{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T14:40:34Z","timestamp":1775054434964,"version":"3.50.1"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030299583","type":"print"},{"value":"9783030299590","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-29959-0_5","type":"book-chapter","created":{"date-parts":[[2019,9,14]],"date-time":"2019-09-14T23:04:10Z","timestamp":1568502250000},"page":"87-106","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["The Leakage-Resilience Dilemma"],"prefix":"10.1007","author":[{"given":"Bryan C.","family":"Ward","sequence":"first","affiliation":[]},{"given":"Richard","family":"Skowyra","sequence":"additional","affiliation":[]},{"given":"Chad","family":"Spensky","sequence":"additional","affiliation":[]},{"given":"Jason","family":"Martin","sequence":"additional","affiliation":[]},{"given":"Hamed","family":"Okhravi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,9,15]]},"reference":[{"key":"5_CR1","unstructured":"CVE-2015-8617. \u201cAvailable from MITRE, CVE-ID CVE-2015-8617\u201d (2015). http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015-8617"},{"key":"5_CR2","unstructured":"Threat LandScape Report Q2 2017. Fortinet (2017). https:\/\/www.fortinet.com\/content\/dam\/fortinet\/assets\/threat-reports\/Fortinet-Threat-Report-Q2-2017.pdf"},{"key":"5_CR3","unstructured":"0vercl0k: rp++, April 2017. https:\/\/github.com\/0vercl0k\/rp"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Backes, M., Holz, T., Kollenda, B., Koppe, P., N\u00fcrnberger, S., Pewny, J.: You can run but you can\u2019t read: preventing disclosure exploits in executable code. In: ACM Conference on Computer and Communications Security. CCS (2014)","DOI":"10.1145\/2660267.2660378"},{"key":"5_CR5","unstructured":"Backes, M., N\u00fcrnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: 23rd USENIX Security Symposium. USENIX Sec (2014)"},{"key":"5_CR6","unstructured":"Barresi, A., Razavi, K., Payer, M., Gross, T.R.: CAIN: silently breaking ASLR in the cloud. In: 9th USENIX Security Symposium. WOOT 2015 (2015)"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: ACM Conference on Computer and Communications Security. CCS (2015)","DOI":"10.1145\/2810103.2813691"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Bittau, A., Belay, A., Mashtizadeh, A.J., Mazi\u00e8res, D., Boneh, D.: Hacking blind. In: 35th IEEE Symposium on Security and Privacy. S&P (2014)","DOI":"10.1109\/SP.2014.22"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Bosman, E., Razavi, K., Bos, H., Giuffrida, C.: Dedup est machina: Memory deduplication as an advanced exploitation vector. In: 37th IEEE Symposium on Security and Privacy (2016)","DOI":"10.1109\/SP.2016.63"},{"issue":"1","key":"5_CR10","doi-asserted-by":"publisher","first-page":"16:1","DOI":"10.1145\/3054924","volume":"50","author":"N Burow","year":"2017","unstructured":"Burow, N., et al.: Control-flow integrity: precision, security, and performance. ACM Comput. Surv. 50(1), 16:1\u201316:33 (2017)","journal-title":"ACM Comput. Surv."},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: ACM Conference on Computer and Communications Security. CCS (2010)","DOI":"10.1145\/1866307.1866370"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Chen, Y., Wang, Z., Whalley, D., Lu, L.: Remix: on-demand live randomization. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pp. 50\u201361. ACM (2016)","DOI":"10.1145\/2857705.2857726"},{"key":"5_CR13","unstructured":"Cowan, C., Beattie, S., Johansen, J., Wagle, P.: Pointguard: protecting pointers from buffer overflow vulnerabilities. In: 12th USENIX Security Symposium. USENIX Sec (2003)"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Crane, S., et al.: Readactor: practical code randomization resilient to memory disclosure. In: 36th IEEE Symposium on Security and Privacy. S&P (2015)","DOI":"10.1109\/SP.2015.52"},{"key":"5_CR15","doi-asserted-by":"crossref","unstructured":"Crane, S., et al.: It\u2019s a TRaP: table randomization and protection against function-reuse attacks. In: ACM Conference on Computer and Communications Security. CCS (2015)","DOI":"10.1145\/2810103.2813682"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Davi, L., Liebchen, C., Sadeghi, A.R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (Just-In-Time) return-oriented programming. In: 22nd Annual Network and Distributed System Security Symposium. NDSS (2015)","DOI":"10.14722\/ndss.2015.23262"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Davi, L.V., Dmitrienko, A., N\u00fcrnberger, S., Sadeghi, A.R.: Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and ARM. In: ASIACCS, pp. 299\u2013310 (2013)","DOI":"10.1145\/2484313.2484351"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1007\/978-3-642-00730-9_10","volume-title":"Information Security and Cryptology \u2013 ICISC 2008","author":"B De Sutter","year":"2009","unstructured":"De Sutter, B., Anckaert, B., Geiregat, J., Chanet, D., De Bosschere, K.: Instruction set limitation in support of software diversity. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 152\u2013165. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-00730-9_10"},{"key":"5_CR19","unstructured":"Durden, T.: Bypassing PaX ASLR protection (2002). http:\/\/www.phrack.org\/issues.html?issue=59&id=9"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Evans, I., et al.: Missing the point(er): on the effectiveness of code pointer integrity. In: 36th IEEE Symposium on Security and Privacy. S&P (2015)","DOI":"10.1109\/SP.2015.53"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Evans, I., et al.: Control jujutsu: on the weaknesses of fine-grained control flow integrity. In: ACM Conference on Computer and Communications Security. CCS (2015)","DOI":"10.1145\/2810103.2813646"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Gionta, J., Enck, W., Ning, P.: HideM: protecting the contents of userspace memory in the face of disclosure vulnerabilities. In: 5th ACM Conference on Data and Application Security and Privacy. CODASPY (2015)","DOI":"10.1145\/2699026.2699107"},{"key":"5_CR23","unstructured":"Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: 21st USENIX Security Symposium. USENIX Sec (2012)"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"G\u00f6ktas, E., et al.: Position-independent code reuse: on the effectiveness of ASLR in the absence of information disclosure. In: IEEE EuroS&P (2018)","DOI":"10.1109\/EuroSP.2018.00024"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Gras, B., Razavi, K., Bosman, E., Bos, H., Giuffrida, C.: ASLR on the line: Practical cache attacks on the MMU. NDSS, February 2017 (2017)","DOI":"10.14722\/ndss.2017.23271"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Hiser, J., Nguyen, A; Co, M., Hall, M., Davidson, J.: ILR: Where\u2019d my gadgets go. In: 33rd IEEE Symposium on Security and Privacy. S&P (2012)","DOI":"10.1109\/SP.2012.39"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Librando: transparent code randomization for just-in-time compilers. In: ACM Conference on Computer & Communications security, pp. 993\u20131004 (2013)","DOI":"10.1145\/2508859.2516675"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Homescu, A., Neisius, S., Larsen, P., Brunthaler, S., Franz, M.: Profile-guided automated software diversity. In: International Symposium on Code Generation and Optimization (CGO), pp. 1\u201311. IEEE (2013)","DOI":"10.1109\/CGO.2013.6494997"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Jackson, T., et al.: Compiler-generated software diversity. In: Moving Target Defense. Advances in Information Security (2011)","DOI":"10.1007\/978-1-4614-0977-9_4"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Jackson, T., Homescu, A., Crane, S., Larsen, P., Brunthaler, S., Franz, M.: Diversifying the software stack using randomized NOP insertion. In: Moving Target Defense. Advances in Information Security (2013)","DOI":"10.1007\/978-1-4614-5416-8_8"},{"key":"5_CR31","doi-asserted-by":"crossref","unstructured":"Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: 22nd Annual Computer Security Applications Conference. ACSAC (2006)","DOI":"10.1109\/ACSAC.2006.9"},{"issue":"5","key":"5_CR32","doi-asserted-by":"publisher","first-page":"709","DOI":"10.1007\/s11241-017-9272-9","volume":"53","author":"N Kim","year":"2017","unstructured":"Kim, N., Ward, B.C., Chisholm, M., Anderson, J.H., Smith, F.D.: Attacking the one-out-of-m multicore problem by combining hardware management with mixed-criticality provisioning. Real-Time Syst. 53(5), 709\u2013759 (2017)","journal-title":"Real-Time Syst."},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Koo, H., Chen, Y., Lu, L., Kemerlis, V.P., Polychronakis, M.: Compiler-assisted code randomization. In: IEEE Symposium on Security & Privacy (SP) (2018)","DOI":"10.1109\/SP.2018.00029"},{"key":"5_CR34","doi-asserted-by":"crossref","unstructured":"Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: 35th IEEE Symposium on Security and Privacy. S&P (2014)","DOI":"10.1109\/SP.2014.25"},{"key":"5_CR35","doi-asserted-by":"crossref","unstructured":"Lu, K., Song, C., Lee, B., Chung, S.P., Kim, T., Lee, W.: ASLR-Guard: stopping address space leakage for code reuse attacks. In: ACM Conference on Computer and Communications Security. CCS (2015)","DOI":"10.1145\/2810103.2813694"},{"key":"5_CR36","first-page":"143","volume-title":"Lecture Notes in Computer Science","author":"Micah Morton","year":"2017","unstructured":"Morton, M., Koo, H., Li, F., Snow, K.Z., Polychronakis, M., Monrose, F.: Defeating zombie gadgets by re-randomizing code upon disclosure. In: International Symposium on Engineering Secure Software and Systems, pp. 143\u2013160 (2017)"},{"key":"5_CR37","doi-asserted-by":"crossref","unstructured":"Novark, G., Berger, E.D.: Dieharder: securing the heap. In: ACM Conference on Computer and Communications Security. CCS, pp. 573\u2013584 (2010)","DOI":"10.1145\/1866307.1866371"},{"key":"5_CR38","first-page":"14","volume":"7","author":"A One","year":"1996","unstructured":"One, A.: Smashing the stack for fun and profit. Phrack Mag. 7, 14\u201316 (1996)","journal-title":"Phrack Mag."},{"key":"5_CR39","unstructured":"PaX: PaX address space layout randomization (2003)"},{"key":"5_CR40","unstructured":"Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip feng shui: hammering a needle in the software stack. In: 25th USENIX Security Symposium. USENIX Sec (2016)"},{"key":"5_CR41","doi-asserted-by":"crossref","unstructured":"Rudd, R., et al.: Address-oblivious code reuse: on the effectiveness of leakage resilient diversity. In: Proceedings of the Network and Distributed System Security Symposium. NDSS 2017, February 2017","DOI":"10.14722\/ndss.2017.23477"},{"key":"5_CR42","doi-asserted-by":"crossref","unstructured":"Seibert, J., Okhravi, H., S\u00f6derstr\u00f6m, E.: Information leaks without memory disclosures: Remote side channel attacks on diversified code. In: ACM Conference on Computer and Communications Security. CCS (2014)","DOI":"10.1145\/2660267.2660309"},{"key":"5_CR43","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: ACM Conference on Computer and Communications Security. CCS (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"5_CR44","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., et al.: SoK: (State of) the art of war: Offensive techniques in binary analysis. In: IEEE Symposium on Security and Privacy (2016)","DOI":"10.1109\/SP.2016.17"},{"key":"5_CR45","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: 34th IEEE Symposium on Security and Privacy. S&P (2013)","DOI":"10.1109\/SP.2013.45"},{"key":"5_CR46","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Rogowski, R., Werner, J., Koo, H., Monrose, F., Polychronakis, M.: Return to the zombie gadgets: undermining destructive code reads via code inference attacks. In: 37th IEEE Symposium on Security and Privacy (2016)","DOI":"10.1109\/SP.2016.61"},{"key":"5_CR47","doi-asserted-by":"crossref","unstructured":"Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: 2nd European Workshop on System Security. EUROSEC (2009)","DOI":"10.1145\/1519144.1519145"},{"key":"5_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-319-97916-8_5","volume-title":"Advances in Information and Computer Security","author":"T Saito","year":"2018","unstructured":"Saito, T., Yokoyama, M., Sugawara, S., Suzaki, K.: Safe trans loader: mitigation and prevention of memory corruption attacks for released binaries. In: Inomata, A., Yasuda, K. (eds.) IWSEC 2018. LNCS, vol. 11049, pp. 68\u201383. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-97916-8_5"},{"key":"5_CR49","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: Sok: eternal war in memory. In: Proceedings of IEEE Symposium on Security and Privacy (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"5_CR50","doi-asserted-by":"crossref","unstructured":"Tang, A., Sethumadhavan, S., Stolfo, S.: Heisenbyte: thwarting memory disclosure attacks using destructive code reads. In: ACM Conference on Computer and Communications Security. CCS (2015)","DOI":"10.1145\/2810103.2813685"},{"key":"5_CR51","doi-asserted-by":"crossref","unstructured":"Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: ACM Conference on Computer and Communications Security. CCS (2012)","DOI":"10.1145\/2382196.2382216"},{"key":"5_CR52","doi-asserted-by":"crossref","unstructured":"Werner, J., et al.: No-execute-after-read: preventing code disclosure in commodity software. In: 11th ACM Symposium on Information, Computer and Communications Security. ASIACCS (2016)","DOI":"10.1145\/2897845.2897891"},{"key":"5_CR53","unstructured":"Williams-King, D., et al.: Shuffler: fast and deployable continuous code re-randomization. In: Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, pp. 367\u2013382 (2016)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2019"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-29959-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,15]],"date-time":"2024-09-15T00:03:38Z","timestamp":1726358618000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-29959-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030299583","9783030299590"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-29959-0_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"15 September 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/conf.laas.fr\/esorics\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"344","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"67","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}