{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T14:57:34Z","timestamp":1773154654170,"version":"3.50.1"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319263618","type":"print"},{"value":"9783319263625","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26362-5_4","type":"book-chapter","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T10:10:45Z","timestamp":1445854245000},"page":"66-85","source":"Crossref","is-referenced-by-count":29,"title":["Hardware-Assisted Fine-Grained Code-Reuse Attack Detection"],"prefix":"10.1007","author":[{"given":"Pinghai","family":"Yuan","sequence":"first","affiliation":[]},{"given":"Qingkai","family":"Zeng","sequence":"additional","affiliation":[]},{"given":"Xuhua","family":"Ding","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"key":"4_CR1","unstructured":"IDA: \n                      http:\/\/www.hex-rays.com\/ida\/index.shtml"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, \u00da., Ligatti, J.: Control-flow integrity. In: CCS 2005 (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/11576280_9","volume-title":"Formal Methods and Software Engineering","author":"M Abadi","year":"2005","unstructured":"Abadi, M., Budiu, M., Erlingsson, \u00da., Ligatti, J.: A theory of secure control flow. In: Lau, K.-K., Banach, R. (eds.) ICFEM 2005. LNCS, vol. 3785, pp. 111\u2013124. Springer, Heidelberg (2005)"},{"key":"4_CR4","unstructured":"Andersen, S., Abella, V.: Data Execution Prevention: Changes to Functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory Protection Technologies (2004)"},{"key":"4_CR5","unstructured":"Backes, M., N\u00fcrnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: USENIX 2014 (2014)"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Bittau, A., Belay, A., Mashtizadeh, A., Mazieres, D., Boneh, D.: Hacking blind. In: SP 2014 (2014)","DOI":"10.1109\/SP.2014.22"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: ASIACCS 2011 (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Bosman, E., Bos, H.: Framing signals - a return to portable shellcode. In: SP 2014 (2014)","DOI":"10.1109\/SP.2014.23"},{"key":"4_CR9","unstructured":"Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: USENIX 2014 (2014)"},{"key":"4_CR10","unstructured":"Casteel, K.: A Systematic Analysis of Defenses Against Code Reuse Attacks. Ph. D. thesis, Massachusetts Institute of Technology (2013)"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Cheng, Y., Zhou, Z., Yu, M., Ding, X., Deng, R.H.: ROPecker: a generic and practical approach for defending against ROP attacks. In: NDSS 2014 (2014)","DOI":"10.14722\/ndss.2014.23156"},{"key":"4_CR12","unstructured":"Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX 1998 (1998)"},{"key":"4_CR13","unstructured":"Davi, L., Lehmann, D., Sadeghi, A.-R., Monrose, F.: Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection. In: USENIX 2014 (2014)"},{"key":"4_CR14","unstructured":"Designer, S.: Getting around non-executable stack (and fix). Bugtraq (1997)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Gupta, A., Kerr, S., Kirkpatrick, M.S., Bertino, E.: Marlin: making it harder to fish for gadgets. In: CCS 2012 (2012)","DOI":"10.1145\/2382196.2382310"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"G\u00f6kta\u015f, E., Athanasopoulos, E., Bos, H., Portokalidis, G.: Out of control: overcoming control-flow integrity. In: SP 2014 (2014)","DOI":"10.1109\/SP.2014.43"},{"key":"4_CR17","unstructured":"G\u00f6kta\u015f, E., Athanasopoulos, E., Polychronakis, M., Bos, H., Portokalidis, G.: Size does matter: why using gadget-chain length to prevent code-reuse attacks is hard. In: USENIX 2014 (2014)"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.: ILR: where\u2019d my gadgets go? In: SP 2012 (2012)","DOI":"10.1109\/SP.2012.39"},{"key":"4_CR19","unstructured":"Intel: Intel 64 and IA-32 Intel Architecture software developer\u2019s manual (2001)"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Jang, D., Tatlock, Z., Lerner, S.: SAFEDISPATCH: securing C++ virtual calls from memory corruption attacks. In: NDSS 2014 (2014)","DOI":"10.14722\/ndss.2014.23287"},{"key":"4_CR21","unstructured":"Mccamant, S., Morrisett, G.: Evaluating SFI for a CISC architecture. In: USENIX 2006 (2006)"},{"key":"4_CR22","unstructured":"Nergal: The advanced return-into-lib (c) exploits: PaX case study. Phrack Magazine, Volume 0x0b, Issue 0x3a, Phile# 0x04 of 0x0e (2001)"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Niu, B., Tan, G.: Monitor integrity protection with space efficiency and separate compilation. In: CCS 2013 (2013)","DOI":"10.1145\/2508859.2516649"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Niu, B., Tan, G.: Modular control-flow integrity. In: PLDI 2014 (2014)","DOI":"10.1145\/2594291.2594295"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: SP 2012 (2012)","DOI":"10.1109\/SP.2012.41"},{"key":"4_CR26","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In: USENIX 2013 (2013)"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Payer, M., Gross, T.R.: String oriented programming: when ASLR is not enough. In: PPREW 2013 (2013)","DOI":"10.1145\/2430553.2430555"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Prakash, A., Hu, X., Yin, H.: vfGuard: strict protection for virtual function calls in COTS C++ binaries. In: NDSS 2015 (2015)","DOI":"10.14722\/ndss.2015.23297"},{"key":"4_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1007\/978-3-319-11379-1_5","volume-title":"Research in Attacks, Intrusions and Defenses","author":"F Schuster","year":"2014","unstructured":"Schuster, F., Tendyck, T., Pewny, J., Maa\u00df, A., Steegmanns, M., Contag, M., Holz, T.: Evaluating the effectiveness of current anti-ROP defenses. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 88\u2013108. Springer, Heidelberg (2014)"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: CCS 2007 (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Shioji, E., Kawakoya, Y., Iwamura, M., Hariu, T.: Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks. In: ACSAC 2012 (2012)","DOI":"10.1145\/2420950.2420996"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.-R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: SP 2013 (2013)","DOI":"10.1109\/SP.2013.45"},{"key":"4_CR33","unstructured":"PaX Team: PaX address space layout randomization (ASLR) (2003)"},{"key":"4_CR34","unstructured":"PaX Team: PaX non-executable pages design & implementation (2003)"},{"key":"4_CR35","unstructured":"Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, \u00da., Lozano, L., Pike, G.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: USENIX 2014 (2014)"},{"key":"4_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-642-23644-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"M Tran","year":"2011","unstructured":"Tran, M., Etheridge, M., Bletsch, T., Jiang, X., Freeh, V., Ning, P.: On the expressiveness of return-into-libc attacks. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 121\u2013141. Springer, Heidelberg (2011)"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X.: HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: SP 2010 (2010)","DOI":"10.1109\/SP.2010.30"},{"key":"4_CR38","doi-asserted-by":"crossref","unstructured":"Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: CCS 2012 (2012)","DOI":"10.1145\/2382196.2382216"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Wilander, J., Nikiforakis, N., Younan, Y., Kamkar, M., Joosen, W.: RIPE: runtime intrusion prevention evaluator. In: ACSAC 2011 (2011)","DOI":"10.1145\/2076732.2076739"},{"key":"4_CR40","unstructured":"Xia, Y., Liu, Y., Chen, H., Zang, B.: CFIMon: detecting violation of control flow integrity using performance counters. In: DSN 2012 (2012)"},{"key":"4_CR41","doi-asserted-by":"crossref","unstructured":"Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native client: a sandbox for portable, untrusted x86 native code. In: SP 2009 (2009)","DOI":"10.1109\/SP.2009.25"},{"key":"4_CR42","doi-asserted-by":"crossref","unstructured":"Zhang, C., Song, C., Chen, K.Z., Chen, Z., Song, D.: VTint: defending virtual function tables integrity. In: NDSS 2015 (2015)","DOI":"10.14722\/ndss.2015.23099"},{"key":"4_CR43","unstructured":"Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: SP 2013 (2013)"},{"key":"4_CR44","unstructured":"Zhang, M., Sekar, R.: Control flow integrity for COTS binaries. In: USENIX 2013 (2013)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26362-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T05:34:15Z","timestamp":1559280855000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26362-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319263618","9783319263625"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26362-5_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}