{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T13:27:37Z","timestamp":1758806857701,"version":"3.40.3"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319990729"},{"type":"electronic","value":"9783319990736"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-99073-6_18","type":"book-chapter","created":{"date-parts":[[2018,8,10]],"date-time":"2018-08-10T18:09:38Z","timestamp":1533924578000},"page":"363-382","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["PwIN \u2013 Pwning Intel piN: Why DBI is Unsuitable for Security Applications"],"prefix":"10.1007","author":[{"given":"Julian","family":"Kirsch","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhechko","family":"Zhechev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bruno","family":"Bierbaumer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Kittel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,8,8]]},"reference":[{"key":"18_CR1","unstructured":"CVE-2014-0160. Available from MITRE, CVE-2017-13089. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-13089. Accessed 24 Apr 2018"},{"key":"18_CR2","unstructured":"QuarkslaB Dynamic binary Instrumentation (QBDI). https:\/\/qbdi.quarkslab.com\/. Accessed 24 Apr 2018"},{"key":"18_CR3","doi-asserted-by":"publisher","first-page":"4:1","DOI":"10.1145\/1609956.1609960","volume":"13","author":"M Abadi","year":"2009","unstructured":"Abadi, M., Budiu, M., Erlingsson, \u00da., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13, 4:1\u20134:40 (2009)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"18_CR4","unstructured":"Banescu, S., W\u00fcchner, T., Guggenmos, M., Ochoa, M., Pretschner, A.: FEEBO: an empirical evaluation framework for malware behavior obfuscation. arXiv preprint arXiv:1502.03245 (2015)"},{"key":"18_CR5","unstructured":"Bruening, D., Duesterwald, E., Amarasinghe, S.: Design and implementation of a dynamic optimization framework for windows. In: 4th ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-4) (2001)"},{"key":"18_CR6","unstructured":"Bruening, D., Garnett, T., Amarasinghe, S.: An infrastructure for adaptive dynamic optimization. In: International Symposium on Code Generation and Optimization, CGO 2003, pp. 265\u2013275. IEEE (2003)"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"Bruening, D., Zhao, Q.: Practical memory checking with Dr. Memory. In: Proceedings of the 9th Annual IEEE\/ACM International Symposium on Code Generation and Optimization, pp. 213\u2013223. IEEE Computer Society (2011)","DOI":"10.1109\/CGO.2011.5764689"},{"key":"18_CR8","unstructured":"Chiueh, T.c., Hsu, F.H.: RAD: a compile-time solution to buffer overflow attacks. In: 21st International Conference on Distributed Computing Systems, pp. 409\u2013417. IEEE (2001)"},{"key":"18_CR9","doi-asserted-by":"crossref","unstructured":"Clause, J., Li, W., Orso, A.: Dytan: a generic dynamic taint analysis framework. In: Proceedings of the 2007 International Symposium on Software Testing and Analysis, pp. 196\u2013206. ACM (2007)","DOI":"10.1145\/1273463.1273490"},{"key":"18_CR10","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: ASIACCS (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"18_CR11","doi-asserted-by":"crossref","unstructured":"Elsabagh, M., Barbar\u00e1, D., Fleck, D., Stavrou, A.: Detecting ROP with statistical learning of program characteristics. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 219\u2013226. ACM (2017)","DOI":"10.1145\/3029806.3029812"},{"key":"18_CR12","unstructured":"Falc\u00f3n, F., Riva, N.: Dynamic binary instrumentation frameworks: i know you\u2019re there spying on me. In: RECon 2012 (2012). https:\/\/recon.cx\/2012\/schedule\/attachments\/42_FalconRiva_2012.pdf. Accessed 25 Apr 2018"},{"key":"18_CR13","first-page":"16","volume":"29","author":"A Follner","year":"2016","unstructured":"Follner, A., Bodden, E.: ROPocop - dynamic mitigation of code-reuse attacks. J. Inf. Secur. Appl. 29, 16\u201326 (2016)","journal-title":"J. Inf. Secur. Appl."},{"key":"18_CR14","unstructured":"Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: NDSS, vol. 3, pp. 191\u2013206 (2003)"},{"key":"18_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-23644-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"F Gr\u00f6bert","year":"2011","unstructured":"Gr\u00f6bert, F., Willems, C., Holz, T.: Automated identification of cryptographic primitives in binary programs. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 41\u201360. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23644-0_3"},{"key":"18_CR16","unstructured":"Intel Corporation: Intel$$\\textregistered $$ 64 and IA-32 Architectures Software Developer\u2019s Manual, January 2018"},{"key":"18_CR17","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.P.: Secure execution via program shepherding. In: Proceedings of the 11th USENIX Security Symposium, pp. 191\u2013206. USENIX Association, Berkeley (2002)"},{"key":"18_CR18","doi-asserted-by":"crossref","unstructured":"Kirsch, J., Bierbaumer, B., Kittel, T., Eckert, C.: Dynamic loader oriented programming on Linux. In: ROOTS (2017)","DOI":"10.1145\/3150376.3150381"},{"key":"18_CR19","unstructured":"Kulakov, Y.: MazeWalker - enriching static malware analysis. In: RECon 2017 (2017). https:\/\/recon.cx\/2017\/montreal\/resources\/slides\/RECON-MTL-2017-MazeWalker.pdf. Accessed 25 Apr 2018"},{"key":"18_CR20","doi-asserted-by":"crossref","unstructured":"Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 386\u2013395. ACM (2014)","DOI":"10.1145\/2664243.2664252"},{"key":"18_CR21","doi-asserted-by":"crossref","unstructured":"Luk, C.K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. In: ACM Sigplan Notices, vol. 40, pp. 190\u2013200. ACM (2005)","DOI":"10.1145\/1064978.1065034"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Nethercote, N., Seward, J.: How to shadow every byte of memory used by a program. In: VEE (2007)","DOI":"10.1145\/1254810.1254820"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: ACM Sigplan Notices, vol. 42, pp. 89\u2013100. ACM (2007)","DOI":"10.1145\/1273442.1250746"},{"key":"18_CR24","doi-asserted-by":"crossref","unstructured":"Nethercote, N., Walsh, R., Fitzhardinge, J.: Building workload characterization tools with Valgrind. In: IISWC (2006)","DOI":"10.1109\/IISWC.2006.302723"},{"key":"18_CR25","unstructured":"One, A.: Smashing the stack for fun and profit. In: Phrack 49 (1996)"},{"issue":"5","key":"18_CR26","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/MSECP.2003.1236233","volume":"99","author":"H Orman","year":"2003","unstructured":"Orman, H.: The Morris worm: a fifteen-year perspective. IEEE Secur. Priv. 99(5), 35\u201343 (2003)","journal-title":"IEEE Secur. Priv."},{"key":"18_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/978-3-319-60876-1_4","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Polino","year":"2017","unstructured":"Polino, M., et al.: Measuring and defeating anti-instrumentation-equipped malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 73\u201396. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-60876-1_4"},{"key":"18_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-319-59870-3_28","volume-title":"Information Security and Privacy","author":"W Qiang","year":"2017","unstructured":"Qiang, W., Huang, Y., Zou, D., Jin, H., Wang, S., Sun, G.: Fully context-sensitive CFI for COTS binaries. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 435\u2013442. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-59870-3_28"},{"key":"18_CR29","unstructured":"Quynh, N.A.: Skorpio: advanced binary instrumentation framework. In: OPCDE 2018, Dubai, April 2018"},{"key":"18_CR30","unstructured":"Saudel, F., Salwan, J.: Triton: a dynamic symbolic execution framework. In: Symposium sur la s\u00e9curit\u00e9 des technologies de l\u2019information et des communications, SSTIC, France, Rennes, 3\u20135 June 2015, pp. 31\u201354. SSTIC (2015)"},{"key":"18_CR31","unstructured":"Tymburib\u00e1, M., Emilio, R., Pereira, F.: RipRop: a dynamic detector of ROP attacks. In: Proceedings of the 2015 Brazilian Congress on Software: Theory and Practice, p. 2 (2015)"},{"key":"18_CR32","doi-asserted-by":"crossref","unstructured":"van der Veen, V., et al.: Practical context-sensitive CFI. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 927\u2013940. ACM (2015)","DOI":"10.1145\/2810103.2813673"},{"key":"18_CR33","unstructured":"Vendicator, S.S.: A Stack Smashing Technique Protection Tool for Linux (2000). http:\/\/www.angelfire.com\/sk\/stackshield\/info.html. Accessed 24 Apr 2018"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-99073-6_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,12]],"date-time":"2023-08-12T00:04:19Z","timestamp":1691798659000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-99073-6_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319990729","9783319990736"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-99073-6_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 August 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2018.upc.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}