[CCS'10] Robusta: Taming the Native Beast of the JVM
[TISSEC'13] Bringing Java’s Wild Native World under Control
[CCS'15] Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation
[Oakland'16] Shreds: Fine-grained Execution Units with Private Memory
[PLDI'16] A Design and Verification Methodology for Secure Isolated Regions
[CCS'17] PtrSplit: Supporting General Pointers in Automatic Program Partitioning
[;login:20winter] The Road to Less Trusted Code Lowering the Barrier to In-Process Sandboxing
[Sec'20] Retrofitting Fine Grain Isolation in the Firefox Renderer [notes]
[AsiaCCS'21] Cali: Compiler-Assisted Library Isolation
[Sec'03] Preventing Privilege Escalation
[Sec'03] Improving Host Security with System Call Policies
[NDSI'08] Wedge: Splitting Applications into Reduced-Privilege Compartments
[CCS'16] Enforcing Least Privilege Memory Views for Multithreaded Applications
[CCS'18] Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86
[ISCA'14] CODOMs: Protecting Software with Code-centric Memory Domains
[TR] A Memory Encryption Engine Suitable for General Purpose Processors
[CCS'19] Towards Memory Safe Enclave Programming with Rust-SGX
[Oakland'20] SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems
[ICSE-SEIP'20] Building and Maintaining a Third-Party Library Supply Chain for Productive and Secure SGX Enclave Development
[CCS'16] The “Web/Local” Boundary Is Fuzzy: A Security Study of Chrome’s Process-based Sandboxing
[CSUR'16] A Study of Security Isolation Techniques