{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T08:20:19Z","timestamp":1781252419788,"version":"3.54.1"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030878719","type":"print"},{"value":"9783030878726","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,9,22]],"date-time":"2021-09-22T00:00:00Z","timestamp":1632268800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,9,22]],"date-time":"2021-09-22T00:00:00Z","timestamp":1632268800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-87872-6_14","type":"book-chapter","created":{"date-parts":[[2021,9,21]],"date-time":"2021-09-21T04:02:39Z","timestamp":1632196959000},"page":"136-145","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["The Neverending Story: Memory Corruption 30 Years Later"],"prefix":"10.1007","author":[{"given":"Oscar","family":"Llorente-Vazquez","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Igor","family":"Santos","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Iker","family":"Pastor-Lopez","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Pablo Garcia","family":"Bringas","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,9,22]]},"reference":[{"key":"14_CR1","doi-asserted-by":"crossref","unstructured":"Baldoni, R., Coppa, E., D\u2019elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. (CSUR) 51(3), 1\u201339 (2018)","DOI":"10.1145\/3182657"},{"key":"14_CR2","doi-asserted-by":"crossref","unstructured":"Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 268\u2013279 (2015)","DOI":"10.1145\/2810103.2813691"},{"key":"14_CR3","unstructured":"Bruening, D., Amarasinghe, S.: Efficient, transparent, and comprehensive runtime code manipulation. Ph.D. thesis, Massachusetts Institute of Technology, Department of Electrical Engineering (2004)"},{"key":"14_CR4","doi-asserted-by":"crossref","unstructured":"Bruening, D., Zhao, Q.: Practical memory checking with dr. memory. In: International Symposium on Code Generation and Optimization (CGO 2011), pp. 213\u2013223. IEEE (2011)","DOI":"10.1109\/CGO.2011.5764689"},{"issue":"1","key":"14_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3054924","volume":"50","author":"N Burow","year":"2017","unstructured":"Burow, N., et al.: Control-flow integrity: precision, security, and performance. ACM Comput. Surv. (CSUR) 50(1), 1\u201333 (2017)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"14_CR6","unstructured":"Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI), pp. 147\u2013160 (2006)"},{"key":"14_CR7","unstructured":"Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: 14th USENIX Security Symposium (USENIX Security 2005), vol.\u00a05 (2005)"},{"key":"14_CR8","doi-asserted-by":"crossref","unstructured":"Chen, X., Bos, H., Giuffrida, C.: Codearmor: virtualizing the code space to counter disclosure attacks. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 514\u2013529. IEEE (2017)","DOI":"10.1109\/EuroSP.2017.17"},{"key":"14_CR9","unstructured":"Clang static analyzer. https:\/\/clang-analyzer.llvm.org\/"},{"key":"14_CR10","unstructured":"Cloosters, T., Rodler, M., Davi, L.: Teerex: discovery and exploitation of memory corruption vulnerabilities in sgx enclaves. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 841\u2013858 (2020)"},{"key":"14_CR11","unstructured":"CWE - 2020 CWE top 25 most dangerous software weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2020\/2020_cwe_top25.html"},{"key":"14_CR12","unstructured":"Designer, S.: Return-to-libc attack. Bugtraq (1997)"},{"key":"14_CR13","doi-asserted-by":"crossref","unstructured":"Dinesh, S., Burow, N., Xu, D., Payer, M.: Retrowrite: statically instrumenting cots binaries for fuzzing and sanitization. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1497\u20131511. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00009"},{"key":"14_CR14","doi-asserted-by":"crossref","unstructured":"Ge, X., Cui, W., Jaeger, T.: Griffin: guarding control flows using intel processor trace. In: 22nd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2017, pp. 585\u2013598. Association for Computing Machinery (2017)","DOI":"10.1145\/3093315.3037716"},{"key":"14_CR15","unstructured":"Hu, H., Chua, Z.L., Adrian, S., Saxena, P., Liang, Z.: Automatic generation of data-oriented exploits. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 177\u2013192 (2015)"},{"key":"14_CR16","doi-asserted-by":"crossref","unstructured":"Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: On the expressiveness of non-control data attacks. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 969\u2013986. IEEE (2016)","DOI":"10.1109\/SP.2016.62"},{"key":"14_CR17","doi-asserted-by":"crossref","unstructured":"Ispoglou, K.K., AlBassam, B., Jaeger, T., Payer, M.: Block oriented programming: Automating data-only attacks. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1868\u20131882 (2018)","DOI":"10.1145\/3243734.3243739"},{"key":"14_CR18","doi-asserted-by":"crossref","unstructured":"Klees, G., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 2123\u20132138 (2018)","DOI":"10.1145\/3243734.3243804"},{"key":"14_CR19","doi-asserted-by":"crossref","unstructured":"Kroening, D., Tautschnig, M.: CBMC\u2013C bounded model checker. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 389\u2013391. Springer, Heidelberg (2014)","DOI":"10.1007\/978-3-642-54862-8_26"},{"key":"14_CR20","doi-asserted-by":"crossref","unstructured":"Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: Sok: automated software diversity. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 276\u2013291. IEEE (2014)","DOI":"10.1109\/SP.2014.25"},{"key":"14_CR21","doi-asserted-by":"crossref","unstructured":"Lu, K., Song, C., Lee, B., Chung, S.P., Kim, T., Lee, W.: ASLR-guard: stopping address space leakage for code reuse attacks. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 280\u2013291 (2015)","DOI":"10.1145\/2810103.2813694"},{"key":"14_CR22","unstructured":"Machiry, A., Spensky, C., Corina, J., Stephens, N., Kruegel, C., Vigna, G.: DR.CHECKER: a soundy analysis for linux kernel drivers. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1007\u20131024 (2017)"},{"key":"14_CR23","doi-asserted-by":"crossref","unstructured":"Muench, M., Stijohann, J., Kargl, F., Francillon, A., Balzarotti, D.: What you corrupt is not what you crash: challenges in fuzzing embedded devices. In: Proceedings of the 2018 Annual Network and Distributed System Security Symposium (NDSS) (2018)","DOI":"10.14722\/ndss.2018.23166"},{"key":"14_CR24","doi-asserted-by":"crossref","unstructured":"Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: Softbound: highly compatible and complete spatial memory safety for c. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pp. 245\u2013258 (2009)","DOI":"10.1145\/1543135.1542504"},{"key":"14_CR25","doi-asserted-by":"crossref","unstructured":"Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: Cets: compiler enforced temporal safety for C. In: Proceedings of the 2010 International Symposium on Memory Management, pp. 31\u201340 (2010)","DOI":"10.1145\/1837855.1806657"},{"issue":"6","key":"14_CR26","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1145\/1273442.1250746","volume":"42","author":"N Nethercote","year":"2007","unstructured":"Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Not. 42(6), 89\u2013100 (2007)","journal-title":"ACM SIGPLAN Not."},{"key":"14_CR27","unstructured":"Oikonomopoulos, A., Athanasopoulos, E., Bos, H., Giuffrida, C.: Poking holes in information hiding. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 121\u2013138 (2016)"},{"key":"14_CR28","unstructured":"\u00d6sterlund, S., Razavi, K., Bos, H., Giuffrida, C.: Parmesan: sanitizer-guided greybox fuzzing. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2289\u20132306 (2020)"},{"issue":"4","key":"14_CR29","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1145\/1357010.1352618","volume":"42","author":"Y Padioleau","year":"2008","unstructured":"Padioleau, Y., Lawall, J., Hansen, R.R., Muller, G.: Documenting and automating collateral evolutions in linux device drivers. ACM SIGOPS Oper. Syst. Rev. 42(4), 247\u2013260 (2008)","journal-title":"ACM SIGOPS Oper. Syst. Rev."},{"key":"14_CR30","doi-asserted-by":"crossref","unstructured":"Payer, M., Barresi, A., Gross, T.R.: Fine-grained control-flow integrity through binary hardening. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), pp. 144\u2013164. Springer (2015)","DOI":"10.1007\/978-3-319-20550-2_8"},{"key":"14_CR31","unstructured":"Ramos, D.A., Engler, D.: Under-constrained symbolic execution: correctness checking for real code. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 49\u201364 (2015)"},{"issue":"1","key":"14_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2133375.2133377","volume":"15","author":"R Roemer","year":"2012","unstructured":"Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(1), 1\u201334 (2012)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"14_CR33","doi-asserted-by":"crossref","unstructured":"Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.R., Holz, T.: Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in C++ applications. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 745\u2013762. IEEE (2015)","DOI":"10.1109\/SP.2015.51"},{"key":"14_CR34","unstructured":"Sehr, D., et al.: Adapting software fault isolation to contemporary cpu architectures. In: 19th USENIX Security Symposium (USENIX Security 2010) (2010)"},{"key":"14_CR35","doi-asserted-by":"crossref","unstructured":"Seibert, J., Okhravi, H., S\u00f6derstr\u00f6m, E.: Information leaks without memory disclosures: remote side channel attacks on diversified code. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 54\u201365 (2014)","DOI":"10.1145\/2660267.2660309"},{"key":"14_CR36","unstructured":"Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: Addresssanitizer: a fast address sanity checker. In: 2012 USENIX Annual Technical Conference (USENIX ATC 2012), pp. 309\u2013318 (2012)"},{"key":"14_CR37","unstructured":"Seward, J., Nethercote, N.: Using valgrind to detect undefined value errors with bit-precision. In: USENIX Annual Technical Conference (USENIX ATC 2005), pp. 17\u201330 (2005)"},{"key":"14_CR38","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM conference on Computer and Communications Security (CCS), pp. 552\u2013561 (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"14_CR39","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., et al.: Sok:(state of) the art of war: offensive techniques in binary analysis. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 138\u2013157. IEEE (2016)","DOI":"10.1109\/SP.2016.17"},{"key":"14_CR40","doi-asserted-by":"crossref","unstructured":"Song, C., Lee, B., Lu, K., Harris, W., Kim, T., Lee, W.: Enforcing kernel security invariants with data flow integrity. In: Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23218"},{"key":"14_CR41","doi-asserted-by":"crossref","unstructured":"Song, D., et al.: An effective probing and fuzzing framework for the hardware-OS boundary. In: Proceedings of the 2019 Annual Network and Distributed System Security Symposium (NDSS) (2019)","DOI":"10.14722\/ndss.2019.23176"},{"key":"14_CR42","doi-asserted-by":"crossref","unstructured":"Song, D., et al.: Sok: sanitizing for security. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1275\u20131295. IEEE (2019)","DOI":"10.1109\/SP.2019.00010"},{"key":"14_CR43","doi-asserted-by":"crossref","unstructured":"Stepanov, E., Serebryany, K.: Memorysanitizer: fast detector of uninitialized memory use in C++. In: 2015 IEEE\/ACM International Symposium on Code Generation and Optimization (CGO), pp. 46\u201355. IEEE (2015)","DOI":"10.1109\/CGO.2015.7054186"},{"key":"14_CR44","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 48\u201362. IEEE (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"14_CR45","doi-asserted-by":"crossref","unstructured":"Van Der\u00a0Veen, V., et al.: A tough call: mitigating advanced code-reuse attacks at the binary level. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 934\u2013953. IEEE (2016)","DOI":"10.1109\/SP.2016.60"},{"key":"14_CR46","doi-asserted-by":"crossref","unstructured":"van\u00a0der Veen, V., Andriesse, D., Stamatogiannakis, M., Chen, X., Bos, H., Giuffrdia, C.: The dynamics of innocent flesh on the bone: Code reuse ten years later. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1675\u20131689 (2017)","DOI":"10.1145\/3133956.3134026"},{"key":"14_CR47","doi-asserted-by":"crossref","unstructured":"Van\u00a0der Veen, V., Cavallaro, L., Bos, H., et\u00a0al.: Memory errors: the past, the present, and the future. In: International Conference on Recent Advances in Intrusion Detection (RAID), pp. 86\u2013106. Springer (2012)","DOI":"10.1007\/978-3-642-33338-5_5"},{"key":"14_CR48","doi-asserted-by":"crossref","unstructured":"Wang, H., et al.: Typestate-guided fuzzer for discovering use-after-free vulnerabilities. In: 2020 IEEE\/ACM 42nd International Conference on Software Engineering (ICSE), pp. 999\u20131010. IEEE (2020)","DOI":"10.1145\/3377811.3380386"},{"key":"14_CR49","unstructured":"Wang, J., et al.: NLP-EYE: detecting memory corruptions via semantic-aware memory operation function identification. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 309\u2013321 (2019)"},{"key":"14_CR50","doi-asserted-by":"crossref","unstructured":"Yan, H., Sui, Y., Chen, S., Xue, J.: Spatio-temporal context reduction: a pointer-analysis-based static approach for detecting use-after-free vulnerabilities. In: 2018 IEEE\/ACM 40th International Conference on Software Engineering (ICSE), pp. 327\u2013337. IEEE (2018)","DOI":"10.1145\/3180155.3180178"},{"key":"14_CR51","unstructured":"Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 559\u2013573. IEEE (2013)"},{"key":"14_CR52","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Wang, X., Chen, Y., Wang, Z.: Armlock: hardware-based fault isolation for arm. In: Proceedings of the 2014 ACM SIGSAC conference on Computer and Communications Security (CCS), pp. 558\u2013569 (2014)","DOI":"10.1145\/2660267.2660344"}],"container-title":["Advances in Intelligent Systems and Computing","14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational (CISIS 2021 and ICEUTE 2021)"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-87872-6_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,22]],"date-time":"2022-01-22T07:04:41Z","timestamp":1642835081000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-87872-6_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,22]]},"ISBN":["9783030878719","9783030878726"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-87872-6_14","relation":{},"ISSN":["2194-5357","2194-5365"],"issn-type":[{"value":"2194-5357","type":"print"},{"value":"2194-5365","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,22]]},"assertion":[{"value":"22 September 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CISIS - ICEUTE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Computational Intelligence in Security for Information Systems Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bilbao","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cisis-spain2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/2021.iceuteconference.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}