{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T07:07:17Z","timestamp":1742972837870,"version":"3.40.3"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319934105"},{"type":"electronic","value":"9783319934112"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-93411-2_9","type":"book-chapter","created":{"date-parts":[[2018,6,7]],"date-time":"2018-06-07T07:49:28Z","timestamp":1528357768000},"page":"185-207","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["On the Weaknesses of Function Table Randomization"],"prefix":"10.1007","author":[{"given":"Moritz","family":"Contag","sequence":"first","affiliation":[]},{"given":"Robert","family":"Gawlik","sequence":"additional","affiliation":[]},{"given":"Andre","family":"Pawlowski","sequence":"additional","affiliation":[]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,6,8]]},"reference":[{"key":"9_CR1","unstructured":"Alexa Internet, Inc.: Top 500 sites on the web. \n                      http:\/\/www.alexa.com\/topsites"},{"key":"9_CR2","unstructured":"Alsaheel, A., Pande, R.: Using EMET to disable EMET. \n                      https:\/\/www.fireeye.com\/blog\/threat-research\/2016\/02\/using_emet_to_disabl.html"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Backes, M., Holz, T., Kollenda, B., Koppe, P., N\u00fcrnberger, S., Pewny, J.: You can run but you can\u2019t read: preventing disclosure exploits in executable code. In: ACM CCS (2014)","DOI":"10.1145\/2660267.2660378"},{"key":"9_CR4","doi-asserted-by":"crossref","unstructured":"Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: ACM CCS (2015)","DOI":"10.1145\/2810103.2813691"},{"key":"9_CR5","doi-asserted-by":"crossref","unstructured":"Braden, K., Davi, L., Liebchen, C., Sadeghi, A.-R., Crane, S., Franz, M., Larsen, P.: Leakage-resilient layout randomization for mobile devices. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23364"},{"key":"9_CR6","doi-asserted-by":"crossref","unstructured":"Chen, X., Bos, H., Giuffrida, C.: CodeArmor: virtualizing the code space to counter disclosure attacks. In: IEEE EuroS&P (2017)","DOI":"10.1109\/EuroSP.2017.17"},{"key":"9_CR7","unstructured":"Chromium: Usage of the zygote process creation model in Chromium. \n                      https:\/\/chromium.googlesource.com\/chromium\/src\/+\/master\/docs\/linux_zygote.md"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Contag, M., Gawlik, R., Pawlowski, A., Holz, T.: On the weaknesses of function table randomization. Technical report, Ruhr-Universit\u00e4t Bochum (2018)","DOI":"10.1007\/978-3-319-93411-2_9"},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Crane, S., Larsen, P., Brunthaler, S., Franz, M.: Booby trapping software. In: ACM Workshop on New Security Paradigms (NSPW) (2013)","DOI":"10.1145\/2535813.2535824"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Crane, S., Liebchen, C., Homescu, A., Davi, L., Larsen, P., Sadeghi, A.-R., Brunthaler, S., Franz, M.: Readactor: practical code randomization resilient to memory disclosure. In: IEEE S&P (2015)","DOI":"10.1109\/SP.2015.52"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Crane, S., Volckaert, S., Schuster, F., Liebchen, C., Larsen, P., Davi, L., Sadeghi, A.-R., Holz, T., Sutter, B.D., Franz, M.: It\u2019s a TRAP: table randomization and protection against function reuse attacks. In: ACM CCS (2015)","DOI":"10.1145\/2810103.2813682"},{"key":"9_CR12","unstructured":"Di Federico, A., Cama, A., Shoshitaishvili, Y., Kruegel, C., Vigna, G.: How the ELF ruined Christmas. In: USENIX Security (2015)"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Evans, I., Fingeret, S., Gonz\u00e1lez, J., Otgonbaatar, U., Tang, T., Shrobe, H., Sidiroglou-Douskos, S., Rinard, M., Okhravi, H.: Missing the point(er): on the effectiveness of code pointer integrity. In: IEEE S&P (2015)","DOI":"10.1109\/SP.2015.53"},{"key":"9_CR14","doi-asserted-by":"crossref","unstructured":"Gawlik, R., Kollenda, B., Koppe, P., Garmany, B., Holz, T.: Enabling client-side crash-resistance to overcome diversification and information hiding. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23262"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Gionta, J., Enck, W., Ning, P.: HideM: protecting the contents of userspace memory in the face of disclosure vulnerabilities. In: ACM CODASPY (2015)","DOI":"10.1145\/2699026.2699107"},{"key":"9_CR16","unstructured":"Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: USENIX Security (2012)"},{"key":"9_CR17","unstructured":"glibc. link.h header file, defining link_map. \n                      https:\/\/github.com\/bminor\/glibc\/blob\/master\/include\/link.h"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"G\u00f6kta\u015f, E., Athanasopoulos, E., Bos, H., Portokalidis, G.: Out of control: overcoming control-flow integrity. In: IEEE S&P (2014)","DOI":"10.1109\/SP.2014.43"},{"key":"9_CR19","unstructured":"Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: USENIX OSDI (2014)"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Lee, B., Lu, L., Wang, T., Kim, T., Lee, W.: From zygote to morula: fortifying weakened ASLR on android. In: IEEE S&P (2014)","DOI":"10.1109\/SP.2014.34"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Lu, K., Song, C., Lee, B., Chung, S.P., Kim, T., Lee, W.: ASLR-guard: stopping address space leakage for code reuse attacks. In: ACM CCS (2015)","DOI":"10.1145\/2810103.2813694"},{"key":"9_CR22","doi-asserted-by":"crossref","unstructured":"Mashtizadeh, A.J., Bittau, A., Boneh, D., Mazi\u00e8res, D.: CCFI: cryptographically enforced control flow integrity. In: ACM CCS (2015)","DOI":"10.1145\/2810103.2813676"},{"key":"9_CR23","unstructured":"Microsoft: The Enhanced Mitigation Experience Toolkit. \n                      https:\/\/support.microsoft.com\/en-us\/kb\/2458544"},{"key":"9_CR24","unstructured":"National Vulnerability Database: Vulnerability Summary for CVE-2014-3176. \n                      https:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-3176"},{"key":"9_CR25","unstructured":"Nergal: The advanced return-into-lib(c) exploits: PaX case study. \n                      http:\/\/phrack.org\/issues\/58\/4.html"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"Payer, M., Hartmann, T., Gross, T.R.: Safe loading - a foundation for secure execution of untrusted programs. In: IEEE S&P (2012)","DOI":"10.1109\/SP.2012.11"},{"key":"9_CR27","unstructured":"Bania, P.: Bypassing EMET Export Address Table Access Filtering feature. \n                      http:\/\/piotrbania.com\/all\/articles\/anti_emet_eaf.txt"},{"key":"9_CR28","unstructured":"Pomonis, M., Petsios, T., Keromytis, A.D., Polychronakis, M., Kemerlis, V.P.: kR\n                      \n                        \n                      \n                      $${}^\\wedge $$\n                    X: comprehensive Kernel protection against just-in-time code reuse. In: ACM European Conference on Computer Systems (EuroSys) (2017)"},{"key":"9_CR29","doi-asserted-by":"crossref","unstructured":"Rudd, R., Skowyra, R., Bigelow, D., Dedhia, V., Hobson, T., Crane, S., Liebchen, C., Larsen, P., Davi, L., Franz, M., et al.: Address-oblivious code reuse: on the effectiveness of leakage-resilient diversity. In: NDSS (2016)","DOI":"10.14722\/ndss.2017.23477"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.-R., Holz, T.: Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in C++ applications. In: IEEE S&P (2015)","DOI":"10.1109\/SP.2015.51"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: ACM CCS (2004)","DOI":"10.1145\/1030083.1030124"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.-R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: IEEE S&P (2013)","DOI":"10.1109\/SP.2013.45"},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"Tang, A., Sethumadhavan, S., Stolfo, S.: Heisenbyte: thwarting memory disclosure attacks using destructive code reads. In: ACM CCS (2015)","DOI":"10.1145\/2810103.2813685"},{"key":"9_CR34","unstructured":"WebKit: JetStream JavaScript benchmark suite. \n                      http:\/\/browserbench.org\/JetStream\/"},{"key":"9_CR35","unstructured":"Williams-King, D., Gobieski, G., Williams-King, K., Blake, J.P., Yuan, X., Colp, P., Zheng, M., Kemerlis, V.P., Yang, J., Aiello, W.: Shuffler: fast and deployable continuous code re-randomization. In: USENIX OSDI (2016)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-93411-2_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,3,3]],"date-time":"2020-03-03T03:19:23Z","timestamp":1583205563000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-93411-2_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319934105","9783319934112"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-93411-2_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 June 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Saclay","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 June 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 June 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dimva2018.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}