{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,15]],"date-time":"2024-09-15T00:54:02Z","timestamp":1726361642538},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319979151"},{"type":"electronic","value":"9783319979168"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-97916-8_5","type":"book-chapter","created":{"date-parts":[[2018,7,25]],"date-time":"2018-07-25T12:13:24Z","timestamp":1532520804000},"page":"68-83","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Safe Trans Loader: Mitigation and Prevention of Memory Corruption Attacks for Released Binaries"],"prefix":"10.1007","author":[{"given":"Takamichi","family":"Saito","sequence":"first","affiliation":[]},{"given":"Masahiro","family":"Yokoyama","sequence":"additional","affiliation":[]},{"given":"Shota","family":"Sugawara","sequence":"additional","affiliation":[]},{"given":"Kuniyasu","family":"Suzaki","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,7,26]]},"reference":[{"key":"5_CR1","unstructured":"Akritidis, P.: Cling: a memory allocator to mitigate dangling pointers. In: Proceedings of the 19th USENIX Conference on Security. In: USENIX Security 2010, p. 12 (2010)"},{"key":"5_CR2","unstructured":"Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 51\u201366 (2009)"},{"key":"5_CR3","unstructured":"Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2000, p. 21 (2000)"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Bittau, A., Belay, A., Mashtizadeh, A., Mazi\u00e8res, D., Boneh, D.: Hacking blind. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 227\u2013242 (2014)","DOI":"10.1109\/SP.2014.22"},{"key":"5_CR5","first-page":"1","volume-title":"Lecture Notes in Computer Science","author":"Erik Bosman","year":"2011","unstructured":"Bosman, E., Slowinska, A., Bos, H.: Minemu: the world\u2019s fastest taint tracker. In: Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, RAID 2011, pp. 1\u201320 (2011)"},{"key":"5_CR6","doi-asserted-by":"crossref","unstructured":"Chen, X., Slowinska, A., Andriesse, D., Bos, H., Giuffrida, C.: StackArmor: comprehensive protection from stack-based memory error vulnerabilities for binaries. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23248"},{"key":"5_CR7","unstructured":"CVE: CVE-2009-2957. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009-2957"},{"key":"5_CR8","unstructured":"CVE: CVE-2013-4256. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-4256"},{"key":"5_CR9","unstructured":"CVE: CVE-2017-14492. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14492"},{"key":"5_CR10","unstructured":"CVE: CVE-2017-14493. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14493"},{"key":"5_CR11","unstructured":"CWE: CWE-121: Stack-based buffer overflow. http:\/\/cwe.mitre.org\/data\/definitions\/121.html"},{"key":"5_CR12","unstructured":"CWE: CWE-122: Heap-based buffer overflow. http:\/\/cwe.mitre.org\/data\/definitions\/122.html"},{"key":"5_CR13","unstructured":"CWE: CWE-416: Use after free. http:\/\/cwe.mitre.org\/data\/definitions\/416.html"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 40\u201351 (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"5_CR15","doi-asserted-by":"crossref","unstructured":"Dhurjati, D., Adve, V.: Backwards-compatible array bounds checking for C with very low overhead. In: Proceedings of the 28th International Conference on Software Engineering, ICSE 2006, pp. 162\u2013171 (2006)","DOI":"10.1145\/1134285.1134309"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Hiser, J., Nguyen-Tuong, A. Co, M., Hall, M., Davidson, J.W.: ILR: where\u2019d my gadgets go? In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 571\u2013585 (2012)","DOI":"10.1109\/SP.2012.39"},{"key":"5_CR17","unstructured":"Jones, R.W.M., Kelly, P.H.J.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Proceedings of the 3rd International Workshop on Automatic Debugging (AADEBUG 1997), no. 1, pp. 13\u201326 (1997)"},{"key":"5_CR18","unstructured":"Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, OSDI 2014, pp. 147\u2013163 (2014)"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Lee, B., et al.: Preventing use-after-free with dangling pointers nullification. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23238"},{"key":"5_CR20","unstructured":"Microsoft: A Detailed Description of the Data Execution Prevention (DEP) Feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. https:\/\/support.microsoft.com\/en-us\/help\/875352\/a-detailed-description-of-the-data-execution-prevention-dep-feature-in"},{"issue":"6","key":"5_CR21","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1145\/1543135.1542504","volume":"44","author":"S Nagarakatte","year":"2009","unstructured":"Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. SIGPLAN Not. 44(6), 245\u2013258 (2009)","journal-title":"SIGPLAN Not."},{"issue":"8","key":"5_CR22","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1145\/1837855.1806657","volume":"45","author":"S Nagarakatte","year":"2010","unstructured":"Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. SIGPLAN Not. 45(8), 31\u201340 (2010)","journal-title":"SIGPLAN Not."},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Novark, G., Berger, E.D.: DieHarder: securing the heap. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 573\u2013584 (2010)","DOI":"10.1145\/1866307.1866371"},{"key":"5_CR24","unstructured":"OSDev: Buffer overflow protection. https:\/\/wiki.osdev.org\/Stack_Smashing_Protector"},{"key":"5_CR25","unstructured":"PaX: ASLR (Address Space Layout Randomization) - of PaX (2003). http:\/\/pax.grsecurity.net\/docs\/aslr.txt"},{"key":"5_CR26","unstructured":"Seacord, R.: Secure Coding in C and C++. SEI Series in Software Engineering (2013)"},{"key":"5_CR27","unstructured":"Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC 2012, p. 28 (2012)"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 574\u2013588 (2013)","DOI":"10.1109\/SP.2013.45"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 48\u201362 (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"5_CR30","unstructured":"Tice, C., et al.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 941\u2013955 (2014)"},{"key":"5_CR31","unstructured":"US-CERT: SafeStr (2006). https:\/\/www.us-cert.gov\/bsi\/articles\/knowledge\/coding-practices\/safestr"},{"key":"5_CR32","unstructured":"Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way (Paperback). Addison-Wesley Professional Computing Series. Addison-Wesley, Reading (2011)"},{"key":"5_CR33","unstructured":"Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium, pp. 3\u201317 (2000)"},{"key":"5_CR34","doi-asserted-by":"crossref","unstructured":"Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 157\u2013168 (2012)","DOI":"10.1145\/2382196.2382216"},{"key":"5_CR35","unstructured":"Williams-King, D., et al.: Shuffler: fast and deployable continuous code re-randomization. In: Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI 2016, pp. 367\u2013382 (2016)"},{"key":"5_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-319-46298-1_15","volume-title":"Network and System Security","author":"T Yamauchi","year":"2016","unstructured":"Yamauchi, T., Ikegami, Y.: HeapRevolver: delaying and randomizing timing of release of freed memory area to prevent use-after-free attacks. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 219\u2013234. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-46298-1_15"},{"key":"5_CR37","doi-asserted-by":"crossref","unstructured":"Younan, Y.: Freesentry: protecting against use-after-free vulnerabilities due to dangling pointers. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8\u201311 February 2015","DOI":"10.14722\/ndss.2015.23190"},{"key":"5_CR38","doi-asserted-by":"crossref","unstructured":"Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: Paricheck: an efficient pointer arithmetic checker for C programs. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 145\u2013156 (2010)","DOI":"10.1145\/1755688.1755707"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 559\u2013573 (2013)","DOI":"10.1109\/SP.2013.44"},{"key":"5_CR40","unstructured":"Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 337\u2013352 (2013)"}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-97916-8_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,6]],"date-time":"2020-11-06T17:35:58Z","timestamp":1604684158000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-97916-8_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319979151","9783319979168"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-97916-8_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}