{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:48:40Z","timestamp":1740098920667,"version":"3.37.3"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319621043"},{"type":"electronic","value":"9783319621050"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-62105-0_10","type":"book-chapter","created":{"date-parts":[[2017,6,23]],"date-time":"2017-06-23T05:13:20Z","timestamp":1498194800000},"page":"143-160","source":"Crossref","is-referenced-by-count":2,"title":["Defeating Zombie Gadgets by Re-randomizing Code upon Disclosure"],"prefix":"10.1007","author":[{"given":"Micah","family":"Morton","sequence":"first","affiliation":[]},{"given":"Hyungjoon","family":"Koo","sequence":"additional","affiliation":[]},{"given":"Forrest","family":"Li","sequence":"additional","affiliation":[]},{"given":"Kevin Z.","family":"Snow","sequence":"additional","affiliation":[]},{"given":"Michalis","family":"Polychronakis","sequence":"additional","affiliation":[]},{"given":"Fabian","family":"Monrose","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,6,24]]},"reference":[{"unstructured":"ROPEME - ROP exploit made easy (2016). \nhttps:\/\/github.com\/packz\/ropeme","key":"10_CR1"},{"unstructured":"Control-flow enforcement technology preview (2016). \nhttps:\/\/software.intel.com\/sites\/default\/files\/managed\/4d\/2a\/control-flow-enforcement-technology-preview.pdf","key":"10_CR2"},{"doi-asserted-by":"crossref","unstructured":"Athanasakis, M., Athanasopoulos, E., Polychronakis, M., Portokalidis, G., Ioannidis, S.: The devil is in the constants: bypassing defenses in browser JIT engines. In: Symposium on Network and Distributed System Security (2015)","key":"10_CR3","DOI":"10.14722\/ndss.2015.23209"},{"unstructured":"Backes, M., N\u00fcrnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: USENIX Security Symposium, pp. 433\u2013447 (2014)","key":"10_CR4"},{"doi-asserted-by":"crossref","unstructured":"Backes, M., Holz, T., Kollenda, B., Koppe, P., N\u00fcrnberger, S., Pewny, J.: You can run but you can\u2019t read: preventing disclosure exploits in executable code. In: ACM Conference on Computer and Communications Security, pp. 1342\u20131353 (2014)","key":"10_CR5","DOI":"10.1145\/2660267.2660378"},{"doi-asserted-by":"crossref","unstructured":"Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: ACM Conference on Computer and Communications Security, pp. 268\u2013279. ACM (2015)","key":"10_CR6","DOI":"10.1145\/2810103.2813691"},{"doi-asserted-by":"crossref","unstructured":"Braden, K., Crane, S., Davi, L., Franz, M., Larsen, P., Liebchen, C., Sadeghi, A.-R.: Leakage-resilient layout randomization for mobile devices. In: Symposium on Network and Distributed System Security (2016)","key":"10_CR7","DOI":"10.14722\/ndss.2016.23364"},{"unstructured":"Brookes, S., Denz, R., Osterloh, M., Taylor, S.: Exoshim: preventing memory disclosure using execute-only kernel code. In: International Conference on Cyber Warfare and Security (2016, to appear)","key":"10_CR8"},{"unstructured":"Chen, P., Xu, J., Wang, J., Liu, P.: Instantly obsoleting the address-code associations: a new principle for defending advanced code reuse attack. arXiv preprint \narXiv:1507.02786\n\n (2015)","key":"10_CR9"},{"doi-asserted-by":"crossref","unstructured":"Chen, Y., Wang, Z., Whalley, D., Lu, L.: Remix: on-demand live randomization. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pp. 50\u201361. ACM (2016)","key":"10_CR10","DOI":"10.1145\/2857705.2857726"},{"doi-asserted-by":"crossref","unstructured":"Crane, S., Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Thwarting cache side-channel attacks through dynamic software diversity. In: Symposium on Network and Distributed System Security (2015)","key":"10_CR11","DOI":"10.14722\/ndss.2015.23264"},{"doi-asserted-by":"crossref","unstructured":"Crane, S., Liebchen, C., Homescu, A., Davi, L., Larsen, P., Sadeghi, A.-R., Brunthaler, S., Franz, M.: Readactor: practical code randomization resilient to memory disclosure. In: IEEE Symposium on Security and Privacy, pp. 763\u2013780 (2015)","key":"10_CR12","DOI":"10.1109\/SP.2015.52"},{"doi-asserted-by":"crossref","unstructured":"Crane, S.J., Volckaert, S., Schuster, F., Liebchen, C., Larsen, P., Davi, L., Sadeghi, A.-R., Holz, T., De Sutter, B., Franz, M.: It\u2019s a trap: table randomization and protection against function-reuse attacks. In: ACM Conference on Computer and Communications Security, pp. 243\u2013255 (2015)","key":"10_CR13","DOI":"10.1145\/2810103.2813682"},{"doi-asserted-by":"crossref","unstructured":"Dang, T.H., Maniatis, P., Wagner, D.: The performance cost of shadow stacks and stack canaries. In: ACM Asia Conference on Computer and Communications Security, pp. 555\u2013566 (2015)","key":"10_CR14","DOI":"10.1145\/2714576.2714635"},{"doi-asserted-by":"crossref","unstructured":"Davi, L., Liebchen, C., Sadeghi, A.-R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: Symposium on Network and Distributed System Security (2015)","key":"10_CR15","DOI":"10.14722\/ndss.2015.23262"},{"key":"10_CR16","volume-title":"Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats","author":"D Evans","year":"2011","unstructured":"Evans, D., Nguyen-Tuong, A., Knight, J.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer, New York (2011)"},{"key":"10_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-319-45719-2_4","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Y Fu","year":"2016","unstructured":"Fu, Y., Rhee, J., Lin, Z., Li, Z., Zhang, H., Jiang, G.: Detecting stack layout corruptions with robust stack unwinding. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 71\u201394. Springer, Cham (2016). doi:\n10.1007\/978-3-319-45719-2_4"},{"doi-asserted-by":"crossref","unstructured":"Gawlik, R., Kollenda, B., Koppe, P., Garmany, B., Holz, T.: Enabling client-side crash-resistance to overcome diversification and information hiding. In: Symposium on Network and Distributed System Security (2016)","key":"10_CR18","DOI":"10.14722\/ndss.2016.23262"},{"doi-asserted-by":"crossref","unstructured":"Gionta, J., Enck, W., Ning, P.: HideM: protecting the contents of userspace memory in the face of disclosure vulnerabilities. In: ACM Conference on Data and Application Security and Privacy, pp. 325\u2013336 (2015)","key":"10_CR19","DOI":"10.1145\/2699026.2699107"},{"unstructured":"Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: USENIX Security Symposium, pp. 475\u2013490 (2012). \nhttps:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/giuffrida","key":"10_CR20"},{"key":"10_CR21","series-title":"Advances in Information Security","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-5416-8_7","volume-title":"Moving Target Defense II","author":"CL Goues","year":"2013","unstructured":"Goues, C.L., Nguyen-Tuong, A., Chen, H., Davidson, J.W., Forrest, S., Hiser, J.D., Knight, J.C., Van Gundy, M.: Moving target defenses in the helix self-regenerative architecture. In: Jajodia, S., Ghosh, A., Subrahmanian, V., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense II. Advances in Information Security, vol. 100. Springer, New York (2013). doi:\n10.1007\/978-1-4614-5416-8_7\n\n. ISBN:978-1-4614-5416-8. \nhttp:\/\/dx.doi.org\/10.1007\/978-1-4614-5416-8_7"},{"unstructured":"Hansen, D.: [RFC] x86: Memory protection keys (2015). \nhttps:\/\/lwn.net\/Articles\/643617\/","key":"10_CR22"},{"doi-asserted-by":"crossref","unstructured":"Koo, H., Polychronakis, M.: Juggling the gadgets: binary-level code randomization using instruction displacement. In: ACM Asia Conference on Computer and Communications Security, May 2016","key":"10_CR23","DOI":"10.1145\/2897845.2897863"},{"doi-asserted-by":"crossref","unstructured":"Lu, K., N\u00fcrnberger, S., Backes, M., Lee, W.: How to make aslr win the clone wars: runtime re-randomization. In: Symposium on Network and Distributed System Security (2016)","key":"10_CR24","DOI":"10.14722\/ndss.2016.23173"},{"unstructured":"Maisuradze, G., Backes, M., Rossow, C.: What cannot be read, cannot be leveraged? revisiting assumptions of JIT-ROP defenses. In: USENIX Security Symposium (2016)","key":"10_CR25"},{"doi-asserted-by":"crossref","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: IEEE Symposium on Security and Privacy, pp. 601\u2013615 (2012)","key":"10_CR26","DOI":"10.1109\/SP.2012.41"},{"doi-asserted-by":"crossref","unstructured":"Snow, K., Rogowski, R., Werner, J., Koo, H., Monrose, F., Polychronakis, M.: Return to the zombie gadgets: undermining destructive code reads via code inference attacks. In: IEEE Symposium on Security and Privacy (2016)","key":"10_CR27","DOI":"10.1109\/SP.2016.61"},{"doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.-R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: IEEE Symposium on Security and Privacy, pp. 574\u2013588 (2013)","key":"10_CR28","DOI":"10.1109\/SP.2013.45"},{"doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: IEEE Symposium on Security and Privacy, pp. 48\u201362 (2013)","key":"10_CR29","DOI":"10.1109\/SP.2013.13"},{"doi-asserted-by":"crossref","unstructured":"Tang, A., Sethumadhavan, S., Stolfo, S.: Heisenbyte: thwarting memory disclosure attacks using destructive code reads. In: ACM Conference on Computer and Communications Security, pp. 256\u2013267 (2015)","key":"10_CR30","DOI":"10.1145\/2810103.2813685"},{"doi-asserted-by":"crossref","unstructured":"Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: ACM Conference on Computer and Communications Security, pp. 157\u2013168 (2012)","key":"10_CR31","DOI":"10.1145\/2382196.2382216"},{"doi-asserted-by":"crossref","unstructured":"Werner, J., Baltas, G., Dallara, R., Otterness, N., Snow, K.Z., Monrose, F., Polychronakis, M.: No-execute-after-read: preventing code disclosure in commodity software. In: ACM Asia Conference on Computer and Communications Security (2016)","key":"10_CR32","DOI":"10.1145\/2897845.2897891"},{"unstructured":"Williams-King, D., Gobieski, G., Williams-King, K., Blake, J.P., Yuan, X., Colp, P., Zheng, M., Kemerlis, V.P., Yang, J., Aiello, W.: Shuffler: fast and deployable continuous code re-randomization. In: USENIX Symposium on Operating Systems Design and Implementation, pp. 367\u2013382 (2016)","key":"10_CR33"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-62105-0_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,23]],"date-time":"2017-06-23T05:16:55Z","timestamp":1498195015000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-62105-0_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319621043","9783319621050"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-62105-0_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}