{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T20:15:18Z","timestamp":1768421718660,"version":"3.49.0"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030223113","type":"print"},{"value":"9783030223120","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-22312-0_23","type":"book-chapter","created":{"date-parts":[[2019,6,16]],"date-time":"2019-06-16T23:02:48Z","timestamp":1560726168000},"page":"331-344","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["On the Effectiveness of Control-Flow Integrity Against Modern Attack Techniques"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9164-7672","authenticated-orcid":false,"given":"Sarwar","family":"Sayeed","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6976-5763","authenticated-orcid":false,"given":"Hector","family":"Marco-Gisbert","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,6,5]]},"reference":[{"key":"23_CR1","doi-asserted-by":"publisher","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 340\u2013353. ACM, New York (2005). https:\/\/doi.org\/10.1145\/1102120.1102165","DOI":"10.1145\/1102120.1102165"},{"issue":"1","key":"23_CR2","doi-asserted-by":"publisher","first-page":"4:1","DOI":"10.1145\/1609956.1609960","volume":"13","author":"M Abadi","year":"2009","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 4:1\u20134:40 (2009). https:\/\/doi.org\/10.1145\/1609956.1609960","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"23_CR3","doi-asserted-by":"publisher","unstructured":"Biondo, A., Conti, M., Lain, D.: Back to the epilogue: evading control flow guard via unaligned targets. In: Network and Distributed Systems Security (NDSS) Symposium 2018 (2018). https:\/\/doi.org\/10.14722\/ndss.2018.23318","DOI":"10.14722\/ndss.2018.23318"},{"key":"23_CR4","unstructured":"NSA Information Assurance: Hardware control flow integrity CFI for an IT ecosystem. NSA, April 2015"},{"key":"23_CR5","doi-asserted-by":"publisher","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 30\u201340. ACM, New York (2011). https:\/\/doi.org\/10.1145\/1966913.1966919","DOI":"10.1145\/1966913.1966919"},{"key":"23_CR6","unstructured":"Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity. In: Proceedings of the 24th USENIX Conference on Security Symposium, SEC 2015, pp. 161\u2013176. USENIX Association, Berkeley (2015). http:\/\/dl.acm.org\/citation.cfm?id=2831143.2831154"},{"key":"23_CR7","doi-asserted-by":"publisher","unstructured":"Chen, X., Slowinska, A., Andriesse, D., Bos, H., Giuffrida, C.: StackArmor: comprehensive protection from stack-based memory error vulnerabilities for binaries. In: NDSS 2015. Internet Society, San Diego (2015). https:\/\/doi.org\/10.14722\/ndss.2015.23248","DOI":"10.14722\/ndss.2015.23248"},{"key":"23_CR8","doi-asserted-by":"publisher","unstructured":"Christoulakis, N., Christou, G., Athanasopoulos, E., Ioannidis, S.: HCFI: hardware-enforced control-flow integrity. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, CODASPY 2016, pp. 38\u201349. ACM, New York (2016). https:\/\/doi.org\/10.1145\/2857705.2857722","DOI":"10.1145\/2857705.2857722"},{"key":"23_CR9","unstructured":"de Clercq, R., Verbauwhede, I.: A survey of hardware-based control flow integrity (CFI). CoRR abs\/1706.07257 (2017). http:\/\/arxiv.org\/abs\/1706.07257"},{"key":"23_CR10","unstructured":"Power of Community: Windows 10 Control Flow Guard Internals (2014). http:\/\/www.powerofcommunity.net\/poc2014\/mj0011.pdf. Accessed 15 Jan 2018"},{"key":"23_CR11","doi-asserted-by":"publisher","unstructured":"Crane, S.J., et al.: It\u2019s a TRaP: table randomization and protection against function-reuse attacks. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 243\u2013255. ACM, New York (2015). https:\/\/doi.org\/10.1145\/2810103.2813682","DOI":"10.1145\/2810103.2813682"},{"key":"23_CR12","doi-asserted-by":"publisher","unstructured":"Criswell, J., Dautenhahn, N., Adve, V.: KCoFI: complete control-flow integrity for commodity operating system kernels. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 292\u2013307. IEEE Computer Society, Washington, DC (2014). https:\/\/doi.org\/10.1109\/SP.2014.26","DOI":"10.1109\/SP.2014.26"},{"key":"23_CR13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25546-0","volume-title":"Building Secure Defenses Against Code-Reuse Attacks","author":"L Davi","year":"2015","unstructured":"Davi, L., Sadeghi, A.-R.: Building Secure Defenses Against Code-Reuse Attacks. SCS. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-25546-0"},{"key":"23_CR14","unstructured":"Davi, L., Sadeghi, A.R., Lehmann, D., Monrose, F.: Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 401\u2013416. USENIX Association, Berkeley (2014). http:\/\/dl.acm.org\/citation.cfm?id=2671225.2671251"},{"key":"23_CR15","unstructured":"Ding, R., Qian, C., Song, C., Harris, B., Kim, T., Lee, W.: Efficient protection of path-sensitive control security. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 131\u2013148. USENIX Association, Vancouver (2017). https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/ding"},{"key":"23_CR16","doi-asserted-by":"publisher","unstructured":"Evans, I., et al.: Control jujutsu: on the weaknesses of fine-grained control flow integrity. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 901\u2013913. ACM, New York (2015). https:\/\/doi.org\/10.1145\/2810103.2813646","DOI":"10.1145\/2810103.2813646"},{"key":"23_CR17","doi-asserted-by":"crossref","unstructured":"Ge, X., Talele, N., Payer, M., Jaeger, T.: Fine-grained control-flow integrity for kernel software. In: Proceedings of the IEEE European Symposium on Security and Privacy, pp. 179\u2013194, March 2016","DOI":"10.1109\/EuroSP.2016.24"},{"key":"23_CR18","unstructured":"grsecurity: How Does RAP Works. https:\/\/grsecurity.net\/rap_faq.php. Accessed 3 Feb 2018"},{"key":"23_CR19","doi-asserted-by":"publisher","unstructured":"Guan, L., Lin, J., Luo, B., Jing, J., Wang, J.: Protecting private keys against memory disclosure attacks using hardware transactional memory. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy, SP 2015, pp. 3\u201319. IEEE Computer Society, Washington, DC (2015). https:\/\/doi.org\/10.1109\/SP.2015.8","DOI":"10.1109\/SP.2015.8"},{"key":"23_CR20","doi-asserted-by":"crossref","unstructured":"Jang, D., Tatlock, Z., Lerner, S.: SafeDispatch: securing C++ virtual calls from memory corruption attacks. In: NDSS 2014. Internet Society, San Diego, February 2014. http:\/\/dx.doi.org\/doi-info-to-be-provided-late","DOI":"10.14722\/ndss.2014.23287"},{"key":"23_CR21","unstructured":"Kemerlis, V.P., Polychronakis, M., Keromytis, A.D.: Ret2dir: rethinking kernel isolation. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 957\u2013972. USENIX Association, Berkeley (2014). http:\/\/dl.acm.org\/citation.cfm?id=2671225.2671286"},{"issue":"6","key":"23_CR22","doi-asserted-by":"publisher","first-page":"1535","DOI":"10.1109\/TIFS.2018.2797932","volume":"13","author":"J Li","year":"2018","unstructured":"Li, J., Tong, X., Zhang, F., Ma, J.: Fine-CFI: fine-grained control-flow integrity for operating system kernels. IEEE Trans. Inf. Forensics Secur. 13(6), 1535\u20131550 (2018). https:\/\/doi.org\/10.1109\/TIFS.2018.2797932","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"23_CR23","doi-asserted-by":"crossref","unstructured":"Marco-Gisbert, H., Ripoll, I.: On the effectiveness of NX, SSP, RenewSSP, and ASLR against stack buffer overflows. In: NCA, pp. 145\u2013152. IEEE Computer Society (2014)","DOI":"10.1109\/NCA.2014.28"},{"key":"23_CR24","doi-asserted-by":"publisher","unstructured":"Mashtizadeh, A.J., Bittau, A., Boneh, D., Mazi\u00e8res, D.: CCFI: cryptographically enforced control flow integrity. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 941\u2013951. ACM, New York (2015). https:\/\/doi.org\/10.1145\/2810103.2813676","DOI":"10.1145\/2810103.2813676"},{"key":"23_CR25","unstructured":"Microsoft: Replay Attacks (2017). https:\/\/docs.microsoft.com\/en-us\/dotnet\/framework\/wcf\/feature-details\/replay-attacks. Assessed May 2018"},{"key":"23_CR26","unstructured":"Microsoft.com: Control Flow Guard (2013). https:\/\/courses.cs.washington.edu\/courses\/cse484\/14au\/reading\/25-years-vulnerabilities.pdf. Accessed 29 Mar 2018"},{"key":"23_CR27","doi-asserted-by":"crossref","unstructured":"Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K.W., Franz, M.: Opaque control flow integrity. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8\u201311 February 2015 (2015). https:\/\/www.ndss-symposium.org\/ndss2015\/opaque-control-flow-integrity","DOI":"10.14722\/ndss.2015.23271"},{"key":"23_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1007\/978-3-319-45719-2_2","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"M Muench","year":"2016","unstructured":"Muench, M., Pagani, F., Shoshitaishvili, Y., Kruegel, C., Vigna, G., Balzarotti, D.: Taming transactions: towards hardware-assisted control flow integrity using transactional memory. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 24\u201348. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45719-2_2"},{"key":"23_CR29","doi-asserted-by":"publisher","unstructured":"Niu, B., Tan, G.: Per-input control-flow integrity. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 914\u2013926. ACM, New York (2015). https:\/\/doi.org\/10.1145\/2810103.2813644","DOI":"10.1145\/2810103.2813644"},{"key":"23_CR30","unstructured":"OWASP: Code Injection (2013). https:\/\/www.owasp.org\/index.php\/Code_Injection. Accessed 28 Sept 2017"},{"key":"23_CR31","unstructured":"Pappas, V.: Defending Against Return-Oriented Programming (2015). https:\/\/www.cs.columbia.edu\/~angelos\/Papers\/theses\/vpappas_thesis.pdf. Accessed 21 Feb 2018"},{"key":"23_CR32","unstructured":"Payer, M.: Control-Flow Integrity: An Introduction (2016). https:\/\/nebelwelt.net\/blog\/20160913-ControlFlowIntegrity.html. Accessed 21 April 2018"},{"key":"23_CR33","unstructured":"Pomonis, M., Petsios, T., Keromytis, A.D., Polychronakis, M., Kemerlis, V.P.: kr$$^{\\hat{\\,}}$$x: comprehensive kernel protection against just-in-time code reuse. In: EuroSys, pp. 420\u2013436. ACM (2017)"},{"key":"23_CR34","unstructured":"Shellblade.net: Performing a ret2libc Attack (2018). https:\/\/www.shellblade.net\/docs\/ret2libc.pdf. Accessed 25 May 2017"},{"key":"23_CR35","unstructured":"Tice, C., et al.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 941\u2013955. USENIX Association, Berkeley (2014). http:\/\/dl.acm.org\/citation.cfm?id=2671225.2671285"},{"key":"23_CR36","doi-asserted-by":"publisher","unstructured":"van der Veen, V., et al.: Practical context-sensitive CFI. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 927\u2013940. ACM, New York (2015). https:\/\/doi.org\/10.1145\/2810103.2813673","DOI":"10.1145\/2810103.2813673"},{"key":"23_CR37","doi-asserted-by":"publisher","unstructured":"Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 559\u2013573. IEEE Computer Society, Washington, DC (2013). https:\/\/doi.org\/10.1109\/SP.2013.44","DOI":"10.1109\/SP.2013.44"},{"key":"23_CR38","unstructured":"Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 337\u2013352. USENIX Association, Berkeley (2013). http:\/\/dl.acm.org\/citation.cfm?id=2534766.2534796"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-22312-0_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T15:37:35Z","timestamp":1710257855000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-22312-0_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030223113","9783030223120"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-22312-0_23","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"5 June 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lisbon","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Portugal","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 June 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 June 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"34","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ifipsec.org\/2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"76","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}