{"id":"https://openalex.org/W4388857534","doi":"https://doi.org/10.1145/3576915.3623137","title":"SysXCHG: Refining Privilege with Adaptive System Call Filters","display_name":"SysXCHG: Refining Privilege with Adaptive System Call Filters","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388857534","doi":"https://doi.org/10.1145/3576915.3623137"},"language":"en","primary_location":{"id":"doi:10.1145/3576915.3623137","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3623137","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3623137","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3623137","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087612874","display_name":"Alexander J. Gaidis","orcid":"https://orcid.org/0009-0004-6234-6514"},"institutions":[{"id":"https://openalex.org/I27804330","display_name":"Brown University","ror":"https://ror.org/05gq02987","country_code":"US","type":"education","lineage":["https://openalex.org/I27804330"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Alexander J. Gaidis","raw_affiliation_strings":["Brown University, Providence, RI, USA"],"raw_orcid":"https://orcid.org/0009-0004-6234-6514","affiliations":[{"raw_affiliation_string":"Brown University, Providence, RI, USA","institution_ids":["https://openalex.org/I27804330"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062285456","display_name":"Vaggelis Atlidakis","orcid":null},"institutions":[{"id":"https://openalex.org/I27804330","display_name":"Brown University","ror":"https://ror.org/05gq02987","country_code":"US","type":"education","lineage":["https://openalex.org/I27804330"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vaggelis Atlidakis","raw_affiliation_strings":["Brown University, Providence, RI, USA"],"raw_orcid":"https://orcid.org/0000-0001-5490-9648","affiliations":[{"raw_affiliation_string":"Brown University, Providence, RI, USA","institution_ids":["https://openalex.org/I27804330"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006944216","display_name":"Vasileios P. Kemerlis","orcid":"https://orcid.org/0000-0002-6528-437X"},"institutions":[{"id":"https://openalex.org/I27804330","display_name":"Brown University","ror":"https://ror.org/05gq02987","country_code":"US","type":"education","lineage":["https://openalex.org/I27804330"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vasileios P. Kemerlis","raw_affiliation_strings":["Brown University, Providence, RI, USA"],"raw_orcid":"https://orcid.org/0000-0002-6528-437X","affiliations":[{"raw_affiliation_string":"Brown University, Providence, RI, USA","institution_ids":["https://openalex.org/I27804330"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5087612874"],"corresponding_institution_ids":["https://openalex.org/I27804330"],"apc_list":null,"apc_paid":null,"fwci":1.5337,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.86545668,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1964","last_page":"1978"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8027871251106262},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.6033358573913574},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5515411496162415},{"id":"https://openalex.org/keywords/filter","display_name":"Filter (signal processing)","score":0.5231037139892578},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.5150746703147888},{"id":"https://openalex.org/keywords/table","display_name":"Table (database)","score":0.4713066518306732},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4624519646167755},{"id":"https://openalex.org/keywords/blocking","display_name":"Blocking (statistics)","score":0.46242040395736694},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.4399576485157013},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4259827435016632},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.41005223989486694},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.27194127440452576},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.17405200004577637},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.16313427686691284},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.13886204361915588}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8027871251106262},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.6033358573913574},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5515411496162415},{"id":"https://openalex.org/C106131492","wikidata":"https://www.wikidata.org/wiki/Q3072260","display_name":"Filter (signal processing)","level":2,"score":0.5231037139892578},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.5150746703147888},{"id":"https://openalex.org/C45235069","wikidata":"https://www.wikidata.org/wiki/Q278425","display_name":"Table (database)","level":2,"score":0.4713066518306732},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4624519646167755},{"id":"https://openalex.org/C144745244","wikidata":"https://www.wikidata.org/wiki/Q4927286","display_name":"Blocking (statistics)","level":2,"score":0.46242040395736694},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.4399576485157013},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4259827435016632},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.41005223989486694},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.27194127440452576},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.17405200004577637},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.16313427686691284},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.13886204361915588},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3576915.3623137","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3623137","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3623137","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3576915.3623137","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3623137","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3623137","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7599999904632568}],"awards":[{"id":"https://openalex.org/G2277481804","display_name":null,"funder_award_id":"CIF2020-BU-04","funder_id":"https://openalex.org/F4320308633","funder_display_name":"Computing Research Association"},{"id":"https://openalex.org/G804146523","display_name":null,"funder_award_id":"CNS-2238467","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320308633","display_name":"Computing Research Association","ror":"https://ror.org/00agrkd75"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388857534.pdf","grobid_xml":"https://content.openalex.org/works/W4388857534.grobid-xml"},"referenced_works_count":33,"referenced_works":["https://openalex.org/W1968274906","https://openalex.org/W1982716005","https://openalex.org/W1996931407","https://openalex.org/W2023959340","https://openalex.org/W2028820179","https://openalex.org/W2041700825","https://openalex.org/W2050870325","https://openalex.org/W2059385647","https://openalex.org/W2086042629","https://openalex.org/W2095881341","https://openalex.org/W2111306891","https://openalex.org/W2122757982","https://openalex.org/W2134727543","https://openalex.org/W2141458042","https://openalex.org/W2155851497","https://openalex.org/W2162800072","https://openalex.org/W2167432494","https://openalex.org/W2295044331","https://openalex.org/W2796645376","https://openalex.org/W2991611768","https://openalex.org/W3000784322","https://openalex.org/W3015513242","https://openalex.org/W3092347617","https://openalex.org/W3145959950","https://openalex.org/W4205417128","https://openalex.org/W4229048526","https://openalex.org/W4235202118","https://openalex.org/W4245921572","https://openalex.org/W4302784197","https://openalex.org/W4308391469","https://openalex.org/W4312262608","https://openalex.org/W4366377764","https://openalex.org/W4385152093"],"related_works":["https://openalex.org/W2378211422","https://openalex.org/W2745001401","https://openalex.org/W4321353415","https://openalex.org/W2392835431","https://openalex.org/W2374400535","https://openalex.org/W2130974462","https://openalex.org/W972276598","https://openalex.org/W4246352526","https://openalex.org/W2028665553","https://openalex.org/W2517983821"],"abstract_inverted_index":{"We":[0],"present":[1,88],"the":[2,24,32,100,130,148],"design,":[3],"implementation,":[4],"and":[5],"evaluation":[6,110],"of":[7,26,36,50,84,99,111,141,151],"SysXCHG:":[8],"a":[9,42,47,82,90,96],"system":[10],"call":[11],"(syscall)":[12],"filtering":[13,94,105],"enforcement":[14],"mechanism":[15,91],"that":[16,115],"enables":[17,57],"programs":[18,128],"to":[19,31,44,59,73],"run":[20,45,60],"in":[21,129],"accordance":[22],"with":[23,46,61],"principle":[25],"least":[27],"privilege.":[28],"In":[29,108],"contrast":[30],"current,":[33],"hierarchical":[34],"design":[35,119,150],"seccomp-BPF,":[37],"which":[38,147],"does":[39],"not":[40],"allow":[41],"program":[43],"different":[48],"set":[49],"allowed":[51],"syscalls":[52],"than":[53],"its":[54],"descendants,":[55],"SysXCHG":[56],"applications":[58],"\"tight\"":[62],"syscall":[63,102],"filters,":[64],"uninfluenced":[65],"by":[66,70],"any":[67],"future-executed":[68],"(sub-)programs,":[69],"allowing":[71],"filters":[72],"be":[74],"dynamically":[75],"exchanged":[76],"at":[77],"runtime":[78],"during":[79],"execve[at].":[80],"As":[81],"part":[83],"SysXCHG,":[85,112],"we":[86,113],"also":[87],"xfilter:":[89],"for":[92],"fast":[93],"using":[95],"process-specific":[97],"view":[98],"kernel's":[101],"table":[103],"where":[104],"is":[106,120,153],"performed.":[107],"our":[109,116],"found":[114],"filter":[117],"exchanging":[118],"performant,":[121],"incurring":[122],"\u2264=":[123],"1.71%":[124],"slowdown":[125],"on":[126],"real-world":[127],"PaSH":[131],"benchmark":[132],"suite,":[133],"as":[134,136],"well":[135],"effective,":[137],"blocking":[138],"vast":[139],"amounts":[140],"extraneous":[142],"functionality,":[143],"including":[144],"security-critical":[145],"syscalls,":[146],"current":[149],"seccomp-BPF":[152],"unable":[154],"to.":[155]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":6}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}