{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,1]],"date-time":"2025-06-01T04:08:02Z","timestamp":1748750882598,"version":"3.41.0"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319263618"},{"type":"electronic","value":"9783319263625"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26362-5_9","type":"book-chapter","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T14:10:45Z","timestamp":1445868645000},"page":"177-197","source":"Crossref","is-referenced-by-count":4,"title":["Counteracting Data-Only Malware with Code Pointer Examination"],"prefix":"10.1007","author":[{"given":"Thomas","family":"Kittel","sequence":"first","affiliation":[]},{"given":"Sebastian","family":"Vogl","sequence":"additional","affiliation":[]},{"given":"Julian","family":"Kirsch","sequence":"additional","affiliation":[]},{"given":"Claudia","family":"Eckert","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"key":"9_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM conference on Computer and Communications Security, CCS 2005, pp. 340\u2013353. ACM, New York (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"9_CR2","doi-asserted-by":"crossref","unstructured":"Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., Rhee, J., Xu, D.: DKSM: subverting virtual machine introspection for fun and profit. In: Proceedings of the 29th IEEE International Symposium on Reliable Distributed Systems (SRDS 2010), New Delhi, October 2010","DOI":"10.1109\/SRDS.2010.39"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 30\u201340. ACM, New York (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"9_CR4","unstructured":"C0ntex. Bypassing non-executable-stack during exploitation using return-to-libc"},{"key":"9_CR5","doi-asserted-by":"crossref","unstructured":"Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping kernel objects to enable systematic integrity checking. In: Proceedings of the 16th ACM conference on Computer and Communications Security (CCS 2009), pp. 555\u2013565. ACM (2009)","DOI":"10.1145\/1653662.1653729"},{"key":"9_CR6","unstructured":"Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 385\u2013399. USENIX Association, San Diego, August 2014"},{"key":"9_CR7","unstructured":"Cheng, Y., Zhou, Z., Yu, M., Ding, X., Deng, R.H.: ROPecker: a generic and practical approach for defending against ROP attacks. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, February 23\u201326, 2014, San Diego (2014)"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Davi, L., Liebchen, C., Sadeghi, A.-R., Snow, K. Z., Monrose, F.: Isomeron: Code randomization resilient to (just-in-time) return-oriented programming. In: Proceeding 22nd Network and Distributed Systems Security symposium (NDSS) (2015)","DOI":"10.14722\/ndss.2015.23262"},{"key":"9_CR9","unstructured":"Davi, L., Sadeghi, A.-R., Lehmann, D., Monrose, F.: Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 401\u2013416. USENIX Association, San Diego, August 2014"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Evans, I., Fingeret, S., Gonz\u00e1lez, J., Otgonbaatar, U., Tang, T., Shrobe, H., Sidiroglou-Douskos, S., Rinard, M., Okhravi, H.: Missing the point (er): on the effectiveness of code pointer integrity (2015)","DOI":"10.1109\/SP.2015.53"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Feng, Q., Prakash, A., Yin, H., Lin, Z.: MACE: high-coverage and robust memory analysis for commodity operating systems. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 196\u2013205. ACM, New York (2014)","DOI":"10.1145\/2664243.2664248"},{"key":"9_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-23644-0_2","volume-title":"Recent Advances in Intrusion Detection","author":"B Gilbert","year":"2011","unstructured":"Gilbert, B., Kemmerer, R., Kruegel, C., Vigna, G.: Dymo: tracking dynamic code identity. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 21\u201340. Springer, Heidelberg (2011)"},{"key":"9_CR13","unstructured":"G\u00f6kta\u015f, E., Athanasopoulos, E., Polychronakis, M., Bos, H., Portokalidis, G.: Size does matter: why using gadget-chain length to prevent code-reuse attacks is hard. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 417\u2013432. USENIX Association, San Diego, August 2014"},{"key":"9_CR14","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In: Proceedings of 18th USENIX Security Symposium (2009)"},{"key":"9_CR15","unstructured":"Kemerlis, V.P., Polychronakis, M., Keromytis, A.D.: Ret2dir: rethinking kernel isolation. In: 23rd USENIX Security Symposium. USENIX Association, August 2014"},{"key":"9_CR16","unstructured":"Kemerlis, V.P., Portokalidis, G., Keromytis, A.D.: kGuard: lightweight kernel protection against return-to-user attacks. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012. USENIX Association, Berkeley (2012)"},{"key":"9_CR17","unstructured":"Kittel, T., Vogl, S., Lengyel, T.K., Pfoh, J., Eckert, C.: Code validation for modern OS kernels. In: Workshop on Malware Memory Forensics (MMF), December 2014"},{"key":"9_CR18","unstructured":"Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), pp. 147\u2013163. USENIX Association, Broomfield, October 2014"},{"key":"9_CR19","unstructured":"Lin, Z., Rhee, J., Zhang, X., Xu, D., Jiang, X.: SigGraph: Brute force scanning of kernel data structure instances using graph-based signatures. In: Proceedings of the Network and Distributed System Security Symposium (NDSS). IEEE (2011)"},{"key":"9_CR20","unstructured":"Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: Proceedings of the 17th Usenix Security Symposium, pp. 243\u2013258. USENIX Association, Berkeley (2008)"},{"key":"9_CR21","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent rop exploit mitigation using indirect branch tracing. In: Presented as part of the 22nd USENIX Security Symposium (USENIX Security 2013), pp. 447\u2013462. USENIX, Washington, D.C. (2013)"},{"key":"9_CR22","doi-asserted-by":"crossref","unstructured":"Petroni, Jr., N.L., Hicks, M.: Automated detection of persistent kernel control-flow attacks. In: Proceedings of the 14th ACM conference on Computer and communications security, CCS 2007. ACM, New York (2007)","DOI":"10.1145\/1315245.1315260"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Polychronakis, M., Keromytis, A.D.: ROP payload detection using speculative code execution. In: 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 58\u201365. IEEE (2011)","DOI":"10.1109\/MALWARE.2011.6112327"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Sadeghi, A.-R., Davi, L., Larsen, P.: Securing legacy software against real-world code-reuse exploits: utopia, alchemy, or possible future? - keynote -. In: 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015), April 2015","DOI":"10.1145\/2714576.2737090"},{"key":"9_CR25","unstructured":"Schneider, C., Pfoh, J., Eckert, C.: Bridging the semantic gap through static code analysis. In: Proceedings of EuroSec 2012, 5th European Workshop on System Security. ACM Press, April 2012"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.-R., Holz, T.: Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In: 36th IEEE Symposium on Security and Privacy, Oakland, May 2015","DOI":"10.1109\/SP.2015.51"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM conference on Computer and Communications Security, CCS 2007, pp. 552\u2013561. ACM, New York (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Stancill, B., Snow, K.Z., Otterness, N., Monrose, F., Davi, L., Sadeghi, A.-R.: Check my profile: leveraging static analysis for fast and accurate detection of ROP gadgets. In: 16th Research in Attacks, Intrusions and Defenses (RAID) Symposium, October 2013","DOI":"10.1007\/978-3-642-41284-4_4"},{"key":"9_CR29","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 48\u201362. IEEE Computer Society, Washington, DC (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Vogl, S., Pfoh, J., Kittel, T., Eckert, C.: Persistent data-only malware: function hooks without code. In: Proceedings of the 21th Annual Network & Distributed System Security Symposium (NDSS), February 2014","DOI":"10.14722\/ndss.2014.23019"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering kernel rootkits with lightweight hook protection. In: Proceedings of the 16th ACM conference on Computer and Communications Security, CCS 2009, pp. 545\u2013554. ACM, New York (2009)","DOI":"10.1145\/1653662.1653728"},{"key":"9_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-87403-4_2","volume-title":"Recent Advances in Intrusion Detection","author":"Z Wang","year":"2008","unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X.: Countering persistent kernel Rootkits through systematic hook discovery. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 21\u201338. Springer, Heidelberg (2008)"},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"Xia, Y., Liu, Y., Chen, H., Zang, B.: CFIMon: detecting violation of control flow integrity using performance counters. In: Proceedings of the 2012 42nd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), DSN 2012, pp. 1\u201312. IEEE Computer Society, Washington, DC (2012)","DOI":"10.1109\/DSN.2012.6263958"},{"key":"9_CR34","unstructured":"Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: IEEE Symposium on Security and Privacy (SP), pp. 559\u2013573. IEEE (2013)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26362-5_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T04:26:10Z","timestamp":1748665570000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26362-5_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319263618","9783319263625"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26362-5_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}