{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T23:14:49Z","timestamp":1775258089647,"version":"3.50.1"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030019495","type":"print"},{"value":"9783030019501","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-01950-1_7","type":"book-chapter","created":{"date-parts":[[2018,10,25]],"date-time":"2018-10-25T19:16:51Z","timestamp":1540495011000},"page":"107-123","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["On the Weakness of Constant Blinding PRNG in Flash Player"],"prefix":"10.1007","author":[{"given":"Chenyu","family":"Wang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tao","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hongjun","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,10,26]]},"reference":[{"key":"7_CR1","unstructured":"CVE-2015-5119. ByteArray Use-After-Free. https:\/\/www.exploit-db.com\/exploits\/37523\/. Accessed 06 July 2018"},{"key":"7_CR2","unstructured":"CVE-2015-5122. opaqueBackground Use-After-Free. https:\/\/www.exploit-db.com\/exploits\/37599\/. Accessed 06 July 2018"},{"key":"7_CR3","unstructured":"Data execution prevention. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa366553(v=vs.85).aspx. Accessed 06 July 2018"},{"key":"7_CR4","unstructured":"Inside AVM. https:\/\/recon.cx\/2012\/schedule\/attachments\/43_Inside_AVM_REcon2012.pdf. Accessed 06 July 2018"},{"key":"7_CR5","unstructured":"Windows software security defense. https:\/\/msdn.microsoft.com\/en-us\/library\/bb 430720.aspx. Accessed 06 July 2018"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., and Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340\u2013353. ACM (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Athanasakis, M., Athanasopoulos, E., Polychronakis, M., Portokalidis, G., Ioannidis, S.: The devil is in the constants: Bypassing defenses in browser JIT engines. In: 13th Conference on Network and Distributed System Security Symposium (NDSS) (2015)","DOI":"10.14722\/ndss.2015.23209"},{"key":"7_CR8","unstructured":"Blazakis, D.: Interpreter exploitation. In: 4th USENIX Workshop on Offensive Technologies (WOOT) (2010)"},{"issue":"4","key":"7_CR9","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1049\/iet-ifs.2012.0142","volume":"7","author":"P Chen","year":"2013","unstructured":"Chen, P., Wu, R., Mao, B.: JITSafe: a framework against just-in-time spraying attacks. IET Inf. Secur. 7(4), 283\u2013292 (2013)","journal-title":"IET Inf. Secur."},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.-R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 40\u201351. ACM (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"7_CR11","first-page":"16","volume":"29","author":"A Follner","year":"2016","unstructured":"Follner, A., Bodden, E.: ROPocopdynamic mitigation of code-reuse attacks. J. Inf. Secur. Appl. 29, 16\u201326 (2016)","journal-title":"J. Inf. Secur. Appl."},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"Gawlik, R., Kollenda, B., Koppe, P., Garmany, B., Holz, T.: Enabling client-side crash-resistance to overcome diversification and information hiding. In: 14th Conference on Network and Distributed System Security Symposium (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23262"},{"key":"7_CR13","unstructured":"Kaplan, D., Kedmi, S., Hay, R., Dayan, A.: Attacking the Linux PRNG on android: weaknesses in seeding of entropic pools and low boot-time entropy. In: WOOT (2014)"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Kim, S.H., Han, D., Lee, D.H.: Predictability of android openssl\u2019s pseudo random number generator. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 659\u2013668. ACM (2013)","DOI":"10.1145\/2508859.2516706"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Luk, C.-K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. In: ACM SIGPLAN Notices, vol. 40, pp. 190\u2013200. ACM (2005)","DOI":"10.1145\/1064978.1065034"},{"key":"7_CR16","unstructured":"Maisuradze, G., Backes, M., Rossow, C.: What Cannot be Read, cannot be leveraged? Revisiting assumptions of JIT-ROP defenses. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 139\u2013156 (2016)"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Maisuradze, G., Backes, M., Rossow, C.: Dachshund: digging for and securing against (non-) blinded constants in JIT code. In: 15th Conference on Network and Distributed System Security Symposium (NDSS) (2017)","DOI":"10.14722\/ndss.2017.23224"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Niu, B., Tan, G.: RockJIT: securing just-in-time compilation using modular control-flow integrity. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1317\u20131328. ACM (2014)","DOI":"10.1145\/2660267.2660281"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: defeating return-oriented programming through gadget-less binaries. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 49\u201358. ACM (2010)","DOI":"10.1145\/1920261.1920269"},{"issue":"6","key":"7_CR20","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MSP.2012.152","volume":"10","author":"M Prandini","year":"2012","unstructured":"Prandini, M., Ramilli, M.: Return-oriented programming. IEEE Symp. Secur. Priv. 10(6), 84\u201387 (2012)","journal-title":"IEEE Symp. Secur. Priv."},{"key":"7_CR21","unstructured":"Serna, F.J.: The info leak era on software exploitation. https:\/\/media.blackhat.com\/bh-us-12\/Briefings\/Serna\/BH_US_12_Serna_Leak_Era_Slides.pdf. Accessed 6 Oct 2018"},{"key":"7_CR22","unstructured":"Sintsov, A.: JIT-spray attacks & advanced shellcode. https:\/\/conference.hitb.org\/hitbsecconf2010ams\/materials\/D1T2%20-%20Alexey%20Sintsov%20-%20JIT%20Spray%20Attacks%20and%20Advanced%20Shellcode.pdf. Accessed 6 Oct 2018"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Song, C., Zhang, C., Wang, T., Lee, W., Melski, D.: Exploiting and protecting dynamic code generation. In: 13th Conference on Network and Distributed System Security Symposium (NDSS) (2015)","DOI":"10.14722\/ndss.2015.23233"},{"key":"7_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-642-23644-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"M Tran","year":"2011","unstructured":"Tran, M., Etheridge, M., Bletsch, T., Jiang, X., Freeh, V., Ning, P.: On the expressiveness of return-into-LIBC attacks. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 121\u2013141. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23644-0_7"},{"key":"7_CR25","unstructured":"Uh, G.-R., Cohn, R., Yadavalli, B., Peri, R., Ayyagari, R.: Analyzing dynamic binary instrumentation overhead. In: WBIA Workshop at ASPLOS, Citeseer (2006)"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Wei, T., Wang, T., Duan, L., Luo, J.: Insert: protect dynamic code generation against spraying. In: 2011 International Conference on Information Science and Technology (ICIST), pp. 323\u2013328. IEEE (2011)","DOI":"10.1109\/ICIST.2011.5765261"},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"Wu, R., Chen, P., Mao, B., Xie, L. RIM: a method to defend from JIT spraying attack. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 143\u2013148. IEEE (2012)","DOI":"10.1109\/ARES.2012.11"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-01950-1_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T21:51:49Z","timestamp":1775253109000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-01950-1_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030019495","9783030019501"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-01950-1_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"26 October 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lille","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 October 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 October 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/conference.imt-lille-douai.fr\/icics2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}