{"id":"https://openalex.org/W2088383546","doi":"https://doi.org/10.1145/2046707.2046713","title":"Combining control-flow integrity and static analysis for efficient and validated data sandboxing","display_name":"Combining control-flow integrity and static analysis for efficient and validated data sandboxing","publication_year":2011,"publication_date":"2011-10-17","ids":{"openalex":"https://openalex.org/W2088383546","doi":"https://doi.org/10.1145/2046707.2046713","mag":"2088383546"},"language":"en","primary_location":{"id":"doi:10.1145/2046707.2046713","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046713","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://nrs.harvard.edu/urn-3:HUL.InstRepos:9943234","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101148662","display_name":"Bin Zeng","orcid":null},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Bin Zeng","raw_affiliation_strings":["Lehigh University, Bethlehem, PA, USA","Lehigh University, Bethlehem, PA, USA;"],"affiliations":[{"raw_affiliation_string":"Lehigh University, Bethlehem, PA, USA","institution_ids":["https://openalex.org/I186143895"]},{"raw_affiliation_string":"Lehigh University, Bethlehem, PA, USA;","institution_ids":["https://openalex.org/I186143895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010830558","display_name":"Gang Tan","orcid":"https://orcid.org/0000-0001-6109-6091"},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gang Tan","raw_affiliation_strings":["Lehigh University, Bethlehem, PA, USA","Lehigh University, Bethlehem, PA, USA;"],"affiliations":[{"raw_affiliation_string":"Lehigh University, Bethlehem, PA, USA","institution_ids":["https://openalex.org/I186143895"]},{"raw_affiliation_string":"Lehigh University, Bethlehem, PA, USA;","institution_ids":["https://openalex.org/I186143895"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064972235","display_name":"Greg Morrisett","orcid":null},"institutions":[{"id":"https://openalex.org/I2801851002","display_name":"Harvard University Press","ror":"https://ror.org/006v7bf86","country_code":"US","type":"other","lineage":["https://openalex.org/I136199984","https://openalex.org/I2801851002"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Greg Morrisett","raw_affiliation_strings":["Harvard University, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Harvard University, Cambridge, MA, USA","institution_ids":["https://openalex.org/I2801851002"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101148662"],"corresponding_institution_ids":["https://openalex.org/I186143895"],"apc_list":null,"apc_paid":null,"fwci":12.2779,"has_fulltext":false,"cited_by_count":101,"citation_normalized_percentile":{"value":0.98626255,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"29","last_page":"40"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9818999767303467,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9190938472747803},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.8272111415863037},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6248704195022583},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6207417249679565},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.5962038040161133},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5077551603317261},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4551926851272583},{"id":"https://openalex.org/keywords/control-flow-graph","display_name":"Control flow graph","score":0.44488412141799927},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.43434298038482666},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.37729060649871826},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.14864972233772278},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.0863398015499115}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9190938472747803},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.8272111415863037},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6248704195022583},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6207417249679565},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.5962038040161133},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5077551603317261},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4551926851272583},{"id":"https://openalex.org/C27458966","wikidata":"https://www.wikidata.org/wiki/Q1187693","display_name":"Control flow graph","level":2,"score":0.44488412141799927},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.43434298038482666},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.37729060649871826},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.14864972233772278},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0863398015499115}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2046707.2046713","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046713","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"},{"id":"pmh:oai:dash.harvard.edu:1/9943234","is_oa":true,"landing_page_url":"http://nrs.harvard.edu/urn-3:HUL.InstRepos:9943234","pdf_url":null,"source":{"id":"https://openalex.org/S4306401540","display_name":"Digital Access to Scholarship at Harvard (DASH) (Harvard University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I136199984","host_organization_name":"Harvard University","host_organization_lineage":["https://openalex.org/I136199984"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Monograph or Book"}],"best_oa_location":{"id":"pmh:oai:dash.harvard.edu:1/9943234","is_oa":true,"landing_page_url":"http://nrs.harvard.edu/urn-3:HUL.InstRepos:9943234","pdf_url":null,"source":{"id":"https://openalex.org/S4306401540","display_name":"Digital Access to Scholarship at Harvard (DASH) (Harvard University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I136199984","host_organization_name":"Harvard University","host_organization_lineage":["https://openalex.org/I136199984"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Monograph or Book"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7900000214576721,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G1523888516","display_name":null,"funder_award_id":"FA9550-","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G2698097454","display_name":null,"funder_award_id":"15030","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2790784018","display_name":"TC: Small: Collaborative Research: Securing Multilingual Software Systems","funder_award_id":"0915030","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3772849699","display_name":null,"funder_award_id":"FA9550-09-1-053","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G4776471545","display_name":null,"funder_award_id":"FA9550-09-1-0539","funder_id":"https://openalex.org/F4320333591","funder_display_name":"Multidisciplinary University Research Initiative"},{"id":"https://openalex.org/G505378490","display_name":null,"funder_award_id":"FA9550-09-1-0539","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G5809100787","display_name":null,"funder_award_id":"FA9550","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G7282434394","display_name":null,"funder_award_id":"FA9550-09-1-0539","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8632423758","display_name":"TC: Small: Collaborative Research: Securing Multilingual Software Systems","funder_award_id":"0915157","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320333591","display_name":"Multidisciplinary University Research Initiative","ror":null},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W15883","https://openalex.org/W2363194","https://openalex.org/W24839522","https://openalex.org/W1491178396","https://openalex.org/W1516211918","https://openalex.org/W1563300346","https://openalex.org/W1567552421","https://openalex.org/W1582456956","https://openalex.org/W1606518565","https://openalex.org/W1996931407","https://openalex.org/W2006611045","https://openalex.org/W2060031515","https://openalex.org/W2062340141","https://openalex.org/W2071907540","https://openalex.org/W2079029390","https://openalex.org/W2105349588","https://openalex.org/W2105904466","https://openalex.org/W2108528485","https://openalex.org/W2109219878","https://openalex.org/W2117115928","https://openalex.org/W2119251836","https://openalex.org/W2121579803","https://openalex.org/W2123553986","https://openalex.org/W2133592286","https://openalex.org/W2141988808","https://openalex.org/W2148686658","https://openalex.org/W2149603369","https://openalex.org/W2159059513","https://openalex.org/W2160255280","https://openalex.org/W2162800072","https://openalex.org/W2171938395","https://openalex.org/W2174598112","https://openalex.org/W2631389871","https://openalex.org/W2752929869","https://openalex.org/W4236561850"],"related_works":["https://openalex.org/W4388951020","https://openalex.org/W3200050756","https://openalex.org/W2138385884","https://openalex.org/W2166895275","https://openalex.org/W2188516702","https://openalex.org/W2998775986","https://openalex.org/W2573637329","https://openalex.org/W4384302888","https://openalex.org/W2111825754","https://openalex.org/W2135849267"],"abstract_inverted_index":{"In":[0,30],"many":[1],"software":[2,22],"attacks,":[3],"inducing":[4],"an":[5],"illegal":[6],"control-flow":[7,28],"transfer":[8],"in":[9],"the":[10,72,143,146,149,153,157,165,173,178],"target":[11],"system":[12,23,106],"is":[13],"one":[14],"common":[15],"step.":[16],"Control-Flow":[17],"Integrity":[18],"(CFI)":[19],"protects":[20],"a":[21,26,85,132],"by":[24,98],"enforcing":[25],"pre-determined":[27],"graph.":[29],"addition":[31],"to":[32,71,155],"providing":[33],"strong":[34,187],"security,":[35],"CFI":[36,168],"enables":[37],"static":[38,48,99,170],"analysis":[39,49,171],"on":[40,112,137],"low-level":[41],"code.":[42],"This":[43],"paper":[44],"evaluates":[45],"whether":[46],"CFI-enabled":[47],"can":[50],"help":[51],"build":[52],"efficient":[53],"and":[54,118,126,159,169],"validated":[55],"data":[56],"sandboxing.":[57],"Previous":[58],"systems":[59],"generally":[60],"sandbox":[61],"memory":[62,77,116],"writes":[63,117],"for":[64,114,122],"integrity,":[65],"but":[66],"avoid":[67],"protecting":[68],"confidentiality":[69],"due":[70],"high":[73],"overhead":[74,111],"of":[75,87,103,145,148,167,175,180],"sandboxing":[76,91,115,123],"reads.":[78],"To":[79],"reduce":[80],"overhead,":[81],"we":[82],"have":[83,129],"implemented":[84],"series":[86],"optimizations":[88],"that":[89,164],"remove":[90],"instructions":[92],"if":[93],"they":[94],"are":[95],"proven":[96],"unnecessary":[97],"analysis.":[100,139],"On":[101],"top":[102],"CFI,":[104],"our":[105],"adds":[107,119],"only":[108],"2.7%":[109],"runtime":[110],"SPECint2000":[113],"modest":[120],"19%":[121],"both":[124],"reads":[125],"writes.":[127],"We":[128],"also":[130],"built":[131],"principled":[133],"data-sandboxing":[134],"verifier":[135,141],"based":[136],"range":[138],"The":[140],"checks":[142],"safety":[144],"results":[147,162],"optimizer,":[150],"which":[151],"removes":[152],"need":[154],"trust":[156],"rewriter":[158],"optimizer.":[160],"Our":[161],"show":[163],"combination":[166],"has":[172],"potential":[174],"bringing":[176],"down":[177],"cost":[179],"general":[181],"inlined":[182],"reference":[183],"monitors,":[184],"while":[185],"maintaining":[186],"security.":[188]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":7},{"year":2016,"cited_by_count":19},{"year":2015,"cited_by_count":14},{"year":2014,"cited_by_count":17},{"year":2013,"cited_by_count":6},{"year":2012,"cited_by_count":5}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-10T00:00:00"}