{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T00:02:47Z","timestamp":1725753767964},"publisher-location":"Berlin, Heidelberg","reference-count":48,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642412837"},{"type":"electronic","value":"9783642412844"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41284-4_4","type":"book-chapter","created":{"date-parts":[[2013,10,22]],"date-time":"2013-10-22T13:35:11Z","timestamp":1382448911000},"page":"62-81","source":"Crossref","is-referenced-by-count":12,"title":["Check My Profile: Leveraging Static Analysis for Fast and Accurate Detection of ROP Gadgets"],"prefix":"10.1007","author":[{"given":"Blaine","family":"Stancill","sequence":"first","affiliation":[]},{"given":"Kevin Z.","family":"Snow","sequence":"additional","affiliation":[]},{"given":"Nathan","family":"Otterness","sequence":"additional","affiliation":[]},{"given":"Fabian","family":"Monrose","sequence":"additional","affiliation":[]},{"given":"Lucas","family":"Davi","sequence":"additional","affiliation":[]},{"given":"Ahmad-Reza","family":"Sadeghi","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity: Principles, implementations, and applications. ACM Transactions on Information and Systems Security, 13(1) (October 2009)","DOI":"10.1145\/1609956.1609960"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Akritidis, P., Cadar, C., Raiciu, C., Costa, M., Castro, M.: Preventing memory error exploits with wit. In: IEEE Symposium on Security and Privacy (2008)","DOI":"10.1109\/SP.2008.30"},{"key":"4_CR3","unstructured":"One, A.: Smashing the stack for fun and profit. Phrack Magazine\u00a049(14) (1996)"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Bletsch, T.K., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: ACM Symposium on Information, Computer and Communications Security (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: Generalizing return-oriented programming to RISC. In: ACM Conference on Computer and Communications Security (2008)","DOI":"10.1145\/1455770.1455776"},{"key":"4_CR6","unstructured":"Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: USENIX Symposium on Operating Systems Design and Implementation (2006)"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: ACM Conference on Computer and Communications Security (2010)","DOI":"10.1145\/1866307.1866370"},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-642-10772-6_13","volume-title":"Information Systems Security","author":"P. Chen","year":"2009","unstructured":"Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: Detecting return-oriented programming malicious code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol.\u00a05905, pp. 163\u2013177. Springer, Heidelberg (2009)"},{"key":"4_CR9","unstructured":"Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: USENIX Security Symposium (2005)"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Cova, M., Kruegel, C., Giovanni, V.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: International Conference on World Wide Web (2010)","DOI":"10.1145\/1772690.1772720"},{"key":"4_CR11","unstructured":"Cowan, C., Pu, C., Maier, D., Hintony, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX Security Symposium (1998)"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.-R., Winandy, M.: Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: ACM Workshop on Scalable Trusted Computing (2009)","DOI":"10.1145\/1655108.1655117"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.-R., Winandy, M.: ROPdefender: A detection tool to defend against return-oriented programming attacks. In: ACM Symposium on Information, Computer and Communications Security (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1007\/978-3-642-02918-9_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M. Egele","year":"2009","unstructured":"Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol.\u00a05587, pp. 88\u2013106. Springer, Heidelberg (2009)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: ACM Conference on Computer and Communications Security (2008)","DOI":"10.1145\/1455770.1455775"},{"key":"4_CR16","unstructured":"Frantzen, M., Shuey, M.: Stackghost: Hardware facilitated stack protection. In: USENIX Security Symposium (2001)"},{"key":"4_CR17","unstructured":"Gadgets DNA. How PDF exploit being used by JailbreakMe to Jailbreak iPhone iOS, \n                    \n                      http:\/\/www.gadgetsdna.com\/iphone-ios-4-0-1-jailbreak-execution-flow-using-pdf-exploit\/5456\/"},{"key":"4_CR18","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1016\/j.diin.2009.06.016","volume":"6","author":"S. Garfinkel","year":"2009","unstructured":"Garfinkel, S., Farrell, P., Roussev, V., Dinolt, G.: Bringing science to digital forensics with standardized forensic corpora. Digital Investigation\u00a06, 2\u201311 (2009)","journal-title":"Digital Investigation"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Hiser, J.D., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: ILR: Where\u2019d my gadgets go. In: IEEE Symposium on Security and Privacy (2012)","DOI":"10.1109\/SP.2012.39"},{"key":"4_CR20","unstructured":"jduck. The latest adobe exploit and session upgrading (2010), \n                    \n                      https:\/\/community.rapid7.com\/community\/metasploit\/blog\/2010\/03\/18\/the-latest-adobe-exploit-and-session-upgrading"},{"key":"4_CR21","unstructured":"Kayaalp, M., Ozsoy, M., Ghazaleh, N.A., Ponomarev, D.: Efficiently securing systems from code reuse attacks. IEEE Transactions on Computers\u00a099(PrePrints) (2012)"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): Towards fine-grained randomization of commodity software. In: Annual Computer Security Applications Conference (2006)","DOI":"10.1109\/ACSAC.2006.9"},{"key":"4_CR23","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.P.: Secure execution via program shepherding. In: USENIX Security Symposium (2002)"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: De-cloaking Internet Malware. In: IEEE Symposium on Security and Privacy, pp. 443\u2013457 (2012)","DOI":"10.1109\/SP.2012.48"},{"key":"4_CR25","unstructured":"Kornau, T.: Return oriented programming for the ARM architecture. Master\u2019s thesis, Ruhr-University (2009)"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating return-oriented rootkits with \u201dreturn-less\u201d kernels. In: European Conf. on Computer Systems (2010)","DOI":"10.1145\/1755913.1755934"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1007\/978-3-642-23644-0_18","volume-title":"Recent Advances in Intrusion Detection","author":"M. Lindorfer","year":"2011","unstructured":"Lindorfer, M., Kolbitsch, C., Milani Comparetti, P.: Detecting environment-sensitive malware. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol.\u00a06961, pp. 338\u2013357. Springer, Heidelberg (2011)"},{"key":"4_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-642-23644-0_6","volume-title":"Recent Advances in Intrusion Detection","author":"K. Lu","year":"2011","unstructured":"Lu, K., Zou, D., Wen, W., Gao, D.: Packed, printable, and polymorphic return-oriented programming. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol.\u00a06961, pp. 101\u2013120. Springer, Heidelberg (2011)"},{"key":"4_CR29","unstructured":"Microsoft. Data Execution Prevention, DEP (2006), \n                    \n                      http:\/\/support.microsoft.com\/kb\/875352\/EN-US\/"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: Annual Computer Security Applications Conference, pp. 421\u2013430 (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: Ccured: type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems (2005)","DOI":"10.1145\/1065887.1065892"},{"key":"4_CR32","unstructured":"Nergal: The advanced return-into-lib(c) exploits: PaX case study. Phrack Magazine\u00a058(4) (2001)"},{"key":"4_CR33","doi-asserted-by":"crossref","unstructured":"Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-Free: defeating return-oriented programming through gadget-less binaries. In: Annual Computer Security Applications Conference (2010)","DOI":"10.1145\/1920261.1920269"},{"key":"4_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1007\/978-3-642-33338-5_14","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"T. Overveldt Van","year":"2012","unstructured":"Van Overveldt, T., Kruegel, C., Vigna, G.: FlashDetect: ActionScript 3 Malware Detection. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol.\u00a07462, pp. 274\u2013293. Springer, Heidelberg (2012)"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In: IEEE Symposium on Security and Privacy (2012)","DOI":"10.1109\/SP.2012.41"},{"key":"4_CR36","doi-asserted-by":"crossref","unstructured":"Polychronakis, M., Keromytis, A.D.: ROP payload detection using speculative code execution. In: MALWARE (2011)","DOI":"10.1109\/MALWARE.2011.6112327"},{"key":"4_CR37","unstructured":"Serna, F.J.: The info leak era on software exploitation. In: Black Hat USA (2012)"},{"key":"4_CR38","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Shacham, H., Jin Goh, E., Modadugu, N., Pfaff, B., Boneh, D.: On the effectiveness of address-space randomization. In: ACM Conference on Computer and Communications Security (2004)","DOI":"10.1145\/1030083.1030124"},{"key":"4_CR40","unstructured":"Snow, K.Z., Krishnan, S., Monrose, F., Provos, N.: Shellos: enabling fast detection and forensic analysis of code injection attacks. In: USENIX Security Symposium (2011)"},{"key":"4_CR41","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Davi, L., Dmitrienko, A., Liebchen, C., Monrose, F., Sadeghi, A.-R.: Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In: IEEE Symposium on Security and Privacy (2013)","DOI":"10.1109\/SP.2013.45"},{"issue":"6","key":"4_CR42","doi-asserted-by":"publisher","first-page":"678","DOI":"10.1145\/63526.63527","volume":"32","author":"E.H. Spafford","year":"1989","unstructured":"Spafford, E.H.: The Internet worm: Crisis and aftermath. Communications of the ACM\u00a032(6), 678\u2013687 (1989)","journal-title":"Communications of the ACM"},{"key":"4_CR43","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SOK: Eternal War in Memory. In: IEEE Symposium on Security and Privacy (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"4_CR44","doi-asserted-by":"crossref","unstructured":"Tzermias, Z., Sykiotakis, G., Polychronakis, M., Markatos, E.P.: Combining static and dynamic analysis for the detection of malicious documents. In: European Workshop on System Security (2011)","DOI":"10.1145\/1972551.1972555"},{"key":"4_CR45","unstructured":"Vreugdenhil, P.: Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit (2010)"},{"key":"4_CR46","doi-asserted-by":"crossref","unstructured":"Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In: ACM Conference on Computer and Communications Security (2012)","DOI":"10.1145\/2382196.2382216"},{"key":"4_CR47","unstructured":"Xia, Y., Liu, Y., Chen, H., Zang, B.: Cfimon: Detecting violation of control flow integrity using performance counters. In: IEEE\/IFIP International Conference on Dependable Systems and Networks (2012)"},{"key":"4_CR48","unstructured":"Zovi, D.D.: Practical return-oriented programming. RSA Conference (2010)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41284-4_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,23]],"date-time":"2019-05-23T18:55:53Z","timestamp":1558637753000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41284-4_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642412837","9783642412844"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41284-4_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}