{"id":"https://openalex.org/W4415059868","doi":"https://doi.org/10.1145/3719027.3765027","title":"Empirical Security Analysis of Software-based Fault Isolation through Controlled Fault Injection","display_name":"Empirical Security Analysis of Software-based Fault Isolation through Controlled Fault Injection","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4415059868","doi":"https://doi.org/10.1145/3719027.3765027"},"language":"en","primary_location":{"id":"doi:10.1145/3719027.3765027","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765027","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2509.07757","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053788383","display_name":"Nils Bars","orcid":"https://orcid.org/0009-0001-5179-4002"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Nils Bars","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbruecken, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbruecken, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058085387","display_name":"Lukas Bernhard","orcid":"https://orcid.org/0009-0005-8564-1476"},"institutions":[{"id":"https://openalex.org/I200332995","display_name":"TU Dortmund University","ror":"https://ror.org/01k97gp34","country_code":"DE","type":"education","lineage":["https://openalex.org/I200332995"]},{"id":"https://openalex.org/I4210127529","display_name":"Klinikum Dortmund","ror":"https://ror.org/037pq2a43","country_code":"DE","type":"healthcare","lineage":["https://openalex.org/I4210127529"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lukas Bernhard","raw_affiliation_strings":["Independent, Dortmund, Germany"],"affiliations":[{"raw_affiliation_string":"Independent, Dortmund, Germany","institution_ids":["https://openalex.org/I200332995","https://openalex.org/I4210127529"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069446947","display_name":"Moritz Schloegel","orcid":"https://orcid.org/0000-0003-1630-1687"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Moritz Schloegel","raw_affiliation_strings":["Arizona State University, Tempe, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056790702","display_name":"Thorsten Holz","orcid":"https://orcid.org/0000-0002-2783-1264"},"institutions":[{"id":"https://openalex.org/I4210096592","display_name":"Max Planck Institute for Security and Privacy","ror":"https://ror.org/00bj0r217","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210096592"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thorsten Holz","raw_affiliation_strings":["Max Planck Institute for Security and Privacy, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Max Planck Institute for Security and Privacy, Bochum, Germany","institution_ids":["https://openalex.org/I4210096592"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5053788383"],"corresponding_institution_ids":["https://openalex.org/I4210128801"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.34410148,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"2639","last_page":"2652"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9776999950408936,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9776999950408936,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9588000178337097,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.9319999814033508,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.7111999988555908},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.6762999892234802},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.5511000156402588},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5296000242233276},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.4948999881744385},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4169999957084656},{"id":"https://openalex.org/keywords/guard","display_name":"Guard (computer science)","score":0.3880999982357025},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.3862000107765198},{"id":"https://openalex.org/keywords/mandatory-access-control","display_name":"Mandatory access control","score":0.3765999972820282}],"concepts":[{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.7111999988555908},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6890000104904175},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.6762999892234802},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5784000158309937},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.5511000156402588},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5296000242233276},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.4948999881744385},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4169999957084656},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.3880999982357025},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3862999975681305},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.3862000107765198},{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.3765999972820282},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.3718999922275543},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.3693000078201294},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.34209999442100525},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.30809998512268066},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.30730000138282776},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.2987000048160553},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.2870999872684479},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.2784000039100647},{"id":"https://openalex.org/C144240696","wikidata":"https://www.wikidata.org/wiki/Q367204","display_name":"Address space","level":2,"score":0.2689000070095062},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.26750001311302185},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2648000121116638},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2630000114440918},{"id":"https://openalex.org/C156731835","wikidata":"https://www.wikidata.org/wiki/Q751740","display_name":"Memory leak","level":4,"score":0.26170000433921814}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3719027.3765027","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765027","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2509.07757","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.07757","pdf_url":"https://arxiv.org/pdf/2509.07757","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2509.07757","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.07757","pdf_url":"https://arxiv.org/pdf/2509.07757","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G18682879","display_name":null,"funder_award_id":"390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G3809666075","display_name":null,"funder_award_id":"101045669","funder_id":"https://openalex.org/F4320334678","funder_display_name":"European Research Council"},{"id":"https://openalex.org/G6411643898","display_name":null,"funder_award_id":"2232915","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320334678","display_name":"European Research Council","ror":"https://ror.org/0472cxd90"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"We":[0],"use":[1],"browsers":[2,11,93],"daily":[3],"to":[4,50,125,144,147],"access":[5],"all":[6,91],"sorts":[7],"of":[8,54,88,161],"information.":[9],"Because":[10],"routinely":[12],"process":[13],"scripts,":[14],"media,":[15],"and":[16,30,94,100,118,140],"executable":[17],"code":[18,172],"from":[19,175],"unknown":[20],"sources,":[21],"they":[22],"form":[23],"a":[24,45,119,129,168],"critical":[25],"security":[26,190],"boundary":[27],"between":[28],"users":[29,89],"adversaries.":[31],"A":[32,70],"common":[33],"attack":[34,47],"vector":[35],"is":[36,73,167],"JavaScript,":[37],"which":[38,78],"powers":[39],"complex":[40],"web":[41],"interactions":[42],"but":[43],"exposes":[44],"large":[46],"surface":[48],"due":[49],"the":[51,80,106,132,162,176],"sheer":[52],"complexity":[53],"modern":[55,62],"JavaScript":[56],"engines.":[57],"To":[58],"mitigate":[59],"these":[60],"threats,":[61],"engines":[63],"increasingly":[64],"adopt":[65],"software-based":[66],"fault":[67],"isolation":[68,135],"(SFI).":[69],"prominent":[71],"example":[72],"Google's":[74],"V8":[75],"heap":[76,103,121],"sandbox,":[77],"represents":[79],"most":[81],"widely":[82],"deployed":[83],"SFI":[84,184],"mechanism,":[85],"protecting":[86],"billions":[87],"across":[90],"Chromium-based":[92],"countless":[95],"applications":[96],"built":[97],"on":[98],"Node.js":[99],"Electron.":[101],"The":[102],"sandbox":[104,133],"splits":[105],"address":[107],"space":[108],"into":[109],"two":[110],"parts:":[111],"one":[112],"part":[113],"containing":[114,122],"trusted,":[115],"security-sensitive":[116],"metadata,":[117],"sandboxed":[120,163,177],"memory":[123],"accessible":[124],"untrusted":[126],"code.":[127],"On":[128],"technical":[130],"level,":[131],"enforces":[134],"by":[136],"removing":[137],"raw":[138],"pointers":[139],"using":[141],"translation":[142],"tables":[143],"resolve":[145],"references":[146],"trusted":[148,155],"objects.":[149],"Consequently,":[150],"an":[151],"attacker":[152],"cannot":[153],"corrupt":[154],"data":[156,174],"even":[157],"with":[158],"full":[159],"control":[160],"data,":[164],"unless":[165],"there":[166],"bug":[169],"in":[170],"how":[171],"handles":[173],"heap.":[178],"Despite":[179],"their":[180],"widespread":[181],"use,":[182],"such":[183],"mechanisms":[185],"have":[186],"seen":[187],"surprisingly":[188],"little":[189],"testing.":[191]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-11T00:00:00"}