{"id":"https://openalex.org/W4405182895","doi":"https://doi.org/10.1145/3658644.3690189","title":"SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon","display_name":"SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405182895","doi":"https://doi.org/10.1145/3658644.3690189"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690189","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690189","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690189","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690189","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078908585","display_name":"Hyerean Jang","orcid":"https://orcid.org/0000-0003-4100-9338"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Hyerean Jang","raw_affiliation_strings":["Korea University, Seoul, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053778379","display_name":"Taehun Kim","orcid":"https://orcid.org/0000-0002-1887-7009"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Taehun Kim","raw_affiliation_strings":["Korea University, Seoul, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059690207","display_name":"Youngjoo Shin","orcid":"https://orcid.org/0000-0003-4831-7392"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Youngjoo Shin","raw_affiliation_strings":["Korea University, Seoul, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5078908585"],"corresponding_institution_ids":["https://openalex.org/I197347611"],"apc_list":null,"apc_paid":null,"fwci":2.2003,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.8988674,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"64","last_page":"78"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9907000064849854,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7651775479316711},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.6339787244796753},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5827800035476685},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5733009576797485},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3519589900970459},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2185347080230713}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7651775479316711},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.6339787244796753},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5827800035476685},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5733009576797485},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3519589900970459},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2185347080230713},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690189","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690189","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690189","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690189","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690189","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690189","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4405182895.pdf"},"referenced_works_count":36,"referenced_works":["https://openalex.org/W1934458198","https://openalex.org/W1964281299","https://openalex.org/W2001978806","https://openalex.org/W2089448621","https://openalex.org/W2094619820","https://openalex.org/W2098010707","https://openalex.org/W2103289002","https://openalex.org/W2117798902","https://openalex.org/W2296251644","https://openalex.org/W2529582363","https://openalex.org/W2532499458","https://openalex.org/W2664885055","https://openalex.org/W2763937362","https://openalex.org/W2884163605","https://openalex.org/W2976763854","https://openalex.org/W2982848142","https://openalex.org/W2985509521","https://openalex.org/W3015216799","https://openalex.org/W3036557299","https://openalex.org/W3048784143","https://openalex.org/W3096372727","https://openalex.org/W3097736620","https://openalex.org/W3153001680","https://openalex.org/W3153564332","https://openalex.org/W3213572793","https://openalex.org/W4200228093","https://openalex.org/W4214836354","https://openalex.org/W4242926647","https://openalex.org/W4281779787","https://openalex.org/W4288057752","https://openalex.org/W4288057787","https://openalex.org/W4289038676","https://openalex.org/W4386295630","https://openalex.org/W4387993764","https://openalex.org/W4388857283","https://openalex.org/W4389459074"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4285370786"],"abstract_inverted_index":{"Apple":[0,12,35,59,200],"silicon":[1,60],"is":[2,160],"the":[3,9,32,43,47,53,72,83,88,126,132,138,141,145,158,168,172,192,225],"proprietary":[4,18],"ARM-based":[5],"processor":[6],"that":[7,151,206],"powers":[8],"mainstream":[10],"of":[11,34,45,125,140,147,171],"devices.":[13],"The":[14],"move":[15],"to":[16,67,98,134,137],"this":[17,39],"architecture":[19],"presents":[20],"unique":[21],"challenges":[22],"in":[23,93,109,116],"addressing":[24],"security":[25,33,44],"issues,":[26],"requiring":[27],"huge":[28],"research":[29],"efforts":[30],"into":[31],"silicon-based":[36],"systems.":[37],"In":[38],"paper,":[40],"we":[41,105,166,189,204],"study":[42],"KASLR,":[46],"randomization-based":[48],"kernel":[49,79,84,129,155],"hardening":[50],"technique,":[51],"on":[52,174,185,197],"state-of-the-art":[54],"macOS":[55,94,198,217],"system":[56,110,117],"equipped":[57],"with":[58],"processors.":[61],"Because":[62],"KASLR":[63,99,153,194,211],"has":[64],"been":[65],"subject":[66],"many":[68],"microarchitectural":[69],"side-channel":[70,164],"attacks,":[71],"latest":[73],"operating":[74],"systems,":[75],"including":[76],"macOS,":[77],"use":[78],"isolation,":[80],"which":[81],"separates":[82],"page":[85],"table":[86],"from":[87],"userspace":[89],"table.":[90],"Kernel":[91],"isolation":[92],"provides":[95],"a":[96,163,179],"barrier":[97],"break":[100,195,210],"attacks.":[101],"To":[102],"overcome":[103],"this,":[104],"exploit":[106],"speculative":[107],"execution":[108],"calls.":[111],"By":[112],"using":[113,178],"Spectre-type":[114],"gadgets":[115],"calls,":[118],"an":[119,148],"unprivileged":[120],"attacker":[121],"can":[122,208],"cause":[123],"translations":[124],"attacker's":[127],"chosen":[128],"addresses,":[130],"causing":[131],"TLB":[133,159,173],"change":[135],"according":[136],"validity":[139],"address.":[142],"This":[143],"allows":[144],"construction":[146],"attack":[149,187,196],"primitive":[150],"breaks":[152],"bypassing":[154],"isolation.":[156],"Since":[157],"used":[161],"as":[162],"source,":[165],"reverse-engineer":[167],"hidden":[169],"internals":[170],"various":[175],"M-series":[176,214],"processors":[177,215],"hardware":[180],"performance":[181],"monitoring":[182],"unit.":[183],"Based":[184],"our":[186],"primitive,":[188],"implement":[190],"SysBumps,":[191],"first":[193],"for":[199],"silicon.":[201],"Throughout":[202],"evaluation,":[203],"show":[205],"SysBumps":[207],"effectively":[209],"across":[212],"different":[213],"and":[216],"versions.":[218],"We":[219],"also":[220],"discuss":[221],"possible":[222],"mitigations":[223],"against":[224],"proposed":[226],"attack.":[227]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4}],"updated_date":"2026-03-06T13:50:29.536080","created_date":"2025-10-10T00:00:00"}