{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:30Z","timestamp":1783965870637,"version":"3.55.0"},"reference-count":46,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100013804","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100013804","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105015","type":"journal-article","created":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T23:14:27Z","timestamp":1781651667000},"page":"105015","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["A closed-source driver protection method based on multidimensional domain switch"],"prefix":"10.1016","volume":"170","author":[{"given":"YongGang","family":"Li","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ao","family":"Ju","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yi","family":"Guo","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yu","family":"Bao","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Shang","family":"Liu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuan","family":"Gao","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.105015_b1","doi-asserted-by":"crossref","unstructured":"Bauer, M., Grishchenko, I., et al., 2022. Typro: forward CFI for C-style indirect function calls using type propagation. In: Proc. the Annual Computer Security Applications Conference.","DOI":"10.1145\/3564625.3564627"},{"key":"10.1016\/j.cose.2026.105015_b2","doi-asserted-by":"crossref","unstructured":"Bittau, A., Belay, A., Mashtizadeh, A., et al., 2014. Hacking blind. In: Proc. the IEEE Symposium on Security and Privacy. pp. 227\u2013242.","DOI":"10.1109\/SP.2014.22"},{"issue":"1","key":"10.1016\/j.cose.2026.105015_b3","first-page":"37","article-title":"Mimic defense method against process control flow hijacking attacks","volume":"42","author":"Chuanxing","year":"2021","journal-title":"J. Commun."},{"key":"10.1016\/j.cose.2026.105015_b4","doi-asserted-by":"crossref","unstructured":"Connelly, J., Roberts, T., Gao, X., et al., 2021. Cloudskulk: a nested virtual machine based rootkit and its detection. In: Proc. the 51st IEEE\/IFIP International Conference on Dependable Systems and Networks. pp. 350\u2013362.","DOI":"10.1109\/DSN48987.2021.00047"},{"key":"10.1016\/j.cose.2026.105015_b5","doi-asserted-by":"crossref","unstructured":"Delozier, C., et al., 2020. Hurdle: securing jump instructions against code reuse attacks. In: Proc. the International Conference on Architectural Support for Programming Languages and Operating Systems.","DOI":"10.1145\/3373376.3378506"},{"issue":"4","key":"10.1016\/j.cose.2026.105015_b6","first-page":"44","article-title":"MVX-CFI: a practical active defense architecture for software security","volume":"5","author":"Dong","year":"2020","journal-title":"J. Cyber Secur."},{"key":"10.1016\/j.cose.2026.105015_b7","doi-asserted-by":"crossref","unstructured":"Gollapudi, R.T., et al., 2023. Control flow and pointer integrity enforcement in a secure tagged architecture. In: Proc. the IEEE Symposium on Security and Privacy.","DOI":"10.1109\/SP46215.2023.10179416"},{"key":"10.1016\/j.cose.2026.105015_b8","doi-asserted-by":"crossref","unstructured":"Gras, B., Razavi, K., Bosman, E., et al., 2017. ASLR on the line: practical cache attacks on the MMU. In: Proc. the Network and Distributed System Security Symposium.","DOI":"10.14722\/ndss.2017.23271"},{"key":"10.1016\/j.cose.2026.105015_b9","unstructured":"Gu, J.Y., Wu, X.Y., et al., 2020. Harmonizing performance and isolation in microkernels with efficient intra-kernel isolation and communication. In: Proc. the USENIX Annual Technical Conference. pp. 401\u2013417."},{"issue":"4","key":"10.1016\/j.cose.2026.105015_b10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3371151","article-title":"BBB-CFI: lightweight CFI approach against code-reuse attacks using basic block information","volume":"19","author":"He","year":"2020","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"10.1016\/j.cose.2026.105015_b11","doi-asserted-by":"crossref","unstructured":"Hu, H., Shinde, S., Adrian, S., et al., 2016. Data-oriented programming: on the expressiveness of non-control data attacks. In: Proc. the IEEE Symposium on Security and Privacy. pp. 969\u2013986.","DOI":"10.1109\/SP.2016.62"},{"key":"10.1016\/j.cose.2026.105015_b12","series-title":"IEEE Symposium on Security and Privacy","article-title":"Data-oriented programming: On the expressiveness of non-control data attacks","author":"Hu","year":"2016"},{"key":"10.1016\/j.cose.2026.105015_b13","unstructured":"Huang, Y.Z., Vikram, N., et al., 2022. Ksplit: automating device driver isolation. In: Proc. the USENIX Symposium on Operating Systems Design and Implementation. pp. 613\u2013631."},{"key":"10.1016\/j.cose.2026.105015_b14","doi-asserted-by":"crossref","unstructured":"Jake, C., Aravind, M., et al., 2017. Difuze: interface aware fuzzing for kernel drivers. In: Proc. the ACM SIGSAC Conference on Computer and Communications Security. pp. 2123\u20132138.","DOI":"10.1145\/3133956.3134069"},{"key":"10.1016\/j.cose.2026.105015_b15","doi-asserted-by":"crossref","unstructured":"Jelesnianski, C., Yom, J., Min, C., et al., 2020. Mardu: efficient and scalable code re-randomization. In: Proc. the 13th ACM International Systems and Storage Conference. pp. 49\u201360.","DOI":"10.1145\/3383669.3398280"},{"key":"10.1016\/j.cose.2026.105015_b16","doi-asserted-by":"crossref","unstructured":"Khandaker, M., et al., 2019a. Adaptive call-site sensitive control flow integrity. In: Proc. the IEEE European Symposium on Security and Privacy.","DOI":"10.1109\/EuroSP.2019.00017"},{"key":"10.1016\/j.cose.2026.105015_b17","unstructured":"Khandaker, M., et al., 2019b. Origin-sensitive control flow integrity. In: Proc. the USENIX Security Symposium."},{"key":"10.1016\/j.cose.2026.105015_b18","unstructured":"L, Di Bartolomeo, Moghaddas, H., Payer, M., 2023. Armore: pushing love back into binaries. In: Proc. the 32nd USENIX Security Symposium."},{"issue":"10","key":"10.1016\/j.cose.2026.105015_b19","doi-asserted-by":"crossref","first-page":"1640","DOI":"10.1109\/TC.2020.3022023","article-title":"Virtual wall: filtering rootkit attacks to protect linux kernel functions","volume":"70","author":"Li","year":"2021","journal-title":"IEEE Trans. Comput."},{"key":"10.1016\/j.cose.2026.105015_b20","doi-asserted-by":"crossref","unstructured":"Li, Y.G., Chung, Y.C., et al., 2022. Mprobe: make the code probing meaningless. In: Proc. the 38th Annual Computer Security Applications Conference. pp. 214\u2013226.","DOI":"10.1145\/3564625.3567967"},{"key":"10.1016\/j.cose.2026.105015_b21","doi-asserted-by":"crossref","unstructured":"Li, Y., Jiang, S., et al., 2024. Isolate and Detect the Untrusted Driver with a Virtual Box. In: Proc. the ACM SIGSAC Conference on Computer and Communications Security. pp. 4584\u20134597.","DOI":"10.1145\/3658644.3670269"},{"issue":"11","key":"10.1016\/j.cose.2026.105015_b22","doi-asserted-by":"crossref","first-page":"3165","DOI":"10.1109\/TCAD.2020.3012640","article-title":"ABCFI: fast and lightweight fine-grained hardware-assisted control-flow integrity","volume":"39","author":"Li","year":"2020","journal-title":"IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst."},{"key":"10.1016\/j.cose.2026.105015_b23","doi-asserted-by":"crossref","unstructured":"Lin, Y., Cheng, X., et al., 2019. Control-flow carrying code. In: Proc. the ACM Asia Conference on Computer and Communications Security.","DOI":"10.1145\/3321705.3329815"},{"key":"10.1016\/j.cose.2026.105015_b24","doi-asserted-by":"crossref","unstructured":"Lu, K.J., Lee, W., N\u00fcrnberger, S., et al., 2016a. How to make ASLR win the clone wars: runtime re-randomization. In: Proc. the Network and Distributed System Security Symposium.","DOI":"10.14722\/ndss.2016.23173"},{"key":"10.1016\/j.cose.2026.105015_b25","doi-asserted-by":"crossref","unstructured":"Lu, K.J., Lee, W., et al., 2016b. How to make ASLR win the clone wars: runtime re-randomization. In: Proc. the Network and Distributed System Security Symposium.","DOI":"10.14722\/ndss.2016.23173"},{"key":"10.1016\/j.cose.2026.105015_b26","doi-asserted-by":"crossref","unstructured":"Mao, Y.D., Chen, H.G., et al., 2011. Software fault isolation with API integrity and multiprincipal modules. In: Proc. the Twenty-Third ACM Symposium on Operating Systems Principles. pp. 115\u2013128.","DOI":"10.1145\/2043556.2043568"},{"key":"10.1016\/j.cose.2026.105015_b27","doi-asserted-by":"crossref","unstructured":"Milburn, A., Van der Kouwe, E., Giuffrida, C., 2022. Mitigating information leakage vulnerabilities with type-based data isolation. In: Proc. the IEEE Symposium on Security and Privacy. pp. 1049\u20131065.","DOI":"10.1109\/SP46214.2022.9833675"},{"key":"10.1016\/j.cose.2026.105015_b28","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Sorniotti, A., Kurmus, A., 2019. Memory categorization: separating attacker-controlled data. In: Proc. the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 263\u2013287.","DOI":"10.1007\/978-3-030-22038-9_13"},{"key":"10.1016\/j.cose.2026.105015_b29","doi-asserted-by":"crossref","unstructured":"Nikolaev, R., Nadeem, H., et al., 2022. Adelie: continuous address space layout re-randomization for Linux drivers. In: Proc. the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. pp. 483\u2013498.","DOI":"10.1145\/3503222.3507779"},{"key":"10.1016\/j.cose.2026.105015_b30","unstructured":"Oikonomopoulos, A., Athanasopoulos, E., Bos, H., et al., 2016. Poking holes in information hiding. In: Proc. the USENIX Security Symposium. pp. 121\u2013138."},{"key":"10.1016\/j.cose.2026.105015_b31","doi-asserted-by":"crossref","unstructured":"Pomonis, M., Petsios, T., et al., 2017. Krx: comprehensive kernel protection against just-in-time code reuse. In: Proc. the Twelfth European Conference on Computer Systems. pp. 420\u2013436.","DOI":"10.1145\/3064176.3064216"},{"key":"10.1016\/j.cose.2026.105015_b32","doi-asserted-by":"crossref","unstructured":"Shao, X.H., Luo, L., et al., 2022. Faslr: function-based ASLR for resource-constrained IoT systems. In: Proc. the European Symposium on Research in Computer Security. pp. 531\u2013548.","DOI":"10.1007\/978-3-031-17146-8_26"},{"key":"10.1016\/j.cose.2026.105015_b33","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103800","article-title":"Scfi: efficient forward fine-grained control flow integrity based on coarse-grained ISA extensions","volume":"140","author":"She","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105015_b34","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Monrose, F., et al., 2013. Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proc. the IEEE Symposium on Security and Privacy. pp. 574\u2013588.","DOI":"10.1109\/SP.2013.45"},{"key":"10.1016\/j.cose.2026.105015_b35","unstructured":"Srivastava, A., Giffin, J.T., 2011. Efficient monitoring of untrusted kernel-mode execution. In: Proc. the Network and Distributed System Security Symposium."},{"key":"10.1016\/j.cose.2026.105015_b36","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1016\/j.jpdc.2019.11.008","article-title":"KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems","author":"Vano-Garcia","year":"2020","journal-title":"J. Parallel Distrib. Comput."},{"issue":"3","key":"10.1016\/j.cose.2026.105015_b37","first-page":"1607","article-title":"Cralert: hardware-assisted code reuse attack detection","volume":"69","author":"Wang","year":"2021","journal-title":"IEEE Trans. Circuits Syst. II: Express Briefs"},{"key":"10.1016\/j.cose.2026.105015_b38","doi-asserted-by":"crossref","unstructured":"Wang, Z., Wu, C., Li, J.J., et al., 2017. ReRanz: a lightweight virtual machine to mitigate memory disclosure attacks. In: Proc. the ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments. pp. 143\u2013156.","DOI":"10.1145\/3050748.3050752"},{"key":"10.1016\/j.cose.2026.105015_b39","unstructured":"Wang, Z., Wu, C., et al., 2019. Safehidden: an efficient and secure information hiding technique using re-randomization. In: Proc. the USENIX Security Symposium. pp. 1239\u20131256."},{"issue":"1","key":"10.1016\/j.cose.2026.105015_b40","first-page":"1","article-title":"Dslr: a low-overhead data structure layout randomization for defending data-oriented programming","volume":"31","author":"Wei","year":"2023","journal-title":"J. Comput. Secur."},{"issue":"10","key":"10.1016\/j.cose.2026.105015_b41","first-page":"2482","article-title":"A runtime monitoring scheme for confidential computing based on dynamic integrity measurement","volume":"61","author":"Wei","year":"2024","journal-title":"J. Comput. Res. Dev."},{"issue":"4","key":"10.1016\/j.cose.2026.105015_b42","first-page":"1","article-title":"Pointerscope: understanding pointer patching for code randomization","volume":"19","author":"Xie","year":"2022","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"8","key":"10.1016\/j.cose.2026.105015_b43","first-page":"2058","article-title":"A survey of transient execution attacks","volume":"62","author":"Yang","year":"2025","journal-title":"J. Comput. Res. Dev."},{"issue":"1","key":"10.1016\/j.cose.2026.105015_b44","first-page":"180","article-title":"A runtime security protection mechanism for programs based on hardware-software coordination","volume":"46","author":"Yawei","year":"2023","journal-title":"Chinese J. Comput."},{"issue":"6","key":"10.1016\/j.cose.2026.105015_b45","first-page":"1372","article-title":"A control-flow protection method based on risky code extraction","volume":"47","author":"Yonggang","year":"2024","journal-title":"Chinese J. Comput."},{"issue":"9","key":"10.1016\/j.cose.2026.105015_b46","first-page":"3241","article-title":"Vulnerable instruction mining for KASLR bypass","volume":"47","author":"Zhouyang","year":"2025","journal-title":"J. Electron. Inf. Technol."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826001914?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826001914?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:13:56Z","timestamp":1783962836000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826001914"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":46,"alternative-id":["S0167404826001914"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105015","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"A closed-source driver protection method based on multidimensional domain switch","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105015","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"105015"}}