{"id":"https://openalex.org/W4416549272","doi":"https://doi.org/10.1145/3719027.3765205","title":"Chekhov's Gun: Uncovering Hidden Risks in macOS Application-Sandboxed PID-Domain Services","display_name":"Chekhov's Gun: Uncovering Hidden Risks in macOS Application-Sandboxed PID-Domain Services","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549272","doi":"https://doi.org/10.1145/3719027.3765205"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765205","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765205","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103527114","display_name":"Ming\u2010Han Lin","orcid":"https://orcid.org/0009-0004-5776-4789"},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Minghao Lin","raw_affiliation_strings":["University of Southern California, Los Angeles, California, USA"],"raw_orcid":"https://orcid.org/0009-0004-5776-4789","affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, California, USA","institution_ids":["https://openalex.org/I1174212"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115604663","display_name":"Jiaxun Zhu","orcid":"https://orcid.org/0009-0005-4288-4590"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jiaxun Zhu","raw_affiliation_strings":["Independent Researcher, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0005-4288-4590","affiliations":[{"raw_affiliation_string":"Independent Researcher, Hangzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101752838","display_name":"Tingting Yin","orcid":"https://orcid.org/0000-0003-1231-4050"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tingting Yin","raw_affiliation_strings":["Independent Researcher, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-1231-4050","affiliations":[{"raw_affiliation_string":"Independent Researcher, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115068541","display_name":"Zechao Cai","orcid":"https://orcid.org/0009-0008-8354-9985"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Zechao Cai","raw_affiliation_strings":["ETH Zurich, Zurich, Switzerland"],"raw_orcid":"https://orcid.org/0009-0008-8354-9985","affiliations":[{"raw_affiliation_string":"ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067871749","display_name":"Guanxing Wen","orcid":"https://orcid.org/0009-0007-5388-7994"},"institutions":[{"id":"https://openalex.org/I1306564943","display_name":"American Institute of Certified Public Accountants","ror":"https://ror.org/051ev5v05","country_code":"US","type":"other","lineage":["https://openalex.org/I1306564943"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Guanxing Wen","raw_affiliation_strings":["Certified Kernel Tech LLC, New York, New York, USA"],"raw_orcid":"https://orcid.org/0009-0007-5388-7994","affiliations":[{"raw_affiliation_string":"Certified Kernel Tech LLC, New York, New York, USA","institution_ids":["https://openalex.org/I1306564943"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049646773","display_name":"Yanan Guo","orcid":"https://orcid.org/0000-0003-0034-0358"},"institutions":[{"id":"https://openalex.org/I5388228","display_name":"University of Rochester","ror":"https://ror.org/022kthw22","country_code":"US","type":"education","lineage":["https://openalex.org/I5388228"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yanan Guo","raw_affiliation_strings":["University of Rochester, Rochester, New York, USA"],"raw_orcid":"https://orcid.org/0000-0003-0034-0358","affiliations":[{"raw_affiliation_string":"University of Rochester, Rochester, New York, USA","institution_ids":["https://openalex.org/I5388228"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071443299","display_name":"M. Li","orcid":"https://orcid.org/0009-0008-2721-4021"},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mengyuan Li","raw_affiliation_strings":["University of Southern California, Los Angeles, California, USA"],"raw_orcid":"https://orcid.org/0009-0008-2721-4021","affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, California, USA","institution_ids":["https://openalex.org/I1174212"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5103527114"],"corresponding_institution_ids":["https://openalex.org/I1174212"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.18432391,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"3870","last_page":"3884"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8274000287055969,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8274000287055969,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.023600000888109207,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.014000000432133675,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/entitlement","display_name":"Entitlement (fair division)","score":0.6516000032424927},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.6226999759674072},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.35249999165534973},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.27869999408721924},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.2768000066280365}],"concepts":[{"id":"https://openalex.org/C94982200","wikidata":"https://www.wikidata.org/wiki/Q5380545","display_name":"Entitlement (fair division)","level":2,"score":0.6516000032424927},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.6226999759674072},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5841000080108643},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.548799991607666},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.40700000524520874},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.35679998993873596},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.35249999165534973},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.27869999408721924},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.2768000066280365},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.2759000062942505},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2703000009059906},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2554999887943268}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3765205","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765205","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1771565499","https://openalex.org/W4288057698","https://openalex.org/W4308410314","https://openalex.org/W4311166088","https://openalex.org/W4379598302","https://openalex.org/W4405183504"],"related_works":[],"abstract_inverted_index":{"macOS":[0],"delegates":[1],"many":[2],"high-privilege":[3],"operations":[4],"to":[5,54,59,68],"dedicated":[6],"PID-domain":[7,41,49],"services,":[8],"which":[9],"applications":[10],"can":[11,63],"register":[12],"and":[13,25,43],"communicate":[14],"with":[15],"through":[16],"inter-process":[17],"communication":[18],"(IPC).":[19],"This":[20],"architecture":[21],"improves":[22],"userland":[23],"stability":[24],"security":[26],"but":[27],"also":[28],"introduces":[29],"attractive":[30],"attack":[31,47],"surfaces":[32],"for":[33],"adversaries.":[34],"In":[35],"this":[36],"paper,":[37],"we":[38],"systematically":[39],"analyze":[40],"services":[42,50],"uncover":[44],"an":[45,55],"overlooked":[46],"vector:":[48],"that":[51],"are":[52],"restricted":[53],"Application":[56],"Sandbox":[57],"identical":[58],"the":[60],"calling":[61],"application":[62],"still":[64],"be":[65],"exploited":[66],"due":[67],"subtle":[69],"entitlement":[70],"differences.":[71]},"counts_by_year":[],"updated_date":"2025-11-28T17:06:07.992734","created_date":"2025-11-23T00:00:00"}