{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T16:18:35Z","timestamp":1779293915025,"version":"3.51.4"},"reference-count":131,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"name":"Ph.D. research program of TIM S.p.A."},{"name":"project SERICS under the MUR National Recovery and Resilience Plan funded by the European Union\u2013NextGenerationEU","award":["PE00000014"],"award-info":[{"award-number":["PE00000014"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/access.2024.3380478","type":"journal-article","created":{"date-parts":[[2024,3,21]],"date-time":"2024-03-21T18:32:19Z","timestamp":1711045939000},"page":"43201-43221","source":"Crossref","is-referenced-by-count":5,"title":["Memory Integrity Techniques for Memory-Unsafe Languages: A Survey"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2483-1648","authenticated-orcid":false,"given":"Vahid Eftekhari","family":"Moghadam","sequence":"first","affiliation":[{"name":"Department of Control and Computer Engineering, Politecnico di Torino, Turin, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0225-6731","authenticated-orcid":false,"given":"Gabriele","family":"Serra","sequence":"additional","affiliation":[{"name":"TeCIP Institute, Scuola Superiore Sant'Anna, Pisa, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3537-8782","authenticated-orcid":false,"given":"Federico","family":"Aromolo","sequence":"additional","affiliation":[{"name":"TeCIP Institute, Scuola Superiore Sant'Anna, Pisa, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4959-4017","authenticated-orcid":false,"given":"Giorgio","family":"Buttazzo","sequence":"additional","affiliation":[{"name":"TeCIP Institute, Scuola Superiore Sant'Anna, Pisa, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2400-8245","authenticated-orcid":false,"given":"Paolo","family":"Prinetto","sequence":"additional","affiliation":[{"name":"Department of Control and Computer Engineering, Politecnico di Torino, Turin, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_5"},{"key":"ref2","volume-title":"PWNKIT: Local Privilege Escalation in Polkit\u2019s PKEXEC (CVE-2021\u20134034)","year":"2022"},{"key":"ref3","doi-asserted-by":"crossref","DOI":"10.21236\/AD0772806","volume-title":"Computer security technology planning study","author":"Anderson","year":"1972"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/66093.66095"},{"key":"ref5","article-title":"Bugtraq mailing list","author":"Chasin"},{"key":"ref6","article-title":"Fulldisclosure\u2014Improving network security through full disclosure","author":"Lyon"},{"key":"ref7","volume-title":"Smashing the stack for fun and profit","author":"Levy","year":"1996"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931074"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2015.33"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522728"},{"key":"ref11","first-page":"1025","article-title":"Dead store elimination (still) considered harmful","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Yang"},{"key":"ref12","volume-title":"Erasing Sensitive Data\u2014String and Array Utilities\u2014The GNU C Library Manual","year":"2023"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"ref14","volume-title":"Buffer Overflow and Underflow in Getcwd()\u2014Glibc","year":"2021"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.36"},{"key":"ref17","volume-title":"CWE-119: Improper Restriction of Operations Within the Bounds of a Memory Buffer","year":"2022"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_7"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"ref20","volume-title":"LPR libc return exploit","author":"Peslyak","year":"1997"},{"key":"ref21","first-page":"971","article-title":"Branch history injection: On the effectiveness of hardware mitigations against cross-privilege Spectre-v2 attacks","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Barberis"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2830555"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD50377.2020.00095"},{"key":"ref24","first-page":"5","article-title":"StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks","volume-title":"Proc. 7th USENIX Secur. Symp.","volume":"98","author":"Cowan"},{"key":"ref25","volume-title":"GCC extension for protecting applications from stack-smashing attacks","author":"Etoh","year":"2004"},{"key":"ref26","volume-title":"Reimplementation of ibm stack-smashing protector","author":"Henderson","year":"2005"},{"key":"ref27","volume-title":"GCC 4.1 Release Series Changes, New Features, and Fixes","year":"2005"},{"key":"ref28","volume-title":"Add a new option \u2018-fstack-protector-strong","author":"Shen","year":"2012"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714635"},{"key":"ref30","first-page":"309","article-title":"AddressSanitizer: A fast address sanity checker","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Serebryany"},{"key":"ref31","volume-title":"LLVM 3.1 Release Notes","year":"2012"},{"key":"ref32","volume-title":"GCC 4.8 Release Changes","year":"2014"},{"key":"ref33","volume-title":"Heap Consistency Checking","year":"2003"},{"key":"ref34","first-page":"99","article-title":"HeapHopper: Bringing bounded model checking to heap implementation security","volume-title":"Proc. 27th USENIX Conf. Secur. Symp.","author":"Eckert"},{"key":"ref35","first-page":"91","article-title":"PointGuard: Protecting pointers from buffer overflow vulnerabilities","volume-title":"Proc. USENIX Secur. Symp.","author":"Cowan"},{"key":"ref36","volume-title":"Platform Independent Code Obfuscation","year":"2023"},{"key":"ref37","volume-title":"Practical data location obfuscation","author":"Anckaert","year":"2009"},{"key":"ref38","first-page":"1","article-title":"Address obfuscation: An efficient approach to combat a broad range of memory error exploits","volume-title":"Proc. 12th USENIX Secur. Symp.","author":"Bhatkar"},{"issue":"1","key":"ref39","first-page":"176","article-title":"Software obfuscation on a theoretical basis and its implementation","volume":"86","author":"Ogiso","year":"2003","journal-title":"IEICE Trans. Fundam. Electron., Commun. Comput. Sci."},{"key":"ref40","first-page":"391","article-title":"Control flow obfuscation with information flow tracking","volume-title":"Proc. 42nd Annu. IEEE\/ACM Int. Symp. Microarchitecture (MICRO)","author":"Chen"},{"key":"ref41","volume-title":"Object size checking to prevent (some) buffer overflows","author":"Jelinek","year":"2004"},{"key":"ref42","volume-title":"Broadening compiler checks for buffer overflows in fortify_source","author":"Poyarekar","year":"2021"},{"key":"ref43","volume-title":"A new builtin: Builtin_dynamic_object_size","author":"Pilkington","year":"2019"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2019.00026"},{"key":"ref45","volume-title":"Shadow Call Stack","year":"2019"},{"key":"ref46","volume-title":"Retpoline: A software construct for preventing branch-target-injection","author":"Turner","year":"2018"},{"key":"ref47","volume-title":"Retpoline: A Branch Target Injection Mitigation","year":"2018"},{"key":"ref48","volume-title":"Retpoline: A Software Construct for Preventing Branch-Target-Injection","year":"2023"},{"key":"ref49","volume-title":"PaX: Address Space Layout Randomization","year":"2003"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2016.7783743"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23271"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.23"},{"key":"ref53","volume-title":"Pointer Authentication on ARMv8.3: Design and Analysis of the New Software Security Instructions","year":"2017"},{"key":"ref54","first-page":"177","article-title":"PAC it up: Towards pointer integrity using ARM pointer authentication","volume-title":"Proc. 28th USENIX Conf. Secur. Symp.","author":"Liljestrand"},{"key":"ref55","first-page":"89","article-title":"In-kernel control-flow integrity on commodity OSes using ARM pointer authentication","volume-title":"Proc. USENIX Secur. Symp.","author":"Yoo"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3470496.3527429"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS54340.2022.00027"},{"key":"ref58","volume-title":"ARM A-Profile Architecture Developments 2018: ARMV8.5-A","year":"2018"},{"key":"ref59","volume-title":"ARMV8-A Reference Manual","year":"2023"},{"key":"ref60","volume-title":"Intel 64 and IA-32 Architectures Software Developer\u2019s Manual","year":"2023"},{"key":"ref61","volume-title":"Memory tagging and how it improves C\/C+ memory safety","author":"Serebryany","year":"2018"},{"key":"ref62","volume-title":"The ARM64 Memory Tagging Extension in Linux","year":"2023"},{"key":"ref63","volume-title":"ARMV8.5-A Memory Tagging Extension","year":"2019"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3590331"},{"key":"ref65","article-title":"Intel memory protection extensions enabling guide","author":"Ramakesavan","year":"2015"},{"key":"ref66","volume-title":"Intel\u00ae Memory Protection Extensions (Intel\u00ae MPX) Support in the GCC Compiler","year":"2016"},{"key":"ref67","volume-title":"Intel(R) Memory Protection Extensions (MPX)","year":"2016"},{"key":"ref68","volume-title":"Support for Intel\u00ae Memory Protection Extensions (Intel\u00ae MPX) Technology","year":"2019"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/3224423"},{"key":"ref70","volume-title":"Control-Flow Enforcement Technology Specification","year":"2019"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/3476989"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/3337167.3337175"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/ICIN53892.2022.9758089"},{"key":"ref74","volume-title":"Intel Architecture Instruction Set Extensions and Future Features","year":"2023"},{"key":"ref75","article-title":"An introduction to cheri","author":"Watson","year":"2019"},{"key":"ref76","volume-title":"CHERI C\/C++ Programming Guide","year":"2023"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.9"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2014.6853201"},{"key":"ref79","volume-title":"ARM Virtual Address Tagging","year":"2023"},{"key":"ref80","volume-title":"LLVM Hardware-Assisted AddressSanitizer Design Documentation","year":"2023"},{"key":"ref81","volume-title":"Understanding HWASan Reports","year":"2023"},{"key":"ref82","volume-title":"HWAddressSanitizer\u2014Android","year":"2023"},{"key":"ref83","article-title":"Memory tagging: A memory efficient design","author":"Partap","year":"2022","journal-title":"arXiv:2209.00307"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.6028\/jres.123.005"},{"key":"ref85","volume-title":"Juliet Test Suite V1.2 for C\/C+","year":"2024"},{"key":"ref86","volume-title":"STONESOUP\u2014Securely Taking On New Executable Software of Uncertain Provenance","year":"2009"},{"key":"ref87","first-page":"1","article-title":"MINESTRONE: Testing the SOUP","volume-title":"Proc. CSET","author":"Benameur"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076739"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/3129743.3129748"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818016"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23037"},{"key":"ref92","article-title":"Performance and entropy of various aslr implementations","author":"Detter","year":"2015"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/ICEIEC49280.2020.9152302"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC54503.2022.9720884"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/3517208.3523758"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCME55909.2022.9988527"},{"key":"ref97","first-page":"49","article-title":"X-RIPE: A modern cross-platform runtime intrusion prevention evaluator","volume-title":"Proc. 17th Annu. Workshop Operating Syst. Platforms Embedded Real-Time Appl. (OSPERT)","author":"Serra"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1504\/IJICS.2016.079187"},{"key":"ref100","volume-title":"The Case for Memory Safe Roadmaps","year":"2024"},{"key":"ref101","volume-title":"Rust Introduction for V6.1-rc1","year":"2024"},{"key":"ref102","article-title":"C-rusted: The advantages of rust, in C, without the disadvantages","author":"Bagnara","year":"2023","journal-title":"arXiv:2302.05331"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.3390\/info10040122"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-020-00055-5"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1145\/3417978"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3006143"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1002\/ett.4150"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3097247"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3041951"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1007\/11937807_13"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2017.00-36"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2017.7966342"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23204"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1145\/3576914.3587551"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1109\/ACT.2010.33"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2012.34"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.3390\/jcp2040041"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-15618-7_6"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029812"},{"key":"ref120","article-title":"ROPNN: Detection of ROP payloads using deep neural networks","author":"Li","year":"2018","journal-title":"arXiv:1807.11110"},{"key":"ref121","article-title":"DeepCheck: A non-intrusive control-flow integrity checking based on deep learning","author":"Zhang","year":"2019","journal-title":"arXiv:1905.01858"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00025"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3170479"},{"key":"ref124","first-page":"611","article-title":"Recognizing functions in binaries with neural networks","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Shin"},{"key":"ref125","first-page":"99","article-title":"Neural nets can learn function type signatures from binaries","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Chua"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243792"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1145\/357980.358017"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1994.365700"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1038\/nature23461"},{"key":"ref131","article-title":"Report on post-quantum cryptography, volume 12","author":"Chen","year":"8105"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10380310\/10477384.pdf?arnumber=10477384","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,9]],"date-time":"2024-04-09T19:44:55Z","timestamp":1712691895000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10477384\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":131,"URL":"https:\/\/doi.org\/10.1109\/access.2024.3380478","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]}}}