timestamp":1749713528000},"page":"1-39","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Comprehensive Kernel Safety in the Spectre Era: Mitigations and Performance Evaluation"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-2981-2962","authenticated-orcid":false,"given":"Davide","family":"Davoli","sequence":"first","affiliation":[{"name":"Inria","place":["Sophia Antipolis, France"]},{"name":"Universit\u00e9 C\u00f4te d?Azur","place":["Sophia Antipolis, France"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6445-8833","authenticated-orcid":false,"given":"Martin","family":"Avanzini","sequence":"additional","affiliation":[{"name":"Inria","place":["Sophia Antipolis, France"]},{"name":"Universit\u00e9 C\u00f4te d?Azur","place":["Sophia Antipolis, France"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3744-0248","authenticated-orcid":false,"given":"Tamara","family":"Rezk","sequence":"additional","affiliation":[{"name":"Inria","place":["Sophia Antipolis, France"]},{"name":"Universit\u00e9 C\u00f4te d?Azur","place":["Sophia Antipolis, France"]}]}],"member":"320","published-online":{"date-parts":[[2025,8,27]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"crossref","first-page":"340","DOI":"10.1145\/1102120.1102165","volume-title":"Proceedings of the 12th ACM Conference on Computer and Communications Security","author":"Abadi Mart\u00edn","year":"2005","unstructured":"Mart\u00edn Abadi, Mihai Budiu, \u00dalfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security. ACM, New York, NY, USA, 340\u2013353."},{"key":"e_1_3_3_3_2","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1007\/978-3-642-36830-1_9","volume-title":"Proceedings of the Principles of Security and Trust","author":"Abadi Mart\u00edn","year":"2013","unstructured":"Mart\u00edn Abadi and J\u00e9r\u00e9my Planul. 2013. On layout randomization for arrays and functions. In Proceedings of the Principles of Security and Trust. Springer, Berlin, Heidelberg, 167\u2013185."},{"key":"e_1_3_3_4_2","first-page":"1","volume-title":"Layout Randomization and Nondeterminism","author":"Abadi Mart\u00edn","year":"2014","unstructured":"Mart\u00edn Abadi, J\u00e9r\u00e9my Planul, and Gordon D. Plotkin. 2014. Layout Randomization and Nondeterminism. Springer International Publishing, Berlin, Heidelberg, 1\u201339."},{"key":"e_1_3_3_5_2","doi-asserted-by":"crossref","unstructured":"Mart\u00edn Abadi and Gordon D. Plotkin. 2012. On protection by layout randomization. ACM Transactions on Information and System Security 15 2 (Jul2012) 29.","DOI":"10.1145\/2240276.2240279"},{"volume-title":"Technical Guidance for Mitigating Branch Type Confusion","year":"2022","key":"e_1_3_3_6_2","unstructured":"AMD. 2022. Technical Guidance for Mitigating Branch Type Confusion. Technical Report. AMD. Retrieved fromhttps:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/resources\/technical-guidance-for-mitigating-branch-type-confusion.pdfWhite Paper."},{"key":"e_1_3_3_7_2","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1145\/3548606.3560689","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","author":"Shivakumar Basavesh Ammanaghatta","year":"2022","unstructured":"Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Gr\u00e9goire, Vincent Laporte, and Swarn Priya. 2022. Enforcing fine-grained constant-time policies. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 83\u201396."},{"key":"e_1_3_3_8_2","first-page":"79","volume-title":"Proceedings of the Principles of Security and Trust: 7th International Conference","author":"Amorim Arthur Azevedo de","year":"2018","unstructured":"Arthur Azevedo de Amorim, C\u0103t\u0103lin Hri\u0163cu, and Benjamin C Pierce. 2018. The meaning of memory safety. In Proceedings of the Principles of Security and Trust: 7th International Conference. Springer Berlin, Heidelberg, Springer, 79\u2013105."},{"key":"e_1_3_3_9_2","first-page":"971","volume-title":"Proceedings of the 31st USENIX Security Symposium (USENIX Security\u201922)","author":"Barberis Enrico","year":"2022","unstructured":"Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida. 2022. Branch history injection: On the effectiveness of hardware mitigations against cross-privilege spectre-v2 attacks. In Proceedings of the 31st USENIX Security Symposium (USENIX Security\u201922). USENIX Association, Boston, MA, 971\u2013988."},{"key":"e_1_3_3_10_2","doi-asserted-by":"crossref","first-page":"1267","DOI":"10.1145\/2660267.2660283","volume-title":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security","author":"Barthe Gilles","year":"2014","unstructured":"Gilles Barthe, Gustavo Betarte, Juan Campo, Carlos Luna, and David Pichardie. 2014. System-level non-interference for constant-time cryptography. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 1267\u20131279."},{"key":"e_1_3_3_11_2","doi-asserted-by":"crossref","first-page":"1884","DOI":"10.1109\/SP40001.2021.00046","volume-title":"Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP\u201921)","author":"Barthe Gilles","year":"2021","unstructured":"Gilles Barthe, Sunjay Cauligi, Benjamin Gr\u00e9goire, Adrien Koutsos, Kevin Liao, Tiago Oliveira, Swarn Priya, Tamara Rezk, and Peter Schwabe. 2021. High-assurance cryptography in the spectre era. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP\u201921). IEEE, New York, NY, USA, 1884\u20131901."},{"key":"e_1_3_3_12_2","first-page":"251","volume-title":"Proceedings of the 17th European Conference on Computer Systems","author":"Behrens Jonathan","year":"2022","unstructured":"Jonathan Behrens, Adam Belay, and M. Frans Kaashoek. 2022. Performance evolution of mitigating transient execution attacks. In Proceedings of the 17th European Conference on Computer Systems. ACM, New York, NY, USA, 251\u2013265."},{"key":"e_1_3_3_13_2","doi-asserted-by":"crossref","first-page":"158","DOI":"10.1145\/1133981.1134000","volume-title":"Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation","author":"Berger Emery D.","year":"2006","unstructured":"Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: Probabilistic memory safety for unsafe languages. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, NY, USA, 158\u2013168."},{"key":"e_1_3_3_14_2","volume-title":"Understanding the Linux Kernel: From I\/O Ports to Process Management","author":"Bovet Daniel P.","year":"2005","unstructured":"Daniel P. Bovet and Marco Cesati. 2005. Understanding the Linux Kernel: From I\/O Ports to Process Management. \u201dO\u2019Reilly Media, Inc.\u201d, \u201dSebastopol, CA, USA\u201d."},{"key":"e_1_3_3_15_2","doi-asserted-by":"crossref","first-page":"481","DOI":"10.1145\/3320269.3384747","volume-title":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security","author":"Canella Claudio","year":"2020","unstructured":"Claudio Canella, Michael Schwarz, Martin Haubenwallner, Martin Schwarzl, and Daniel Gruss. 2020. KASLR: Break it, fix it, repeat. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. ACM, New York, NY, USA, 481\u2013493."},{"key":"e_1_3_3_16_2","unstructured":"Chandler Carruth. 2018. Speculative Load Hardening. (Sep2018). Retrieved from https:\/\/llvm.org\/docs\/SpeculativeLoadHardening.html"},{"key":"e_1_3_3_17_2","doi-asserted-by":"crossref","first-page":"913","DOI":"10.1145\/3385412.3385970","volume-title":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","author":"Cauligi Sunjay","year":"2020","unstructured":"Sunjay Cauligi, Craig Disselkoen, Klaus v. Gleissenthall, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe. 2020. Constant-time foundations for the new spectre era. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, NY, USA, 913\u2013926."},{"key":"e_1_3_3_18_2","doi-asserted-by":"crossref","first-page":"1165","DOI":"10.1145\/3372297.3423353","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Chen Yueqi","year":"2020","unstructured":"Yueqi Chen, Zhenpeng Lin, and Xinyu Xing. 2020. A systematic study of elastic objects in kernel exploitation. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 1165\u20131184."},{"key":"e_1_3_3_19_2","first-page":"607","volume-title":"Proceedings of the MICRO-54: 54th Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Choudhary Rutvik","year":"2021","unstructured":"Rutvik Choudhary, Jiyong Yu, Christopher Fletcher, and Adam Morrison. 2021. Speculative privacy tracking (SPT): Leaking information from speculative execution without compromising privacy. In Proceedings of the MICRO-54: 54th Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, New York, NY, USA, 607\u2013622."},{"key":"e_1_3_3_20_2","volume-title":"Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201924)","author":"Christou Neophytos","year":"2024","unstructured":"Neophytos Christou, Alexander J. Gaidis, Vaggelis Atlidakis, and Vasileios P. Kemerlis. 2024. Eclipse: Preventing speculative memory-error abuse with artificial data dependencies. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201924). ACM, New York, NY, USA, 15."},{"key":"e_1_3_3_21_2","unstructured":"Jonathan Corbet. 2012. Supervisor Mode Access Prevention. (2012). Retrieved from https:\/\/lwn.net\/Articles\/517475\/"},{"key":"e_1_3_3_22_2","unstructured":"Intel Corporation. 2018. Indirect Branch Restricted Speculation. (2018). Retrieved fromhttps:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/technical-documentation\/indirect-branch-restricted-speculation.html"},{"key":"e_1_3_3_23_2","volume-title":"Intel Analysis of Speculative Execution Side Channels","author":"Corporation Intel","year":"2018","unstructured":"Intel Corporation. 2018. Intel Analysis of Speculative Execution Side Channels. Technical Report. Intel Corporation. Retrieved fromhttps:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/671163\/intel-analysis-of-speculative-execution-side-channels.htmlWhite Paper."},{"key":"e_1_3_3_24_2","unstructured":"Intel Corporation. 2018. Retpoline: A Branch Target Injection Mitigation. (2018). Retrieved fromhttps:\/\/www.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/retpoline-a-branch-target-injection-mitigation.pdf"},{"key":"e_1_3_3_25_2","volume-title":"Branch History Injection and Intra-mode Branch Target Injection \/ CVE-2022-0001, CVE-2022-0002 \/ INTEL-SA-00598","author":"Corporation Intel","year":"2022","unstructured":"Intel Corporation. 2022. Branch History Injection and Intra-mode Branch Target Injection \/ CVE-2022-0001, CVE-2022-0002 \/ INTEL-SA-00598. Technical Report. Intel Corporation. Retrieved fromhttps:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/technical-documentation\/branch-history-injection.htmlTechnical Documentation."},{"key":"e_1_3_3_26_2","unstructured":"Intel Corporation. 2025. Affected Processors: Guidance for Security Issues on Intel\u00ae Processors. (2025). Retrieved fromhttps:\/\/www.intel.com\/content\/www\/us\/en\/developer\/topic-technology\/software-security-guidance\/processors-affected-consolidated-product-cpu-model.html"},{"key":"e_1_3_3_27_2","unstructured":"CrossDB. 2024. Bench Test. (2024). Retrieved from https:\/\/crossdb.org\/get-started\/bench\/"},{"key":"e_1_3_3_28_2","unstructured":"cryptsetup Group. 2025. cryptsetup. (2025). Retrieved from https:\/\/gitlab.com\/cryptsetup\/cryptsetup"},{"key":"e_1_3_3_29_2","first-page":"7161","volume-title":"Proceedings of the 32nd USENIX Security Symposium (USENIX Security\u201923)","author":"Daniel Lesly-Ann","year":"2023","unstructured":"Lesly-Ann Daniel, Marton Bognar, Job Noorman, S\u00e9bastien Bardin, Tamara Rezk, and Frank Piessens. 2023. ProSpeCT: Provably secure speculation for the constant-time policy. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security\u201923). USENIX Association, Anaheim, CA, 7161\u20137178."},{"key":"e_1_3_3_30_2","unstructured":"Davide Davoli. 2024. Comprehensive Kernel Safety in the Spectre Era. (2024). Retrieved from https:\/\/gitlab.inria.fr\/ddavoli\/comprehensive-kernel-safety-in-the-spectre-era"},{"key":"e_1_3_3_31_2","doi-asserted-by":"crossref","unstructured":"Davide Davoli Martin Avanzini and Tamara Rezk. 2025. Comprehensive kernel safety in the spectre era: Mitigations and performance evaluation (Extended Version). arxiv:2411.18094.","DOI":"10.1145\/3743678"},{"key":"e_1_3_3_32_2","volume-title":"Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, USA, October 14\u201318, 2023","author":"Davoli Davide","year":"2024","unstructured":"Davide Davoli, Martin Avanzini, and Tamara Rezk. 2024. On kernel\u2019s safety in the spectre era (and KASLR is formally dead). In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, USA, October 14\u201318, 2023. ACM, New York, NY, USA, 15."},{"key":"e_1_3_3_33_2","unstructured":"Theo de Raadt. 2017. OpenBSD 6.3. (Oct2017). Retrieved from https:\/\/www.openbsd.org\/33.html"},{"key":"e_1_3_3_34_2","unstructured":"Jake Edge. 2013. Kernel Address Space Layout Randomization. (2013). Retrieved from https:\/\/lwn.net\/Articles\/569635\/"},{"key":"e_1_3_3_35_2","volume-title":"Proceedings of the 49th Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Evtyushkin Dmitry","year":"2016","unstructured":"Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2016. Jump over ASLR: Attacking branch predictors to bypass ASLR. In Proceedings of the 49th Annual IEEE\/ACM International Symposium on Microarchitecture. IEEE, New York, NY, USA, 13."},{"key":"e_1_3_3_36_2","unstructured":"Stephen Fischer. 2011. Supervisor Mode Execution Protection. (2011). Retrieved fromhttps:\/\/www.ncsi.com\/nsatc11\/presentations\/wednesday\/emerging_technologies\/fischer.pdf"},{"key":"e_1_3_3_37_2","unstructured":"The Apache Software Foundation. 2025. ab \u2013 Apache HTTP Server Benchmarking Tool. (2025). Retrieved from https:\/\/httpd.apache.org\/docs\/2.4\/programs\/ab.html"},{"key":"e_1_3_3_38_2","unstructured":"Thomas Garnier. 2016. Randomizing the Linux Kernel Heap Freelists. (Sep2016). Retrieved from https:\/\/mxatone.medium.com\/randomizing-the-linux-kernel-heap-freelists-b899bb99c767"},{"key":"e_1_3_3_39_2","first-page":"179","volume-title":"Proceedings of the 2016 IEEE European Symposium on Security and Privacy (EuroS&P\u201916)","author":"Ge Xinyang","year":"2016","unstructured":"Xinyang Ge, Nirupama Talele, Mathias Payer, and Trent Jaeger. 2016. Fine-grained control-flow integrity for kernel software. In Proceedings of the 2016 IEEE European Symposium on Security and Privacy (EuroS&P\u201916). IEEE, New York, NY, USA, 179\u2013194. DOI:10.1109\/EuroSP.2016.24"},{"key":"e_1_3_3_40_2","unstructured":"Thomas Gleixner. 2022. Fix RSB Fill on Context Switch for SERIALIZE. Retrieved fromhttps:\/\/lore.kernel.org\/all\/20220716230344.239749011@linutronix.de\/. (16 July2022). Linux Kernel Mailing List."},{"key":"e_1_3_3_41_2","volume-title":"Proceedings of the 1982 IEEE Symposium on Security and Privacy","author":"Goguen J. A.","year":"1982","unstructured":"J. A. Goguen and J. Meseguer. 1982. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy. IEEE, New York, NY, USA, 11."},{"key":"e_1_3_3_42_2","doi-asserted-by":"crossref","first-page":"1871","DOI":"10.1145\/3372297.3417289","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","author":"G\u00f6ktas Enes","year":"2020","unstructured":"Enes G\u00f6ktas, Kaveh Razavi, Georgios Portokalidis, Herbert Bos, and Cristiano Giuffrida. 2020. Speculative probing: Hacking blind in the spectre era. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 1871\u20131885."},{"key":"e_1_3_3_43_2","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1007\/978-3-319-62105-0_11","volume-title":"Proceedings of the Engineering Secure Software and Systems","author":"Gruss Daniel","year":"2017","unstructured":"Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Cl\u00e9mentine Maurice, and Stefan Mangard. 2017. KASLR is dead: Long live KASLR. In Proceedings of the Engineering Secure Software and Systems. Springer International Publishing, Berlin, Heidelberg, 161\u2013176."},{"key":"e_1_3_3_44_2","doi-asserted-by":"crossref","first-page":"368","DOI":"10.1145\/2976749.2978356","volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","author":"Gruss Daniel","year":"2016","unstructured":"Daniel Gruss, Cl\u00e9mentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. 2016. Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 368\u2013379."},{"key":"e_1_3_3_45_2","first-page":"1","volume-title":"Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP\u201920)","author":"Guarnieri Marco","year":"2020","unstructured":"Marco Guarnieri, Boris K\u00f6pf, Jos\u00e9 F. Morales, Jan Reineke, and Andr\u00e9s S\u00e1nchez. 2020. Spectector: Principled detection of speculative information flows. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP\u201920). IEEE, New York, NY, USA, 1\u201319."},{"key":"e_1_3_3_46_2","doi-asserted-by":"crossref","first-page":"1868","DOI":"10.1109\/SP40001.2021.00036","volume-title":"Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP\u201921)","author":"Guarnieri Marco","year":"2021","unstructured":"Marco Guarnieri, Boris K\u00f6pf, Jan Reineke, and Pepe Vila. 2021. Hardware-software contracts for secure speculation. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP\u201921). IEEE, New York, NY, USA, 1868\u20131883."},{"key":"e_1_3_3_47_2","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1109\/SP.2013.23","volume-title":"Proceedings of the 2013 IEEE Symposium on Security and Privacy","author":"Hund Ralf","year":"2013","unstructured":"Ralf Hund, Carsten Willems, and Thorsten Holz. 2013. Practical timing side channel attacks against kernel space ASLR. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. IEEE, New York, NY, USA, 191\u2013205."},{"key":"e_1_3_3_48_2","unstructured":"Apple Inc.2011. Mac OS X has you Covered. (May2011). Retrieved fromhttp:\/\/www.apple.com\/macosx\/security\/"},{"key":"e_1_3_3_49_2","unstructured":"Genivia Inc. 2025. ugrep. (2025). Retrieved from https:\/\/github.com\/Genivia\/ugrep-benchmarks"},{"key":"e_1_3_3_50_2","volume-title":"Intel \u00ae64 and IA-32 Architectures Software Developer\u2019s Manualx","author":"Intel Corporation","year":"2023","unstructured":"Intel Corporation 2023. Intel \u00ae64 and IA-32 Architectures Software Developer\u2019s Manualx. Intel Corporation."},{"key":"e_1_3_3_51_2","unstructured":"The kernel development community. 2023. Page Table Isolation (PTI). (2023). Retrieved fromhttps:\/\/www.kernel.org\/doc\/html\/next\/x86\/pti.html"},{"key":"e_1_3_3_52_2","first-page":"1","volume-title":"Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP\u201919)","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, andYuval Yarom. 2019. Spectre attacks: Exploiting speculative execution. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP\u201919). IEEE, New York, NY, USA, 1\u201319."},{"key":"e_1_3_3_53_2","first-page":"5055","volume-title":"Proceedings of the 32nd USENIX Security Symposium (USENIX Security\u201923)","author":"Koschel Jakob","year":"2023","unstructured":"Jakob Koschel, Pietro Borrello, Daniele Cono D\u2019Elia, Herbert Bos, and Cristiano Giuffrida. 2023. Uncontained: Uncovering container confusion in the linux kernel. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security\u201923). USENIX Association, Anaheim, CA, 5055\u20135072."},{"key":"e_1_3_3_54_2","doi-asserted-by":"crossref","first-page":"309","DOI":"10.1109\/EuroSP48549.2020.00027","volume-title":"Proceedings of the 2020 IEEE European Symposium on Security and Privacy (EuroS&P\u201920)","author":"Koschel Jakob","year":"2020","unstructured":"Jakob Koschel, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. TagBleed: Breaking KASLR on the isolated kernel address space using tagged TLBs. In Proceedings of the 2020 IEEE European Symposium on Security and Privacy (EuroS&P\u201920). IEEE, New York, NY, USA, 309\u2013321."},{"key":"e_1_3_3_55_2","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1109\/CGO.2004.1281665","volume-title":"Proceedings of the International Symposium on Code Generation and Optimization, 2004. CGO 2004.","author":"Lattner C.","year":"2004","unstructured":"C. Lattner and V. Adve. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the International Symposium on Code Generation and Optimization, 2004. CGO 2004.IEEE, New York, NY, USA, 75\u201386."},{"key":"e_1_3_3_56_2","doi-asserted-by":"crossref","unstructured":"Jinku Li Zhi Wang Tyler Bletsch Deepa Srinivasan Michael Grace and Xuxian Jiang. 2011. Comprehensive and efficient protection of kernel control data. IEEE Transactions on Information Forensics and Security 6 4 (2011) 1404\u20131417.","DOI":"10.1109\/TIFS.2011.2159712"},{"key":"e_1_3_3_57_2","unstructured":"Arm Limited. 2022. Learn the Architecture \u2013 Providing Protection for Complex Software. (2022). Retrieved fromhttps:\/\/developer.arm.com\/documentation\/102433\/0100"},{"key":"e_1_3_3_58_2","first-page":"973","volume-title":"Retrieved from 27th USENIX Security Symposium (USENIX Security\u201918)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, and Raoul Strackx. 2018. Meltdown: Reading kernel memory from user space. In Retrieved from 27th USENIX Security Symposium (USENIX Security\u201918). USENIX Association, Baltimore, MD, 973\u2013990."},{"key":"e_1_3_3_59_2","first-page":"10","volume-title":"Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP\u201923)","author":"Liu William","year":"2023","unstructured":"William Liu, Joseph Ravichandran, and Mengjia Yan. 2023. EntryBleed: A universal KASLR bypass against KPTI on linux. In Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP\u201923). ACM, New York, NY, USA, 10\u201318."},{"key":"e_1_3_3_60_2","doi-asserted-by":"crossref","unstructured":"Ziqin Liu Zhenpeng Lin Yueqi Chen Yuhang Wu Yalong Zou Dongliang Mu and Xinyu Xing. 2023. Towards unveiling exploitation potential with multiple error behaviors for kernel bugs. IEEE Transactions on Dependable and Secure Computing 21 1 (2023) 1\u201318.","DOI":"10.1109\/TDSC.2023.3246170"},{"key":"e_1_3_3_61_2","first-page":"797","volume-title":"Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201918)","author":"Lottarini Andrea","year":"2018","unstructured":"Andrea Lottarini, Alex Ramirez, Joel Coburn, Martha A. Kim, Parthasarathy Ranganathan, Daniel Stodolsky, and Mark Wachsler. 2018. vbench: Benchmarking video transcoding in the cloud. In Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201918). Association for Computing Machinery, New York, NY, USA, 797\u2013809."},{"key":"e_1_3_3_62_2","doi-asserted-by":"crossref","first-page":"633","DOI":"10.1109\/EuroSP51992.2021.00048","volume-title":"Proceedings of the 2021 IEEE European Symposium on Security and Privacy (EuroS&P\u201921)","author":"Mambretti A.","year":"2021","unstructured":"A. Mambretti, A. Sandulescu, A. Sorniotti, W. Robertson, E. Kirda, and A. Kurmus. 2021. Bypassing memory safety mechanisms through speculative control flow hijacks. In Proceedings of the 2021 IEEE European Symposium on Security and Privacy (EuroS&P\u201921). IEEE Computer Society, Los Alamitos, CA, USA, 633\u2013649."},{"key":"e_1_3_3_63_2","unstructured":"Tarjei Mandt. 2013. Attacking the iOS Kernel: A Look at \u2018evasi0n\u2019. (March2013). Retrieved from https:\/\/papers.put.as\/papers\/ios\/2013\/NISlecture201303.pdf"},{"key":"e_1_3_3_64_2","unstructured":"Ed Maste. 2023. Address Space Layout Randomization (ASLR). (July2023). Retrieved from https:\/\/wiki.freebsd.org\/AddressSpaceLayoutRandomization"},{"key":"e_1_3_3_65_2","volume-title":"Proceedings of the 50th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL\u201923)","volume":"7","author":"Michael Alexandra E.","year":"2023","unstructured":"Alexandra E. Michael, Anitha Gollamudi, Jay Bosamiya, Evan Johnson, Aidan Denlinger, Craig Disselkoen, Conrad Watt, Bryan Parno, Marco Patrignani, Marco Vassena, and Deian Stefan. 2023. MSWasm: Soundly enforcing memory-safe execution of unsafe code. In Proceedings of the 50th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL\u201923), Vol. 7. ACM, New York, NY, USA, 30."},{"key":"e_1_3_3_66_2","unstructured":"Jo\u00e3o Moreira Sandro Rigo Michalis Polychronakis and Vasileios P. Kemerlis. 2017. DROP THE ROP: Fine-grained control-flow integrity for the Linux kernel. In Black Hat Asia 2017. Black Hat Singapore 25."},{"key":"e_1_3_3_67_2","doi-asserted-by":"crossref","unstructured":"Santosh Nagarakatte Jianzhou Zhao Milo M. K. Martin and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for c. SIGPLAN Not. 44 6 (2009) 245\u2013258.","DOI":"10.1145\/1543135.1542504"},{"key":"e_1_3_3_68_2","doi-asserted-by":"crossref","first-page":"445","DOI":"10.1145\/3460120.3484534","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","author":"Patrignani Marco","year":"2021","unstructured":"Marco Patrignani and Marco Guarnieri. 2021. Exorcising spectres with secure compilers. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 445\u2013461."},{"key":"e_1_3_3_69_2","unstructured":"Android Open Source Project. 2022. Kernel Hardening. (Aug.2022). Retrieved fromhttps:\/\/source.android.com\/docs\/core\/architecture\/kernel\/hardening"},{"key":"e_1_3_3_70_2","unstructured":"The LLVM Project. 2025. X86SpeculativeExecutionSideEffectSuppression.cpp File Reference. (2025). Retrieved from https:\/\/www.llvm.org\/doxygen\/X86SpeculativeExecutionSideEffectSuppression_8cpp.html"},{"key":"e_1_3_3_71_2","unstructured":"Liam Proven. 2022. Linux 6.1: Rust to Hit Mainline Kernel. (Oct.2022). Retrieved fromhttps:\/\/www.theregister.com\/2022\/10\/05\/rust_kernel_pull_request_pulled\/"},{"key":"e_1_3_3_72_2","doi-asserted-by":"crossref","first-page":"685","DOI":"10.1145\/3470496.3527429","volume-title":"Proceedings of the 49th Annual International Symposium on Computer Architecture","author":"Ravichandran Joseph","year":"2022","unstructured":"Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan. 2022. PACMAN: Attacking ARM pointer authentication with speculative execution. In Proceedings of the 49th Annual International Symposium on Computer Architecture. ACM, New York, NY, USA, 685\u2013698."},{"key":"e_1_3_3_73_2","doi-asserted-by":"crossref","unstructured":"Elena Reshetova Hans Liljestrand Andrew Paverd and N. Asokan. 2018. Toward linux kernel memory safety. Software: Practice and Experience 48 12 (2018) 2237\u20132256.","DOI":"10.1002\/spe.2638"},{"key":"e_1_3_3_74_2","unstructured":"Michael S and Vitaly Nikolenko. 2022. Linux Kernel Heap Feng Shui in 2022. (May2022). Retrieved from https:\/\/duasynt.com\/blog\/linux-kernel-heap-feng-shui-2022"},{"key":"e_1_3_3_75_2","unstructured":"SecurityScorecard. 2022. Threat Overview for Linux Kernel. (Nov.2022). Retrieved fromhttps:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html"},{"key":"e_1_3_3_76_2","doi-asserted-by":"crossref","first-page":"298","DOI":"10.1145\/1030083.1030124","volume-title":"Proceedings of the 11th ACM Conference on Computer and Communications Security","author":"Shacham Hovav","year":"2004","unstructured":"Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. 2004. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM, New York, NY, USA, 298\u2013307."},{"key":"e_1_3_3_77_2","volume-title":"Proceedings of the 32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24\u201328, 2025","author":"Song Shixin","year":"2025","unstructured":"Shixin Song, Joseph Zhang, and Mengjia Yan. 2025. Oreo: Protecting ASLR against microarchitectural attacks. In Proceedings of the 32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24\u201328, 2025. The Internet Society, Reston, VI, USA, 20."},{"key":"e_1_3_3_78_2","volume-title":"Modern Operating Systems (4th ed.)","author":"Tanenbaum Andrew S.","year":"2014","unstructured":"Andrew S. Tanenbaum and Herbert Bos. 2014. Modern Operating Systems (4th ed.). Prentice Hall Press, USA."},{"key":"e_1_3_3_79_2","unstructured":"PaX Team. 2003. Documentation for the PaX Project. (2003). Retrieved from https:\/\/pax.grsecurity.net\/docs\/"},{"key":"e_1_3_3_80_2","first-page":"7303","volume-title":"Proceedings of the 32nd USENIX Security Symposium (USENIX Security\u201923)","author":"Trujillo Dani\u00ebl","year":"2023","unstructured":"Dani\u00ebl Trujillo, Johannes Wikner, and Kaveh Razavi. 2023. Inception: Exposing new attack surfaces with training in transient execution. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security\u201923). USENIX Association, Anaheim, CA, 7303\u20137320."},{"key":"e_1_3_3_81_2","unstructured":"Paul Turner. 2018. Retpoline: A Software Construct for Preventing Branch-target-injection. (2018). Retrieved fromhttps:\/\/support.google.com\/faqs\/answer\/7625886"},{"key":"e_1_3_3_82_2","doi-asserted-by":"crossref","first-page":"380","DOI":"10.1109\/SP.2010.30","volume-title":"2010 IEEE Symposium on Security and Privacy","author":"Wang Zhi","year":"2010","unstructured":"Zhi Wang and Xuxian Jiang. 2010. HyperSafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In Proceedings of the 2010 IEEE Symposium on Security and Privacy. IEEE, New York, NY, USA, 380\u2013395."},{"key":"e_1_3_3_83_2","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/SP.2015.9","volume-title":"Proceedings of the 2015 IEEE Symposium on Security and Privacy","author":"Watson Robert N. M.","year":"2015","unstructured":"Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj Vadera. 2015. CHERI: A hybrid capability-system architecture for scalable software compartmentalization. In Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE, New York, NY, USA, 20\u201337."},{"key":"e_1_3_3_84_2","doi-asserted-by":"crossref","first-page":"572","DOI":"10.1145\/3352460.3358306","volume-title":"Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Weisse Ofir","year":"2019","unstructured":"Ofir Weisse, Ian Neal, Kevin Loughlin, Thomas F. Wenisch, and Baris Kasikci. 2019. NDA: Preventing speculative execution attacks at their source. In Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, New York, NY, USA, 572\u2013586."},{"key":"e_1_3_3_85_2","first-page":"577","volume-title":"Proceedings of the 33rd USENIX Security Symposium (USENIX Security\u201924)","author":"Wiebing Sander","year":"2024","unstructured":"Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida. 2024. InSpectre gadget: Inspecting the residual attack surface of cross-privilege spectre v2. In Proceedings of the 33rd USENIX Security Symposium (USENIX Security\u201924). USENIX Association, Philadelphia, PA, 577\u2013594."},{"key":"e_1_3_3_86_2","first-page":"3825","volume-title":"Proceedings of the 31st USENIX Security Symposium (USENIX Security\u201922)","author":"Wikner Johannes","year":"2022","unstructured":"Johannes Wikner and Kaveh Razavi. 2022. RETBLEED: Arbitrary speculative code execution with return instructions. In Proceedings of the 31st USENIX Security Symposium (USENIX Security\u201922). USENIX Association, Boston, MA, 3825\u20133842."},{"key":"e_1_3_3_87_2","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1145\/3613424.3614275","volume-title":"Proceedings of the 56th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO\u201923)","author":"Wikner Johannes","year":"2023","unstructured":"Johannes Wikner, Dani\u00ebl Trujillo, and Kaveh Razavi. 2023. Phantom: Exploiting decoder-detectable mispredictions. In Proceedings of the 56th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO\u201923). Association for Computing Machinery, New York, NY, USA, 49\u201361."},{"key":"e_1_3_3_88_2","first-page":"954","volume-title":"Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Yu Jiyong","year":"2019","unstructured":"Jiyong Yu, Mengjia Yan, Artem Khyzha, Adam Morrison, Josep Torrellas, and Christopher W. Fletcher. 2019. Speculative taint tracking (STT): A comprehensive protection for speculatively accessed data. In Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, New York, NY, USA, 954\u2013968."},{"key":"e_1_3_3_89_2","volume-title":"Proceedings of the 32nd USENIX Conference on Security Symposium","author":"Zhang Zhiyuan","year":"2023","unstructured":"Zhiyuan Zhang, Gilles Barthe, Chitchanok Chuengsatiansup, Peter Schwabe, and Yuval Yarom. 2023. Ultimate SLH: Taking speculative load hardening to the next level. In Proceedings of the 32nd USENIX Conference on Security Symposium. USENIX Association, USA, 18."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3743678","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,27]],"date-time":"2025-08-27T12:39:17Z","timestamp":1756298357000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3743678"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,27]]},"references-count":88,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,8,31]]}},"alternative-id":["10.1145\/3743678"],"URL":"https:\/\/doi.org\/10.1145\/3743678","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2025,8,27]]},"assertion":[{"value":"2024-11-28","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-05-31","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}