{"id":"https://openalex.org/W7110383938","doi":"https://doi.org/10.1145/3721462.3770772","title":"Clair Obscur: The Light and Shadow of System Call Interposition \u2013 From Pitfalls to Solutions with K23","display_name":"Clair Obscur: The Light and Shadow of System Call Interposition \u2013 From Pitfalls to Solutions with K23","publication_year":2025,"publication_date":"2025-12-08","ids":{"openalex":"https://openalex.org/W7110383938","doi":"https://doi.org/10.1145/3721462.3770772"},"language":"en","primary_location":{"id":"doi:10.1145/3721462.3770772","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3721462.3770772","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Middleware Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://biblio.ugent.be/publication/01KCHA8SW28AMRGNSX0KZTGR6W/file/01KCHAJ5YGWQTVSTBCH09QJJVQ.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Jes\u00fas Mar\u00eda G\u00f3mez Moreno","orcid":"https://orcid.org/0009-0009-2624-7814"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Jes\u00fas Mar\u00eda G\u00f3mez Moreno","raw_affiliation_strings":["TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Vissarion Moutafis","orcid":"https://orcid.org/0009-0000-9904-8829"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Vissarion Moutafis","raw_affiliation_strings":["TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Antreas Dionysiou","orcid":"https://orcid.org/0000-0002-6517-8462"},"institutions":[{"id":"https://openalex.org/I38552033","display_name":"Frederick University","ror":"https://ror.org/05d8tf882","country_code":"CY","type":"education","lineage":["https://openalex.org/I38552033"]},{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["CY","NL"],"is_corresponding":false,"raw_author_name":"Antreas Dionysiou","raw_affiliation_strings":["Frederick University, Nicosia, Cyprus","TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"Frederick University, Nicosia, Cyprus","institution_ids":["https://openalex.org/I38552033"]},{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Fernando Kuipers","orcid":"https://orcid.org/0000-0002-6686-8350"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Fernando Kuipers","raw_affiliation_strings":["TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Georgios Smaragdakis","orcid":"https://orcid.org/0000-0002-4127-3617"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Georgios Smaragdakis","raw_affiliation_strings":["TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Bart Coppens","orcid":"https://orcid.org/0000-0002-7628-9264"},"institutions":[{"id":"https://openalex.org/I2801227569","display_name":"Ghent University Hospital","ror":"https://ror.org/00xmkp704","country_code":"BE","type":"healthcare","lineage":["https://openalex.org/I2801227569"]}],"countries":["BE"],"is_corresponding":false,"raw_author_name":"Bart Coppens","raw_affiliation_strings":["Ghent University, Ghent, Belgium"],"affiliations":[{"raw_affiliation_string":"Ghent University, Ghent, Belgium","institution_ids":["https://openalex.org/I2801227569"]}]},{"author_position":"last","author":{"id":null,"display_name":"Alexios Voulimeneas","orcid":"https://orcid.org/0000-0002-6985-8684"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Alexios Voulimeneas","raw_affiliation_strings":["TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.78029719,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"241","last_page":"255"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.5647000074386597,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.5647000074386597,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10126","display_name":"Logic, programming, and type systems","score":0.1264999955892563,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10054","display_name":"Parallel Computing and Optimization Techniques","score":0.1005999967455864,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.40290001034736633},{"id":"https://openalex.org/keywords/rendering","display_name":"Rendering (computer graphics)","score":0.36070001125335693},{"id":"https://openalex.org/keywords/downtime","display_name":"Downtime","score":0.3431999981403351},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3391000032424927},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.32850000262260437},{"id":"https://openalex.org/keywords/shadow","display_name":"Shadow (psychology)","score":0.30660000443458557}],"concepts":[{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.5145999789237976},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.40290001034736633},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4027999937534332},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.36070001125335693},{"id":"https://openalex.org/C180591934","wikidata":"https://www.wikidata.org/wiki/Q1253369","display_name":"Downtime","level":2,"score":0.3431999981403351},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3391000032424927},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3346000015735626},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.32850000262260437},{"id":"https://openalex.org/C117797892","wikidata":"https://www.wikidata.org/wiki/Q286363","display_name":"Shadow (psychology)","level":2,"score":0.30660000443458557},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29660001397132874},{"id":"https://openalex.org/C146778888","wikidata":"https://www.wikidata.org/wiki/Q836862","display_name":"Installation","level":2,"score":0.2766999900341034},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.2728999853134155},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.26260000467300415},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.2558000087738037},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.2531999945640564},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.25220000743865967},{"id":"https://openalex.org/C2780940931","wikidata":"https://www.wikidata.org/wiki/Q174989","display_name":"File system","level":2,"score":0.25040000677108765}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3721462.3770772","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3721462.3770772","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Middleware Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:archive.ugent.be:01KCHA8SW28AMRGNSX0KZTGR6W","is_oa":true,"landing_page_url":"http://hdl.handle.net/1854/LU-01KCHA8SW28AMRGNSX0KZTGR6W","pdf_url":"https://biblio.ugent.be/publication/01KCHA8SW28AMRGNSX0KZTGR6W/file/01KCHAJ5YGWQTVSTBCH09QJJVQ.pdf","source":{"id":"https://openalex.org/S4306400478","display_name":"Ghent University Academic Bibliography (Ghent University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I32597200","host_organization_name":"Ghent University","host_organization_lineage":["https://openalex.org/I32597200"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISBN: 9798400715549","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:archive.ugent.be:01KCHA8SW28AMRGNSX0KZTGR6W","is_oa":true,"landing_page_url":"http://hdl.handle.net/1854/LU-01KCHA8SW28AMRGNSX0KZTGR6W","pdf_url":"https://biblio.ugent.be/publication/01KCHA8SW28AMRGNSX0KZTGR6W/file/01KCHAJ5YGWQTVSTBCH09QJJVQ.pdf","source":{"id":"https://openalex.org/S4306400478","display_name":"Ghent University Academic Bibliography (Ghent University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I32597200","host_organization_name":"Ghent University","host_organization_lineage":["https://openalex.org/I32597200"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISBN: 9798400715549","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.4493483603000641}],"awards":[{"id":"https://openalex.org/G2065967292","display_name":null,"funder_award_id":"101168562","funder_id":"https://openalex.org/F4320334322","funder_display_name":"HORIZON EUROPE Framework Programme"},{"id":"https://openalex.org/G3771002347","display_name":null,"funder_award_id":"101168562","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G6249343752","display_name":"An open-source platform for Resilient sECure digITAL identitieS","funder_award_id":"101168490","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G7895455078","display_name":"VALIDATing SEcurity Safeguards in Binaries Compiled with Memory-Safe Languages Pre-Execution","funder_award_id":"101206668","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320327336","display_name":"Vlaamse regering","ror":null},{"id":"https://openalex.org/F4320334322","display_name":"HORIZON EUROPE Framework Programme","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7110383938.pdf","grobid_xml":"https://content.openalex.org/works/W7110383938.grobid-xml"},"referenced_works_count":6,"referenced_works":["https://openalex.org/W4225569156","https://openalex.org/W4286542393","https://openalex.org/W4387720397","https://openalex.org/W4399665662","https://openalex.org/W4408750042","https://openalex.org/W4414115535"],"related_works":[],"abstract_inverted_index":{"System":[0,74],"call":[1,125],"interposition":[2,18,111,126],"is":[3,182],"a":[4,121,139,189],"widely":[5],"used":[6],"technique":[7],"to":[8,41,52,200],"trace":[9],"and":[10,27,37,62,67,88,93,119,151,159,195],"modify":[11],"application":[12],"behavior.":[13],"Over":[14],"the":[15,98,135,144,168,183],"years,":[16],"numerous":[17],"mechanisms":[19],"have":[20],"been":[21],"proposed,":[22],"each":[23],"with":[24,49],"distinct":[25],"strengths":[26,145],"trade-offs.":[28],"Recently,":[29],"advances":[30],"in":[31,60,103],"binary":[32,160],"rewriting\u2014specifically":[33],"targeting":[34,130],"x86\u201364":[35,131],"syscall":[36],"sysenter":[38],"instructions\u2014have":[39],"led":[40],"new":[42,122],"techniques":[43],"that":[44,70,142,154,165],"take":[45],"important":[46],"steps":[47],"forward,":[48],"some":[50],"claiming":[51],"support":[53],"general-purpose":[54,185],"use.":[55],"We":[56],"analyze":[57],"state-of-the-art":[58,172],"interposers":[59],"depth":[61],"uncover":[63],"several":[64],"fundamental":[65],"design":[66,118,141],"implementation":[68],"flaws\u2014pitfalls":[69],"we":[71,117],"collectively":[72],"term":[73],"Call":[75],"Interposition":[76],"Pitfalls.":[77],"For":[78],"example,":[79],"prior":[80,147],"work":[81],"cannot":[82],"reliably":[83],"interpose":[84],"all":[85],"system":[86,124],"calls":[87],"may":[89],"even":[90],"corrupt":[91],"code":[92],"data.":[94],"These":[95],"flaws":[96],"undermine":[97],"practicality":[99],"of":[100,146,171,192],"existing":[101],"solutions":[102,173],"real-world":[104],"scenarios,":[105],"rendering":[106],"them":[107],"unsuitable":[108],"as":[109],"universal":[110],"mechanisms.":[112],"Motivated":[113],"by":[114],"our":[115,179],"findings,":[116],"implement":[120],"plug-and-play":[123],"approach":[127],"named":[128],"K23,":[129],"platforms.":[132],"K23":[133,166,181],"addresses":[134],"uncovered":[136],"pitfalls":[137],"via":[138],"hybrid":[140],"unifies":[143],"methods,":[148],"combining":[149],"offline":[150],"online":[152],"phases":[153],"leverage":[155],"multiple":[156],"Linux":[157],"interfaces":[158],"rewriting.":[161],"Our":[162],"evaluation":[163],"shows":[164],"overcomes":[167],"key":[169],"limitations":[170],"while":[174],"remaining":[175],"highly":[176],"efficient.":[177],"To":[178],"knowledge,":[180],"first":[184],"interposer":[186],"suitable":[187],"for":[188],"wide":[190],"range":[191],"use":[193],"cases":[194],"environments,":[196],"from":[197],"low-end":[198],"devices":[199],"performance-critical,":[201],"datacenter-scale":[202],"workloads.":[203]},"counts_by_year":[],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-12-08T00:00:00"}