{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:57:04Z","timestamp":1773511024771,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642236433","type":"print"},{"value":"9783642236440","type":"electronic"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23644-0_7","type":"book-chapter","created":{"date-parts":[[2012,2,11]],"date-time":"2012-02-11T05:06:20Z","timestamp":1328936780000},"page":"121-141","source":"Crossref","is-referenced-by-count":84,"title":["On the Expressiveness of Return-into-libc Attacks"],"prefix":"10.1007","author":[{"given":"Minh","family":"Tran","sequence":"first","affiliation":[]},{"given":"Mark","family":"Etheridge","sequence":"additional","affiliation":[]},{"given":"Tyler","family":"Bletsch","sequence":"additional","affiliation":[]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Vincent","family":"Freeh","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Ning","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"0x58","key":"7_CR1","first-page":"4","volume":"11","author":"Nergal","year":"2001","unstructured":"Nergal: The Advanced Return-into-lib(c) Exploits: PaX Case Study. Phrack Magazine\u00a011(0x58), 4\u201314 (2001)","journal-title":"Phrack Magazine"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: 14th ACM CCS (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"7_CR3","unstructured":"Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-Oriented Programming: Systems, Languages, and Applications (2009), http:\/\/cseweb.ucsd.edu\/~hovav\/dist\/rop.pdf"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.-R., Winandy, M.: Dynamic Integrity Measurement and Attestation: Towards Defense against Return-oriented Programming Attacks. In: 4th ACM STC (2009)","DOI":"10.1145\/1655108.1655117"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.: Jump-Oriented Programming: A New Class of Code-Reuse Attack. In: CSC-TR-2010-8, Department of Computer Science, NC State University (April 2010)","DOI":"10.1145\/1966913.1966919"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: Defeating Return-Oriented Programming Through Gadget-less Binaries. In: 26th ACSAC (2010)","DOI":"10.1145\/1920261.1920269"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC. In: 15th ACM CCS (2008)","DOI":"10.1145\/1455770.1455776"},{"key":"7_CR8","unstructured":"Kornau, T.: Return-Oriented Programming for the ARM Architecture. Master\u2019s thesis, Ruhr-Universit\u00e4t Bochum (January 2010)"},{"key":"7_CR9","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. In: 19th USENIX Security Symposium (August 2009)"},{"key":"7_CR10","volume-title":"16th ACM CCS","author":"D.P.C. Castelluccia","year":"2009","unstructured":"Castelluccia, D.P.C., Francillon, A., Soriente, C.: On the Difficulty of Software-Based Attestation of Embedded Devices. In: 16th ACM CCS, ACM, New York (2009)"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Feldman, A.J., Kantor, B., Alex Halderman, J., Felten, E.W., Shacham, H.: Can DREs Provide Long-Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage. In: Proceedings of EVT\/WOTE 2009. USENIX\/ACCURATE\/IAVoSS (August 2009)","DOI":"10.1145\/1866307.1866370"},{"key":"7_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-642-10772-6_13","volume-title":"Information Systems Security","author":"P. Chen","year":"2009","unstructured":"Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: Detecting Return-Oriented Programming Malicious Code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol.\u00a05905, pp. 163\u2013177. Springer, Heidelberg (2009)"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating Return-Oriented Rootkits with Return-less Kernels. In: 5th ACM EuroSys (2010)","DOI":"10.1145\/1755913.1755934"},{"key":"7_CR14","unstructured":"Zovi, D.D.: Return-Oriented Exploitation. Black Hat (2010)"},{"key":"7_CR15","unstructured":"The Austin Group. The Single UNIX Specification, Version 3 (POSIX-2001)"},{"key":"7_CR16","unstructured":"Microsoft MSDN (2010), http:\/\/msdn.microsoft.com\/en-us\/library\/dd162746"},{"key":"7_CR17","unstructured":"The ANSI C standard (C99). Technical Report WG14 N1124, ISO\/IEC (1999)"},{"key":"7_CR18","unstructured":"Busy Beaver, http:\/\/en.wikipedia.org\/wiki\/Busy_beaver"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Tran, M., Etheridge, M., Bletsch, T., Jiang, X., Freeh, V., Ning, P.: On the Expressiveness of Return-into-libc Attacks. CSC-TR-2011-16, Department of Computer Science, NC State University (June 2011)","DOI":"10.1007\/978-3-642-23644-0_7"},{"key":"7_CR20","unstructured":"Solar Designer. Getting Around Non-executable Stack (and Fix). Bugtraq (1997)"},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-Oriented Programming Without Returns. In: 17th ACM CCS (October 2010)","DOI":"10.1145\/1866307.1866370"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.-R., Winandy, M.: ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks. Technical Report HGI-TR-2010-001, Horst G\u00f6rtz Institute for IT Security (March 2010)","DOI":"10.1145\/1966913.1966920"},{"key":"7_CR23","unstructured":"Chiueh, T.-c., Hsu, F.-H.: RAD: A Compile-Time Solution to Buffer Overflow Attacks. In: 21st IEEE ICDCS (April 2001)"},{"key":"7_CR24","unstructured":"Frantzen, M., Shuey, M.: StackGhost: Hardware Facilitated Stack Protection. In: 10th USENIX Security Symposium (2001)"},{"key":"7_CR25","unstructured":"Vendicator: Stack Shield: A \u201cStack Smashing\u201d Technique Protection Tool for Linux, http:\/\/www.angelfire.com\/sk\/stackshield\/info.html"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Shacham, H.: Escape from Return-Oriented Programming: Return-Oriented Programming without Returns (on the x86) (February 2010), http:\/\/cseweb.ucsd.edu\/~hovav\/dist\/noret.pdf","DOI":"10.1145\/1866307.1866370"},{"key":"7_CR27","unstructured":"Davi, L., Dmitrienkoy, A., Sadeghi, A.-R., Winandy, M.: Return-Oriented Programming without Returns on ARM. Technical Report HGI-TR-2010-002. Ruhr University Bochum, Germany (2010)"},{"key":"7_CR28","unstructured":"PaX ASLR Documentation, http:\/\/pax.grsecurity.net\/docs\/aslr.txt"},{"key":"7_CR29","unstructured":"Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient Techniques for Comprehensive Protection from Memory Error Exploits. In: 14th USENIX Security (2005)"},{"key":"7_CR30","doi-asserted-by":"crossref","unstructured":"Roglia, G.F., Martignoni, L., Paleari, R., Bruschi, D.: Surgically Returning to Randomized Lib(c). In: 25th ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.16"},{"key":"7_CR31","doi-asserted-by":"crossref","unstructured":"Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. In: 10th ACM CCS (2003)","DOI":"10.1145\/948109.948147"},{"key":"7_CR32","doi-asserted-by":"crossref","unstructured":"Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering Code-Injection Attacks With Instruction-Set Randomization. In: 10th ACM CCS (2003)","DOI":"10.1145\/948143.948146"},{"key":"7_CR33","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure Execution Via Program Shepherding. In: 11th USENIX Security Symposium (August 2002)"},{"key":"7_CR34","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erilingsson, \u00da., Ligatti, J.: Control-Flow Integrity: Principles, Implementations, and Applications. In: 12th ACM CCS (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"7_CR35","unstructured":"Castro, M., Costa, M., Harris, T.: Securing Software by Enforcing Data-Flow Integrity. In: 7th USENIX OSDI (November 2006)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23644-0_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,14]],"date-time":"2023-06-14T15:48:34Z","timestamp":1686757714000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23644-0_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642236433","9783642236440"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23644-0_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}