{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T15:21:31Z","timestamp":1770218491253,"version":"3.49.0"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319256443","type":"print"},{"value":"9783319256450","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-25645-0_8","type":"book-chapter","created":{"date-parts":[[2015,11,23]],"date-time":"2015-11-23T12:24:45Z","timestamp":1448281485000},"page":"112-129","source":"Crossref","is-referenced-by-count":14,"title":["DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices"],"prefix":"10.1007","author":[{"given":"Javid","family":"Habibi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ajay","family":"Panicker","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aditi","family":"Gupta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,11,6]]},"reference":[{"key":"8_CR1","unstructured":"byte-unixbench: A Unix benchmark suite. http:\/\/code.google.com\/p\/byte-unixbench\/"},{"key":"8_CR2","unstructured":"Aleph One: Smashing the stack for fun and profit. Phrack Magazine 49, 14 (November 1996)"},{"key":"8_CR3","unstructured":"ARM Holdings plc. ARM Architecture Reference Manual"},{"key":"8_CR4","unstructured":"Bhatkar, E., Duvarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proc. of the 12th USENIX Security Symposium, pp. 105\u2013120 (2003)"},{"key":"8_CR5","unstructured":"Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proc. of the 14th Conference on USENIX Security Symposium. SSYM 2005, vol. 14, pp. 17\u201317 (2005)"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.: Jump-oriented programming: A new class of code-reuse attack. Tech. Rep. TR-2010-8, North Carolina State University (2010)","DOI":"10.1145\/1966913.1966919"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.: Mitigating code-reuse attacks with control-flow locking. In: Proc. of the 27th Annual Computer Security Applications Conference. ACSAC 2011, pp. 353\u2013362. ACM, New York (2011)","DOI":"10.1145\/2076732.2076783"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to risc. In: Proc. of the 15th ACM Conference on Computer and Communications Security, pp. 27\u201338 (2008)","DOI":"10.1145\/1455770.1455776"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proc. of the 17th ACM Conference on Computer and Communications Security, pp. 559\u2013572 (2010)","DOI":"10.1145\/1866307.1866370"},{"key":"8_CR10","unstructured":"Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proc. of the 20th USENIX Conference on Security. SEC 2011, p. 6. USENIX Association, Berkeley (2011)"},{"key":"8_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-642-10772-6_13","volume-title":"Information Systems Security","author":"P Chen","year":"2009","unstructured":"Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: detecting return-oriented programming malicious code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 163\u2013177. Springer, Heidelberg (2009)"},{"key":"8_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-642-17714-9_11","volume-title":"Information Systems Security","author":"P Chen","year":"2010","unstructured":"Chen, P., Xing, X., Han, H., Mao, B., Xie, L.: Efficient detection of the return-oriented programming malicious code. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 140\u2013155. Springer, Heidelberg (2010)"},{"key":"8_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"340","DOI":"10.1007\/978-3-642-17650-0_24","volume-title":"Information and Communications Security","author":"P Chen","year":"2010","unstructured":"Chen, P., Xing, X., Mao, B., Xie, L.: Return-oriented rootkit without returns (on the x86). In: Soriano, M., Qing, S., L\u00f3pez, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 340\u2013354. Springer, Heidelberg (2010)"},{"key":"8_CR14","unstructured":"Miessler, D.: HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack (July 2014). http:\/\/h30499.www3.hp.com\/t5\/Fortify-Application-Security\/HP-Study-Reveals-70-Percent-of\/\/-Internet-of-Things-Devices\/ba-p\/6556284#.VH4faTHF9Zg"},{"key":"8_CR15","unstructured":"Evans, D.: The Internet of Things How the Next Evolution of the Internet is Changing Everything (April 2011). http:\/\/www.cisco.com\/web\/about\/ac79\/docs\/innov\/IoT_IBSG_0411FINAL.pdf"},{"key":"8_CR16","unstructured":"Davi, L., Dmitrienko, A., Egele, M., Fischer, T., Holz, T., Hund, R., N\u00fcrnberger, S., Sadeghi, A.-R.: Mocfi: a framework to mitigate control-flow attacks on smartphones. In: NDSS (2012)"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Proc. of the 13th International Conference on Information Security, pp. 346\u2013360 (2011)","DOI":"10.1007\/978-3-642-18178-8_30"},{"key":"8_CR18","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.-R., Winandy, M.: Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: Proc. of the 2009 ACM workshop on Scalable trusted computing, pp. 49\u201354 (2009)","DOI":"10.1145\/1655108.1655117"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.-R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proc. of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 40\u201351 (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Davi, L.V., Dmitrienko, A., N\u00fcrnberger, S., Sadeghi, A.-R.: Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and arm. In: Proc. of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ASIA CCS 2013, pp. 299\u2013310. ACM, New York (2013)","DOI":"10.1145\/2484313.2484351"},{"key":"8_CR21","unstructured":"Debian Foundation. Raspbian. http:\/\/www.raspbian.org\/"},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: Proc. of the 15th ACM Conference on Computer and Communications Security, pp. 15\u201326 (2008)","DOI":"10.1145\/1455770.1455775"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Franz, M., Brunthaler, S., Larsen, P., Homescu, A., Neisius, S.: Profile-guided automated software diversity. In: Proc. of the 2013 IEEE\/ACM International Symposium on Code Generation and Optimization (CGO). CGO 2013, pp. 1\u201311. IEEE Computer Society, Washington (2013)","DOI":"10.1109\/CGO.2013.6494997"},{"key":"8_CR24","unstructured":"Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: Proc. of the 21st USENIX Conference on Security Symposium. Security 2012, pp. 40\u201340. USENIX Association, Berkeley (2012)"},{"issue":"99","key":"8_CR25","first-page":"1","volume":"PP","author":"A Gupta","year":"2014","unstructured":"Gupta, A., Habibi, J., Kirkpatrick, M., Bertino, E.: Marlin: Mitigating code reuse attacks using code randomization. IEEE Transactions on Dependable and Secure Computing PP(99), 1\u20131 (2014)","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: Ilr: where\u2019d my gadgets go? In: Proc. of the 2012 IEEE Symposium on Security and Privacy, pp. 571\u2013585 (2012)","DOI":"10.1109\/SP.2012.39"},{"key":"8_CR27","doi-asserted-by":"crossref","unstructured":"Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Librando: transparent code randomization for just-in-time compilers. In: Proc. of the 2013 ACM SIGSAC Conference on Computer & Communications Security. CCS 2013, pp. 993\u20131004. ACM, New York (2013)","DOI":"10.1145\/2508859.2516675"},{"key":"8_CR28","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In: Proc. of the 18th Conference on USENIX Security Symposium. SSYM 2009, pp. 383\u2013398 (2009)"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proc. of the 10th ACM Conference on Computer and Communications Security. CCS 2003, pp. 272\u2013280. ACM, New York (2003)","DOI":"10.1145\/948143.948146"},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating return-oriented rootkits with \u201creturn-less\u201d kernels. In: Proc. of the 5th European Conference on Computer Systems, pp. 195\u2013208 (2010)","DOI":"10.1145\/1755913.1755934"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"Newsome, J., Shi, E., Song, D., Perrig, A.: The sybil attack in sensor networks: analysis & defenses. In: Proc. of the 3rd International Symposium on Information Processing in Sensor Networks. IPSN 2004, pp. 259\u2013268. ACM, New York (2004)","DOI":"10.1145\/984622.984660"},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: defeating return-oriented programming through gadget-less binaries. In: Proc. of the 26th Annual Computer Security Applications Conference, pp. 49\u201358 (2010)","DOI":"10.1145\/1920261.1920269"},{"key":"8_CR33","doi-asserted-by":"crossref","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: Proc. of the 2012 IEEE Symposium on Security and Privacy. SP 2012, pp. 601\u2013615. IEEE Computer Society, Washington (2012)","DOI":"10.1109\/SP.2012.41"},{"key":"8_CR34","unstructured":"PaX Team. PaX. http:\/\/pax.grsecurity.net\/"},{"key":"8_CR35","doi-asserted-by":"crossref","unstructured":"Pewny, J., Holz, T.: Control-flow restrictor: compiler-based CFI for IOS. In: Proc. of the 29th Annual Computer Security Applications Conference, pp. 309\u2013318. ACM (2013)","DOI":"10.1145\/2523649.2523674"},{"issue":"1","key":"8_CR36","doi-asserted-by":"publisher","first-page":"2:1","DOI":"10.1145\/2133375.2133377","volume":"15","author":"R Roemer","year":"2012","unstructured":"Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: Systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15(1), 2:1\u20132:34 (2012)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"8_CR37","doi-asserted-by":"crossref","unstructured":"Roglia, G., Martignoni, L., Paleari, R., Bruschi, D.: Surgically returning to randomized lib(c). In: Annual Computer Security Applications Conference. ACSAC 2009, pp. 60\u201369, December 2009","DOI":"10.1109\/ACSAC.2009.16"},{"key":"8_CR38","unstructured":"Salwan, J.: ROPgadget tool. http:\/\/shell-storm.org\/project\/ROPgadget\/"},{"key":"8_CR39","doi-asserted-by":"crossref","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proc. of the 11th ACM Conference on Computer and Communications Security, pp. 298\u2013307 (2004)","DOI":"10.1145\/1030083.1030124"},{"key":"8_CR40","doi-asserted-by":"crossref","unstructured":"Shioji, E., Kawakoya, Y., Iwamura, M., Hariu, T.: Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks. In: Proc. of the 28th Annual Computer Security Applications Conference. ACSAC 2012, pp. 309\u2013318. ACM, New York (2012)","DOI":"10.1145\/2420950.2420996"},{"key":"8_CR41","unstructured":"Sovarel, A.N., Evans, D., Paul, N.: Where\u2019s the feeb? The effectiveness of instruction set randomization. In: Proc. of the 14th Conference on USENIX Security Symposium, vol. 14, pp. 10\u201310 (2005)"},{"key":"8_CR42","unstructured":"Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 seconds: hijacking with hitag2. In: Proc. of the 21st USENIX Conference on Security Symposium. Security 2012, pp. 37\u201337. USENIX Association, Berkeley (2012)"},{"key":"8_CR43","doi-asserted-by":"crossref","unstructured":"Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: Proc. of the 2012 ACM Conference on Computer and Communications Security. CCS 2012, pp. 157\u2013168. ACM, New York (2012)","DOI":"10.1145\/2382196.2382216"},{"issue":"1","key":"8_CR44","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/MSP.2009.18","volume":"7","author":"D Williams","year":"2009","unstructured":"Williams, D., Hu, W., Davidson, J., Hiser, J., Knight, J., Nguyen-Tuong, A.: Security through diversity: leveraging virtual machine technology. IEEE Security Privacy 7(1), 26\u201333 (2009)","journal-title":"IEEE Security Privacy"},{"issue":"11","key":"8_CR45","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1145\/2018396.2018403","volume":"54","author":"A Wright","year":"2011","unstructured":"Wright, A.: Hacking cars. Commun. ACM 54(11), 18\u201319 (2011)","journal-title":"Commun. ACM"},{"key":"8_CR46","unstructured":"Li, X.-F.: ELF Parser. http:\/\/people.apache.org\/ xli\/"},{"key":"8_CR47","unstructured":"Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp. 559\u2013573 (2013)"},{"key":"8_CR48","unstructured":"Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proc. of the 22Nd USENIX Conference on Security. SEC 2013, pp. 337\u2013352. USENIX Association, Berkeley (2013)"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-25645-0_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T13:42:26Z","timestamp":1748698946000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-25645-0_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319256443","9783319256450"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-25645-0_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}