{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T06:46:27Z","timestamp":1725864387108},"publisher-location":"Cham","reference-count":62,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319457185"},{"type":"electronic","value":"9783319457192"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45719-2_4","type":"book-chapter","created":{"date-parts":[[2016,9,5]],"date-time":"2016-09-05T22:11:24Z","timestamp":1473113484000},"page":"71-94","source":"Crossref","is-referenced-by-count":3,"title":["Detecting Stack Layout Corruptions with Robust Stack Unwinding"],"prefix":"10.1007","author":[{"given":"Yangchun","family":"Fu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Junghwan","family":"Rhee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhichun","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hui","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guofei","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,9,7]]},"reference":[{"key":"4_CR1","unstructured":"Dwarf debugging information format, version 4. http:\/\/www.dwarfstd.org\/doc\/DWARF4.pdf"},{"key":"4_CR2","unstructured":"Exception frames. https:\/\/refspecs.linuxfoundation.org\/LSB_3.0.0\/LSB-Core-generic\/LSB-Core-generic\/ehframechpt.html"},{"key":"4_CR3","unstructured":"Exceptions and stack unwinding in C++. http:\/\/msdn.microsoft.com\/en-us\/library\/hh254939.aspx"},{"key":"4_CR4","unstructured":"Mach-o executables, issue 6 build tools. http:\/\/www.objc.io\/issue-6\/mach-o-executables.html"},{"key":"4_CR5","unstructured":"Structured exception handling. http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms680657(v=vs.85).aspx"},{"key":"4_CR6","unstructured":"System V Application Binary Interface (ABI), AMD64 Architecture Processor Supplement, Draft Version 0.98"},{"key":"4_CR7","unstructured":"x64 manual stack reconstruction and stack walking. https:\/\/blogs.msdn.microsoft.com\/ntdebugging\/2010\/05\/12\/x64-manual-stack-reconstruction-and-stack-walking\/"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of CCS (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"4_CR9","doi-asserted-by":"crossref","unstructured":"Bittau, A., Belay, A., Mashtizadeh, A., Mazieres, D., Boneh, D.: Hacking blind. In: Proceedings of IEEE Security and Privacy (2014)","DOI":"10.1109\/SP.2014.22"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of ASIACCS (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Bosman, E., Bos, H.: Framing signals - a return to portable shellcode. In: Proceedings of IEEE Security and Privacy (2014)","DOI":"10.1109\/SP.2014.23"},{"key":"4_CR12","unstructured":"Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: Proceedings of USENIX Security (2014)"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of CCS (2010)","DOI":"10.1145\/1866307.1866370"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1007\/978-3-642-10772-6_13","volume-title":"Information Systems Security","author":"P Chen","year":"2009","unstructured":"Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: detecting return-oriented programming malicious code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 163\u2013177. Springer, Heidelberg (2009)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Chen, P., Xing, X., Mao, B., Xie, L.: Return-oriented rootkit without returns (on the x86). In: Proceedings of ICICS (2010)","DOI":"10.1007\/978-3-642-17650-0_24"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Cheng, Y., Zhou, Z., Yu, M., Ding, X., Deng, R.H.: ROPecker: a generic and practical approach for defending against ROP attacks. In: Proceedings of NDSS (2014)","DOI":"10.14722\/ndss.2014.23156"},{"key":"4_CR17","unstructured":"Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of USENIX Security (1998)"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Criswell, J., Dautenhahn, N., Adve, V.: KCoFI: complete control-flow integrity for commodity operating system kernels. In: Proceedings of the IEEE Security and Privacy (2014)","DOI":"10.1109\/SP.2014.26"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proceedings of ASIACCS (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"4_CR20","unstructured":"Durden, T.: Bypassing PaX ASLR protection. Phrack Mag. 59(9), June 2002. http:\/\/www.phrack.org\/phrack\/59\/p59-0x09"},{"key":"4_CR21","unstructured":"Fratric, I.: ROPGuard: runtime prevention of return-oriented programming attacks. https:\/\/code.google.com\/p\/ropguard\/"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: Proceedings of SOSP (2003)","DOI":"10.1145\/945445.945464"},{"key":"4_CR23","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of NDSS (2003)"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Goktas, E., Athanasopoulos, E., Bos, H., Portokalidis, G.: Out of control: overcoming control-flow integrity. In: Proceedings of IEEE Security and Privacy (2014)","DOI":"10.1109\/SP.2014.43"},{"key":"4_CR25","unstructured":"G\u00f6kta\u015f, E., Athanasopoulos, E., Polychronakis, M., Bos, H., Portokalidis, G.: Size does matter: why using gadget-chain length to prevent code-reuse attacks is hard. In: Proceedings of USENIX Security (2014)"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: ILR: where\u2019d my gadgets go? In: Proceedings of IEEE Security and Privacy (2012)","DOI":"10.1109\/SP.2012.39"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Hofmann, O.S., Dunn, A.M., Kim, S., Roy, I., Witchel, E.: Ensuring operating system kernel integrity with OSck. In: Proceedings of ASPLOS (2011)","DOI":"10.1145\/1950365.1950398"},{"key":"4_CR28","unstructured":"Howard, M., Thomlinson, M.: Windows ISV software security defenses. http:\/\/msdn.microsoft.com\/en-us\/library\/bb430720.aspx"},{"key":"4_CR29","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In: Proceedings of USENIX Security (2009)"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Kim, G.H., Spafford, E.H.: The design and implementation of tripwire: a file system integrity checker. In: Proceedings of CCS (1994)","DOI":"10.1145\/191177.191183"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating return-oriented rootkits with \u201creturn-less\u201d kernels. In: Proceedings of EuroSys (2010)","DOI":"10.1145\/1755913.1755934"},{"key":"4_CR32","unstructured":"Microsoft: A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2 (2008). http:\/\/support.microsoft.com\/kb\/875352"},{"key":"4_CR33","unstructured":"Mudge: How to Write Buffer Overflows (1997). http:\/\/l0pht.com\/advisories\/bufero.html"},{"key":"4_CR34","unstructured":"Oakley, J., Bratus, S.: Exploiting the hard-working DWARF: trojan and exploit techniques with no native executable code. In: Proceedings of WOOT (2011)"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: defeating return-oriented programming through gadget-less binaries. In: Proceedings of ACSAC (2010)","DOI":"10.1145\/1920261.1920269"},{"key":"4_CR36","unstructured":"Aleph One: Smashing the stack for fun and profit. Phrack 7(49), November 1996. http:\/\/www.phrack.com\/issues.html?issue=49&id=14"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: Proceedings of IEEE Security and Privacy (2012)","DOI":"10.1109\/SP.2012.41"},{"key":"4_CR38","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In: Proceedings of USENIX Security (2013)"},{"key":"4_CR39","unstructured":"Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a coprocessor-based kernel runtime integrity monitor. In: Proceedings of USENIX Security (2004)"},{"key":"4_CR40","unstructured":"Petroni Jr., N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In: Proceedings of USENIX Security (2006)"},{"key":"4_CR41","doi-asserted-by":"crossref","unstructured":"Petroni Jr., N.L., Hicks, M.: Automated detection of persistent kernel control-flow attacks. In: Proceedings of CCS (2007)","DOI":"10.1145\/1315245.1315260"},{"key":"4_CR42","unstructured":"Pietrek, M.: A crash course on the depths of win32 structured exception handling. Microsoft Syst. J. 12(1), January 1997"},{"key":"4_CR43","doi-asserted-by":"crossref","unstructured":"Prakash, A., Yin, H.: Defeating ROP through denial of stack pivot. In: ACSAC (2015)","DOI":"10.1145\/2818000.2818023"},{"key":"4_CR44","doi-asserted-by":"crossref","unstructured":"Roglia, G.F., Martignoni, L., Paleari, R., Bruschi, D.: Surgically returning to randomized lib(c). In: Proceedings of ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.16"},{"key":"4_CR45","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: Proceedings of SOSP (2007)","DOI":"10.1145\/1294261.1294294"},{"key":"4_CR46","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of CCS (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"4_CR47","doi-asserted-by":"crossref","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of CCS (2004)","DOI":"10.1145\/1030083.1030124"},{"key":"4_CR48","unstructured":"Smith, N.P.: Stack Smashing Vulnerabilities in the UNIX Operating System (2000)"},{"key":"4_CR49","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of IEEE Security and Privacy (2013)","DOI":"10.1109\/SP.2013.45"},{"key":"4_CR50","unstructured":"Sotirov, A., Dowd, M.: Bypassing browser memory protections in windows vista. http:\/\/www.phreedom.org\/research\/bypassing-browser-memory-protections\/"},{"key":"4_CR51","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1145\/66093.66095","volume":"19","author":"EH Spafford","year":"1989","unstructured":"Spafford, E.H.: The internet worm program: an analysis. SIGCOMM Comput. Commun. Rev. 19, 17\u201357 (1989)","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"4_CR52","doi-asserted-by":"crossref","unstructured":"Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: Proceedings of EuroSec (2009)","DOI":"10.1145\/1519144.1519145"},{"key":"4_CR53","unstructured":"PaX Team: http:\/\/pax.grsecurity.net\/"},{"key":"4_CR54","unstructured":"PaX Team: Pax address space layout randomization (ASLR) (2003). http:\/\/pax.grsecurity.net\/docs\/aslr.txt"},{"key":"4_CR55","unstructured":"The Enhanced Mitigation Experience Toolkit, Microsoft. http:\/\/technet.microsoft.com\/en-us\/security\/"},{"key":"4_CR56","unstructured":"Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, \u00da., Lozano, L., Pike, G.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: Proceedings of USENIX Security (2014)"},{"key":"4_CR57","doi-asserted-by":"crossref","unstructured":"Tran, M., Etheridge, M., Bletsch, T., Jiang, X., Freeh, V., Ning, P.: On the expressiveness of return-into-libc attacks. In: Proceedings of RAID (2011)","DOI":"10.1007\/978-3-642-23644-0_7"},{"key":"4_CR58","unstructured":"Vreugdenhil, P.: Pwn2own 2010: Windows 7 internet explorer 8 exploit. http:\/\/vreugdenhilresearch.nl\/Pwn2Own-2010-Windows7-InternetExplorer8.pdf"},{"key":"4_CR59","doi-asserted-by":"crossref","unstructured":"Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: Proceedings of CCS (2012)","DOI":"10.1145\/2382196.2382216"},{"key":"4_CR60","unstructured":"Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: Proceedings of IEEE Security and Privacy (2013)"},{"key":"4_CR61","unstructured":"Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the USENIX Security (2013)"},{"key":"4_CR62","unstructured":"Zovi, D.A.D.: Return oriented exploitation. In: Blackhat (2010)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45719-2_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,24]],"date-time":"2017-06-24T18:03:00Z","timestamp":1498327380000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-45719-2_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319457185","9783319457192"],"references-count":62,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45719-2_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}