{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,8]],"date-time":"2025-07-08T04:03:49Z","timestamp":1751947429696,"version":"3.41.2"},"publisher-location":"Singapore","reference-count":53,"publisher":"Springer Singapore","isbn-type":[{"type":"print","value":"9789811324222"},{"type":"electronic","value":"9789811324239"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-981-13-2423-9_7","type":"book-chapter","created":{"date-parts":[[2018,9,12]],"date-time":"2018-09-12T11:37:42Z","timestamp":1536752262000},"page":"79-94","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Stateful Forward-Edge CFI Enforcement with Intel MPX"],"prefix":"10.1007","author":[{"given":"Jun","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rui","family":"Hou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei","family":"Song","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiyuan","family":"Zhan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Boyan","family":"Zhao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mingyu","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Meng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,9,13]]},"reference":[{"key":"7_CR1","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: ACM 14th Conference on Computer and Communications Security (CCS 2007), pp. 552\u2013561 (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"7_CR2","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In: USENIX 18th Security Symposium (SEC2009), pp. 383\u2013398 (2009)"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: ACM 6th Symposium on Information, Computer and Communications Security (ASIACCS), pp. 30\u201340 (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.R., Holz, T.: Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in C++ applications. In: IEEE 36th Symposium on Security and Privacy (S&P 2015), pp. 745\u2013762 (2015)","DOI":"10.1109\/SP.2015.51"},{"key":"7_CR5","unstructured":"Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: USENIX 23rd Security Symposium (SEC 2014), pp. 385\u2013399 (2014)"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SOK: eternal war in memory. In: IEEE 34th Symposium on Security and Privacy (S&P 2013), pp. 48\u201362 (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"7_CR7","unstructured":"Cowan, C., et al.: Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX 7th Security Symposium (SEC 1998), pp. 63\u201378 (1998)"},{"key":"7_CR8","unstructured":"LNCS Microsoft Corporation: Data Execution Prevention. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa366553(v=vs.85)"},{"key":"7_CR9","unstructured":"Xu, J., Kalbarczyk, Z., Iyer, R.K.: Transparent runtime randomization for security. In: IEEE 22nd Symposium on Reliable Distributed Systems (SRDS 2003), pp. 260\u2013269 (2003)"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, \u00da, Ligatti, J.: Control-flow integrity. In: ACM 12th Computer and Communications Security (CCS 2005), pp. 340\u2013353 (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Burow, N., et al.: Control-flow integrity: precision, security, and performance. ACM Comput. Surv. 50, 16:1\u201316:33 (2017)","DOI":"10.1145\/3054924"},{"key":"7_CR12","unstructured":"Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity. In: USENIX 24th Conference on Security Symposium (SEC 2015), pp. 161\u2013176 (2015)"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Evans, I., et al.: Control jujutsu: on the weaknesses of fine-grained control flow integrity. In: ACM 22nd Conference on Computer and Communications Security (CCS 2015), pp. 901\u2013913 (2015)","DOI":"10.1145\/2810103.2813646"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Conti, M., et al.: Losing control: on the effectiveness of control-flow integrity under stack attacks. In: ACM 22nd Conference on Computer and Communications Security (CCS 2015), pp. 952\u2013963 (2015)","DOI":"10.1145\/2810103.2813671"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Mashtizadeh, A. J., Bittau, A., Boneh, D., Mazi\u00e8res, D.: Ccfi: cryptographically enforced control flow integrity. In: ACM 22nd Conference on Computer and Communications Security (CCS 2015), pp. 941\u2013951 (2015)","DOI":"10.1145\/2810103.2813676"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Zhang, J., Hou, R., Fan, J., Liu, K., Zhang, L., McKee, S.: Raguard: a hardware based mechanism for backward-edge control-flow integrity. In: ACM Computing Frontiers Conference (CF 2017), pp. 27\u201334 (2017)","DOI":"10.1145\/3075564.3075570"},{"key":"7_CR17","unstructured":"Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: USENIX 22th Conference on Security (SEC 2013), pp. 337\u2013352 (2013)"},{"key":"7_CR18","unstructured":"Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: IEEE 34th Symposium on Security and Privacy (S&P 2013), pp. 559\u2013573 (2013)"},{"key":"7_CR19","unstructured":"Tice, C., et al.: Enforcing forward-edge control-flow integrity GCC & LLVM. In: USENIX 23rd Security Symposium (SEC 2014), pp. 941\u2013954 (2014)"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Ge, X., Talele, N., Payer, M., Jaeger, T.: Fine-grained control-flow integrity for kernel software. In: IEEE 1st European Symposium on Security and Privacy (EuroS&P), pp. 179\u2013194 (2016)","DOI":"10.1109\/EuroSP.2016.24"},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Devietti, J., Blundell, C., Martin, M.M.K., Zdancewic, S.: Hardbound: architectural support for spatial safety of the c programming language. In: ACM 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2008), pp. 103\u2013114 (2008)","DOI":"10.1145\/1346281.1346295"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: Softbound: highly compatible and complete spatial memory safety for C. In: ACM 30th SIGPLAN Conference on Programming Language Design and Implementation on proceedings (2009 PLDI), pp. 245\u2013258. ACM, Dulin (2010)","DOI":"10.1145\/1543135.1542504"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Nagarakatte, S., Martin, M.M.K., Zdancewic, S.: Watchdoglite: hardware-accelerated compiler-based pointer checking. In: Annual IEEE\/ACM International Symposium on Code Generation and Optimization (CGO 2014), pp. 175\u2013184 (2014)","DOI":"10.1145\/2581122.2544147"},{"key":"7_CR24","unstructured":"Intel Corporation: Intel Memory Protection Extensions Enabling Guide. https:\/\/software.intel.com\/sites\/default\/files\/managed\/9d\/f6\/Intel_MPX_EnablingGuide.pdf"},{"key":"7_CR25","unstructured":"Intel Corporation: Intel memory ptrotection extensions. Intel 64 and IA-32 Architectures Software Developer\u2019s Manual, vol. 1, chap. 17 (2017)"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Oleksenko, O., Kuvaiskii, D., Bhatotia, P., Felber, P., Fetzer, C.: Intel MPX explained: an empirical study of intel MPX and software-based bounds checking approaches. In: Arxiv CoRR, vol. abs\/1702.00719 (2017)","DOI":"10.1145\/3219617.3219662"},{"key":"7_CR27","unstructured":"GCC Wiki: Intel Memory Protection Extensions (Intel MPX) support in the GCC compiler. https:\/\/gcc.gnu.org\/wiki\/Intel%20MPX%20support%20in%20the%20GCC%20compiler"},{"key":"7_CR28","unstructured":"gcc-mirror. https:\/\/github.com\/gcc-mirror\/gcc\/tree\/master\/libmpx"},{"key":"7_CR29","unstructured":"The LLVM Compiler Infrastructure. http:\/\/llvm.org\/"},{"key":"7_CR30","doi-asserted-by":"crossref","unstructured":"Wilander, J., Nikiforakis, N., Younan, Y., Kamkar, M., Joosen, W.: RIPE: runtime intrusion prevention evaluator. In: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC 2011), pp. 41\u201350 (2011)","DOI":"10.1145\/2076732.2076739"},{"key":"7_CR31","unstructured":"SPEC CPU2006 Benchmark. http:\/\/www.spec.org\/cpu2006\/"},{"key":"7_CR32","unstructured":"Linux kernel profiling with perf. https:\/\/perf.wiki.kernel.org\/index.php\/Tutorial"},{"key":"7_CR33","unstructured":"Clang 7 documentation: Control Flow Integrity. https:\/\/clang.llvm.org\/docs\/ControlFlowIntegrity.html"},{"key":"7_CR34","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X.: HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy (S&P 2010), pp. 380\u2013395 (2010)","DOI":"10.1109\/SP.2010.30"},{"key":"7_CR35","doi-asserted-by":"crossref","unstructured":"Niu, B., Tan, G.: Modular control-flow Integrity. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (OSDI 2014), pp. 577\u2013587 (2014)","DOI":"10.1145\/2666356.2594295"},{"key":"7_CR36","doi-asserted-by":"crossref","unstructured":"Niu, B., Tan, G.: Per-input control-flow integrity. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015), pp. 914\u2013926 (2015)","DOI":"10.1145\/2810103.2813644"},{"key":"7_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-319-20550-2_8","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Payer","year":"2015","unstructured":"Payer, M., Barresi, A., Gross, T.R.: Fine-grained control-flow integrity through binary hardening. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 144\u2013164. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20550-2_8"},{"key":"7_CR38","doi-asserted-by":"crossref","unstructured":"Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K.W., Franz, M.: Opaque control-flow integrity. In: Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS 2015)","DOI":"10.14722\/ndss.2015.23271"},{"key":"7_CR39","doi-asserted-by":"crossref","unstructured":"Elsabagh, M., Fleck, D., Stavrou, A.: Strict virtual call integrity checking for C++ binaries. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS 2015)","DOI":"10.1145\/3052973.3052976"},{"key":"7_CR40","unstructured":"Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: USENIX 11th Conference on Operating Systems Design and Implementation (OSDI 2014), pp. 147\u2013163 (2014)"},{"key":"7_CR41","doi-asserted-by":"crossref","unstructured":"Davi, L., et al.: HAFIX: hardware-assisted flow integrity eXtension. In: Proceedings of the 52nd ACM\/EDAC\/IEEE Design Automation Conference (DAC 2015), pp. 1\u20136 (2015)","DOI":"10.1145\/2744769.2744847"},{"key":"7_CR42","doi-asserted-by":"crossref","unstructured":"Sullivan, D., Arias, O., Davi, L., Larsen, P., Sadeghi, A.-R., Jin, Y.: Strategy without tactics: policy-agnostic hardware-enhanced control-flow integrity. In: Proceedings of the 53rd Annual Design Automation Conference (DAC 2016), pp. 163:1\u2013163:6 (2016)","DOI":"10.1145\/2897937.2898098"},{"key":"7_CR43","doi-asserted-by":"crossref","unstructured":"Christoulakis, N., Christou, G., Athanasopoulos, E., Ioannidis, S.: HCFI: hardware-enforced Control-Flow Integrity. In: Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY 2016), pp. 38\u201349 (2016)","DOI":"10.1145\/2857705.2857722"},{"key":"7_CR44","unstructured":"Intel Corporation: Control-flow enforcement technology preview. https:\/\/software.intel.com\/sites\/default\/files\/managed\/4d\/2a\/control-flow-enforcement-technology-preview.pdf"},{"key":"7_CR45","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In: Proceedings of the 22nd USENIX Security Symposium (USENIX Security 2013)"},{"key":"7_CR46","doi-asserted-by":"crossref","unstructured":"van der Veen, V., et al.: Practical context-sensitive CFI. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015), pp. 927\u2013940 (2015)","DOI":"10.1145\/2810103.2813673"},{"key":"7_CR47","doi-asserted-by":"crossref","unstructured":"Xia, Y., Liu, Y., Chen, H., Zang, B.: CFIMon: detecting violation of control flow integrity using performance counters. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015), pp. 1\u201312 (2012)","DOI":"10.1109\/DSN.2012.6263958"},{"key":"7_CR48","doi-asserted-by":"crossref","unstructured":"Yuan, P., Zeng, Q., Ding, X.: Hardware-assisted finegrained code-reuse attack detection. In: Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2015), pp. 66\u201385 (2015)","DOI":"10.1007\/978-3-319-26362-5_4"},{"key":"7_CR49","doi-asserted-by":"crossref","unstructured":"Liu, Y., Shi, P., Wang, X., Chen, H., Zang, B., Guan, H.: Transparent and efficient CFI enforcement with intel processor trace. In: 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA 2017), pp. 529\u2013540 (2017)","DOI":"10.1109\/HPCA.2017.18"},{"key":"7_CR50","doi-asserted-by":"crossref","unstructured":"Ge, X., Cui, W., Jaeger, T.: GRIFFIN: guarding control flows using intel processor trace. In: Proceedings of the 22nd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2017), pp. 585\u2013598 (2017)","DOI":"10.1145\/3093336.3037716"},{"key":"7_CR51","doi-asserted-by":"crossref","unstructured":"Gu, Y., Zhao, Q., Zhang, Y., Lin, Z.: PT-CFI: transparent backward-edge control flow violation detection using intel processor trace. In: Proceedings of the 7th ACM on Conference on Data and Application Security and Privacy (CODASPY 2017), pp. 173\u2013184 (2017)","DOI":"10.1145\/3029806.3029830"},{"key":"7_CR52","doi-asserted-by":"crossref","unstructured":"Tuck, N., Calder, B., Varghese, G.: Hardware and binary modification support for code pointer protection from buffer overflow. In: Proceedings of the 37th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO 2004), pp. 209\u2013220 (2004)","DOI":"10.1109\/MICRO.2004.20"},{"key":"7_CR53","unstructured":"Qualcomm Technologies Inc: Pointer Authentication on ARMv8.3. file:\/\/\/E:\/beifeng\/code%20reuse%20attack\/PointerAuthentication\/whitepaper-pointer-authentication-on-armv8-3.pdf"}],"container-title":["Communications in Computer and Information Science","Advanced Computer Architecture"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-13-2423-9_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,7]],"date-time":"2025-07-07T03:12:34Z","timestamp":1751857954000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-981-13-2423-9_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9789811324222","9789811324239"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-981-13-2423-9_7","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"ACA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Conference on Advanced Computer Architecture","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Changsha","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 August 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 August 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"aca2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/aca2018.tcarch.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}