{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T16:34:39Z","timestamp":1743093279046,"version":"3.40.3"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319491479"},{"type":"electronic","value":"9783319491486"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-49148-6_12","type":"book-chapter","created":{"date-parts":[[2016,11,9]],"date-time":"2016-11-09T09:50:38Z","timestamp":1478685038000},"page":"131-144","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["ROP-Hunt: Detecting Return-Oriented Programming Attacks in Applications"],"prefix":"10.1007","author":[{"given":"Lu","family":"Si","sequence":"first","affiliation":[]},{"given":"Jie","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Jun","family":"Ma","sequence":"additional","affiliation":[]},{"given":"Qingbo","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Shasha","family":"Li","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,11,10]]},"reference":[{"key":"12_CR1","unstructured":"Data execution prevention. http:\/\/support.microsoft.com\/kb\/875352\/EN-US"},{"key":"12_CR2","unstructured":"Linux\/$$\\times $$86 - \/bin\/sh sysenter Opcode Array Payload. http:\/\/shell-storm.org\/shellcode\/files\/shellcode-236.php"},{"key":"12_CR3","unstructured":"Linux\/$$\\times $$86 - sys exit(0). http:\/\/shell-storm.org\/shellcode\/files\/shellcode-623.php"},{"key":"12_CR4","unstructured":"Setjmp - set jump point for a non-local goto. http:\/\/pubs.opengroup.org\/onlinepubs\/009695399\/functions\/setjmp.html"},{"key":"12_CR5","unstructured":"Shellcodes database for study cases. http:\/\/shell-storm.org\/shellcode\/"},{"key":"12_CR6","unstructured":"HT Editor 2.0.20 Buffer Overflow (ROP PoC). http:\/\/www.exploit-db.com\/exploits\/22683\/"},{"key":"12_CR7","unstructured":"PHP 5.3.6 Buffer Overflow PoC. http:\/\/www.exploit-db.com\/exploits\/17486"},{"key":"12_CR8","unstructured":"ROPgadget - Gadgets finder and auto-roper. http:\/\/shell-storm.org\/project\/ROPgadget\/"},{"key":"12_CR9","unstructured":"ROPPER - ROP GADGET FINDER AND BINARY INFORMATION TOOL. https:\/\/scoding.de\/ropper\/"},{"key":"12_CR10","unstructured":"Standard Performance Evaluation Corporation, SPEC CPU2006 Benchmarks. http:\/\/www.spec.org\/osg\/cpu2006\/"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.: Mitigating code-reuse attacks with control-flow locking. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 353\u2013362. ACM (2011)","DOI":"10.1145\/2076732.2076783"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 30\u201340. ACM (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to risc. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 27\u201338. ACM (2008)","DOI":"10.1145\/1455770.1455776"},{"key":"12_CR14","unstructured":"Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 385\u2013399 (2014)"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 559\u2013572. ACM (2010)","DOI":"10.1145\/1866307.1866370"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Feldman, A.J., Kantor, B., Halderman, J.A., Felten, E.W., Shacham, H.: Can DREs provide long-lasting security? The case of return-oriented programming and the AVC advantage. In: EVT\/WOTE 2009 (2009)","DOI":"10.1145\/1866307.1866370"},{"key":"12_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-642-10772-6_13","volume-title":"Information Systems Security","author":"P Chen","year":"2009","unstructured":"Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: detecting return-oriented programming malicious code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 163\u2013177. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-10772-6_13"},{"key":"12_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-642-17714-9_11","volume-title":"Information Systems Security","author":"P Chen","year":"2010","unstructured":"Chen, P., Xing, X., Han, H., Mao, B., Xie, L.: Efficient detection of the return-oriented programming malicious code. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 140\u2013155. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-17714-9_11"},{"key":"12_CR19","unstructured":"Chen, S., Li, Z., Huang, Y., Xing, J.: Sat-based technique to detect buffer overflows in c source codes. J. Tsinghua Univ. (Science and Technology), S2 (2009)"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., Winandy, M.: Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, pp. 49\u201354. ACM (2009)","DOI":"10.1145\/1655108.1655117"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., Winandy, M.: Ropdefender: adetection tool to defend against return-oriented programming attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 40\u201351. ACM (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"12_CR22","unstructured":"Dullien, T., Kornau, T., Weinmann, R.P.: A framework for automated architecture-independent gadget search. In: WOOT (2010)"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Francillon, A., Castelluccia, C.: Code injection attacks on Harvard-architecture devices. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 15\u201326. ACM (2008)","DOI":"10.1145\/1455770.1455775"},{"key":"12_CR24","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In: USENIX Security Symposium, pp. 383\u2013398 (2009)"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Kayaalp, M., Schmitt, T., Nomani, J., Ponomarev, D., Abu-Ghazaleh, N.: SCRAP: architecture for signature-based protection from code reuse attacks. In: 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA2013), pp. 258\u2013269. IEEE (2013)","DOI":"10.1109\/HPCA.2013.6522324"},{"key":"12_CR26","unstructured":"Kornau, T.: Return oriented programming for the ARM architecture. Ph.D. thesis, Masters thesis, Ruhr-Universit\u00e4t Bochum (2010)"},{"key":"12_CR27","unstructured":"Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating return-oriented rootkits with return-less kernels. In: Proceedings of the 5th European Conference on Computer Systems, pp. 195\u2013208. ACM (2010)"},{"issue":"6","key":"12_CR28","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1145\/1064978.1065034","volume":"40","author":"Chi-Keung Luk","year":"2005","unstructured":"Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: ACM Sigplan Notices, vol. 40, pp. 190\u2013200. ACM (2005)","journal-title":"ACM SIGPLAN Notices"},{"key":"12_CR29","unstructured":"Nethercote, N.: Dynamic binary analysis and instrumentation (2004). http:\/\/valgrind.org\/docs\/phd2004.pdf"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: defeating return-oriented programming through gadget-less binaries. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 49\u201358. ACM (2010)","DOI":"10.1145\/1920261.1920269"},{"issue":"49","key":"12_CR31","first-page":"14","volume":"7","author":"A One","year":"1996","unstructured":"One, A.: Smashing the stack for fun and profit. Phrack Mag. 7(49), 14\u201316 (1996)","journal-title":"Phrack Mag."},{"key":"12_CR32","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In: Presented as Part of the 22nd USENIX Security Symposium (USENIX Security 2013), pp. 447\u2013462 (2013)"},{"key":"12_CR33","unstructured":"Roemer, R.G.: Finding the bad in good code: automated return-oriented programming exploit discovery (2009)"},{"key":"12_CR34","unstructured":"Schwartz, E.J., Avgerinos, T., Brumley, D.: Q: Exploit hardening made easy. In: USENIX Security Symposium, pp. 25\u201341 (2011)"},{"key":"12_CR35","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the $$\\times $$86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552\u2013561. ACM (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"12_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-642-23644-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"M Tran","year":"2011","unstructured":"Tran, M., Etheridge, M., Bletsch, T., Jiang, X., Freeh, V., Ning, P.: On the expressiveness of return-into-libc attacks. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 121\u2013141. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-23644-0_7"},{"key":"12_CR37","unstructured":"Wojtczuk, R.: The advanced return-into-lib(c) exploits: PaX case study. Phrack Mag. 0x0b(0x3a), Phile# 0x04 of 0x0e (2001)"},{"key":"12_CR38","doi-asserted-by":"crossref","unstructured":"Yao, F., Chen, J., Venkataramani, G.: Jop-alarm: detecting jump-oriented programming-based anomalies in applications. In: 2013 IEEE 31st International Conference on Computer Design (ICCD), pp. 467\u2013470. IEEE (2013)","DOI":"10.1109\/ICCD.2013.6657084"},{"issue":"18","key":"12_CR39","first-page":"41","volume":"31","author":"M Zhang","year":"2005","unstructured":"Zhang, M., Luo, J.: Pointer analysis algorithm in static buffer overflow analysis. Comput. Eng. 31(18), 41\u201343 (2005)","journal-title":"Comput. Eng."}],"container-title":["Lecture Notes in Computer Science","Security, Privacy, and Anonymity in Computation, Communication, and Storage"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-49148-6_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T16:51:13Z","timestamp":1709830273000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-49148-6_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319491479","9783319491486"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-49148-6_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"10 November 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SpaCCS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zhangjiajie","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 November 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 November 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"spaccs2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/trust.csu.edu.cn\/conference\/SpaCCS2016\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}