{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T02:06:41Z","timestamp":1773194801418,"version":"3.50.1"},"reference-count":161,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/acsacw69556.2025.00062","type":"proceedings-article","created":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T19:56:13Z","timestamp":1773086173000},"page":"531-545","source":"Crossref","is-referenced-by-count":0,"title":["NOPoutNG: Improving the Effectiveness of Hardware-assisted Control-flow Integrity via Dynamic Landing Pad Elision"],"prefix":"10.1109","author":[{"given":"Alexander J.","family":"Gaidis","sequence":"first","affiliation":[{"name":"Brown University,Providence,USA"}]},{"given":"Jamie","family":"Gabbay","sequence":"additional","affiliation":[{"name":"Brown University,Providence,USA"}]},{"given":"Joao","family":"Moreira","sequence":"additional","affiliation":[{"name":"Microsoft,Redmond,USA"}]},{"given":"Vasileios P.","family":"Kemerlis","sequence":"additional","affiliation":[{"name":"Brown University,Providence,USA"}]}],"member":"263","reference":[{"key":"ref1","first-page":"869","article-title":"Debloating Software through Piece-Wise Compilation and Loading","volume-title":"USENIX Security Symposium (SEC)","author":"Quach"},{"key":"ref2","doi-asserted-by":"crossref","DOI":"10.1109\/MS.2015.40","article-title":"Code Inflation","author":"Holzmann","year":"2015"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3141235.3141242"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09914-8"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1984.tb00055.x"},{"key":"ref6","first-page":"86","article-title":"Memory Errors: The Past, the Present, and the Future","volume-title":"International Symposium on Research in Attacks, Intrusions and Defenses (RAID)","author":"Veen"},{"key":"ref7","article-title":"CWE\/SANS TOP 25 Most Dangerous Software Errors","year":"2023"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978340"},{"key":"ref10","article-title":"A proactive approach to more secure code","year":"2019"},{"key":"ref11","article-title":"Memory safety","year":"2023"},{"key":"ref12","article-title":"Mitigating Memory Safety Issues in Open Source Software","year":"2021"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542504"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1806651.1806657"},{"key":"ref15","first-page":"147","article-title":"Code-Pointer Integrity","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Kuznetsov"},{"issue":"49","key":"ref16","article-title":"Smashing The Stack For Fun And Profit","volume":"7","author":"One","year":"1996","journal-title":"Phrack Magazine"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.43"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3054924"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"ref25","first-page":"75","article-title":"XFI: Software Guards for System Address Spaces","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Erlingsson"},{"key":"ref26","first-page":"209","article-title":"Evaluating SFI for a CISC Architecture","volume-title":"USENIX Security Symposium (SEC)","author":"McCamant"},{"key":"ref27","first-page":"1","article-title":"Adapting Software Fault Isolation to Contemporary CPU Architectures","volume-title":"USENIX Security Symposium (SEC)","author":"Sehr"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.30"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076783"},{"key":"ref30","article-title":"MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones","volume-title":"Network and Distributed System Security Symposium (NDSS)","author":"Davi"},{"key":"ref31","first-page":"459","article-title":"kGuard: Lightweight Kernel Protection against Return-to-User Attacks","volume-title":"USENIX Security Symposium (SEC)","author":"Kemerlis"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.44"},{"key":"ref33","first-page":"337","article-title":"Control Flow Integrity for COTS Binaries","volume-title":"USENIX Security Symposium (SEC)","author":"Zhang"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516649"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523674"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23156"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23287"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.26"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594295"},{"key":"ref40","first-page":"941","article-title":"Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM","volume-title":"USENIX Security Symposium (SEC)","author":"Tice"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660281"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664249"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23099"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23297"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_8"},{"key":"ref46","article-title":"RAP: RIP ROP","volume-title":"Hackers 2 Hackers Conference (H2HC)","author":"Team"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813644"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818017"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818025"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23421"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23164"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.24"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.60"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23096"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052976"},{"key":"ref56","article-title":"DROP THE ROP: Fine-grained Control-flow Integrity for the Linux Kernel","author":"Moreira","year":"2017","journal-title":"Black Hat Asia (BHASIA)"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133986"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23279"},{"key":"ref59","article-title":"\u03c4CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries","volume-title":"International Symposium on Research in Attacks, Intrusions and Defenses (RAID)","author":"Grossklags"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359797"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446740"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"key":"ref64","first-page":"447","article-title":"Transparent ROP Exploit Mitigation using Indirect Branch Tracing","volume-title":"USENIX Security Symposium (SEC)","author":"Pappas"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23271"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813676"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813673"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978358"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029830"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/3093336.3037716"},{"key":"ref71","first-page":"131","article-title":"Efficient Protection of Path-Sensitive Control Security","volume-title":"USENIX Security Symposium (SEC)","author":"Ding"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_12"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134618"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2797932"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2866164"},{"key":"ref76","first-page":"127","article-title":"VMCFI: Control-Flow Integrity for Virtual Machine Kernel Using Intel PT","volume-title":"International Conference on Computational Science and Its Applications (ICCSA)","author":"Kwon"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243797"},{"key":"ref78","article-title":"Control-Flow Integrity for Real-Time Embedded Systems","volume-title":"Euromicro Conference on Real-Time Systems (ECRTS)","author":"Walls"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24016"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/DAC.2014.6881460"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2744847"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_4"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3075564.3075570"},{"key":"ref84","article-title":"Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security","year":"2017"},{"key":"ref85","article-title":"Control Flow Integrity","year":"2022"},{"key":"ref86","article-title":"Control Flow Integrity","year":"2023"},{"key":"ref87","year":"2021","journal-title":"Intel 64 and IA-32 Architectures Software Developer\u2019s Manual"},{"key":"ref88","year":"2020","journal-title":"ARM A64 Instruction Set Architecture \u2013 Branch Target Identification"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/3337167.3337175"},{"key":"ref90","year":"2019","journal-title":"Control-flow Enforcement Technology Specification"},{"key":"ref91","first-page":"161","article-title":"Control-Flow Bending: On the Effectiveness of Control-Flow Integrity","volume-title":"USENIX Security Symposium (SEC)","author":"Carlini"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607219"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/ICDSC.2001.918971"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00076"},{"key":"ref96","article-title":"Getting around non-executable stack (and fix)","year":"1997"},{"key":"ref97","article-title":"Kernel release status","author":"Corbet","year":"2023"},{"key":"ref98","article-title":"Control-Flow Enforcement Technology","volume-title":"Linux Plumbers Conference (LPC)","author":"Lu"},{"key":"ref99","article-title":"x86: Support Intel IBT with IBT property and IBT-enable PLT","volume-title":"Patch to GNU Binutils mailing list","author":"Lu","year":"2017"},{"key":"ref100","article-title":"Indirect branch tracking for intel cpus","volume-title":"LWN.net","author":"Corbet","year":"2018"},{"key":"ref101","article-title":"Intel CET support in glibc: \u2018\u2013enable-cet\u2018 (IBT + shadow stack)","year":"2018"},{"key":"ref102","article-title":"Linux 6.2 Released","volume-title":"Linux Kernel release notes \/ KernelNewbies","year":"2023"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690201"},{"key":"ref104","article-title":"Control Flow Integrity","year":"2023"},{"key":"ref105","article-title":"Control Flow Guard for platform security","year":"2022"},{"key":"ref106","article-title":"x86 NX support","author":"Corbet","year":"2004"},{"key":"ref107","article-title":"i386 W\u02c6X","year":"2003"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/HOTOS.1997.595185"},{"key":"ref109","first-page":"63","article-title":"StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks","volume-title":"USENIX Security Symposium (SEC)","volume":"98","author":"Cowan"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.25"},{"key":"ref111","first-page":"367","article-title":"Shuffler: Fast and Deployable Continuous Code Re-Randomization","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Williams-King"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00029"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"ref114","article-title":"Security Technologies: RELRO","year":"2019"},{"key":"ref115","article-title":"nginx","year":"2023"},{"key":"ref116","article-title":"Machinefunctionpass class reference","year":"2025"},{"key":"ref117","article-title":"Linux Intel Quilt","year":"2021"},{"key":"ref118","article-title":"When can glibc be built with Clang?","year":"2021"},{"key":"ref119","article-title":"musl libc","year":"2023"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1145\/3185768.3185771"},{"key":"ref121","article-title":"Using SPEC CPU 2017: the \u2018runcpu\u2019 Command","year":"2021"},{"key":"ref122","article-title":"Redis","year":"2023"},{"key":"ref123","article-title":"SQLite","year":"2023"},{"key":"ref124","article-title":"wrk \u2013 a HTTP benchmarking tool","year":"2021"},{"key":"ref125","article-title":"memtier benchmark","year":"2023"},{"key":"ref126","article-title":"Database Speed Comparison","year":"2023"},{"key":"ref127","article-title":"zlib","year":"2025"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1145\/76894.76896"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"ref130","article-title":"Data Execution Prevention","year":"2022"},{"key":"ref131","article-title":"NX bit","year":"2023"},{"key":"ref132","article-title":"Code injection via return-oriented programming","year":"2012"},{"key":"ref133","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.22"},{"key":"ref134","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.23"},{"key":"ref135","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23262"},{"key":"ref136","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23477"},{"key":"ref137","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00024"},{"key":"ref138","first-page":"147","article-title":"Securing software by enforcing data-flow integrity","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Castro"},{"key":"ref139","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.30"},{"key":"ref140","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_1"},{"key":"ref141","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24174-6_4"},{"key":"ref142","doi-asserted-by":"publisher","DOI":"10.1109\/HST.2017.7951732"},{"key":"ref143","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384757"},{"key":"ref144","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"ref145","article-title":"Secure Execution via Program Shepherding","volume-title":"USENIX Security Symposium (SEC)","author":"Kiriansky"},{"key":"ref146","article-title":"What the future holds for PaX","year":"2003"},{"key":"ref147","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00017"},{"key":"ref148","first-page":"195","article-title":"Originsensitive Control Flow Integrity","volume-title":"USENIX Security Symposium (SEC)","author":"Khandaker"},{"key":"ref149","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC63791.2024.00053"},{"key":"ref150","doi-asserted-by":"publisher","DOI":"10.1145\/335169.335201"},{"key":"ref151","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2000.848461"},{"key":"ref152","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00023"},{"key":"ref153","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714635"},{"key":"ref154","first-page":"385","article-title":"ROP is Still Dangerous: Breaking Modern Defenses","volume-title":"USENIX Security Symposium (SEC)","author":"Carlini"},{"key":"ref155","first-page":"401","article-title":"Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection","volume-title":"USENIX Security Symposium (SEC)","author":"Davi"},{"key":"ref156","first-page":"417","article-title":"Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-Reuse Attacks is Hard","volume-title":"USENIX Security Symposium (SEC)","author":"G\u00f6ktas"},{"key":"ref157","doi-asserted-by":"publisher","DOI":"10.1145\/3678890.3678920"},{"key":"ref158","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670308"},{"key":"ref159","first-page":"5877","article-title":"{DEEPTYPE}: Refining indirect call targets with strong multi-layer type analysis","volume-title":"USENIX Security Symposium (SEC)","author":"Xia"},{"key":"ref160","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00189"},{"key":"ref161","first-page":"5895","article-title":"Improving {Indirect-Call} analysis in {LLVM} with type and {Data-Flow}{Co-Analysis}","volume-title":"USENIX Security Symposium (SEC)","author":"Liu"}],"event":{"name":"2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)","location":"Honolulu, HI, USA","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,9]]}},"container-title":["2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11417955\/11417996\/11418050.pdf?arnumber=11418050","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T05:28:53Z","timestamp":1773120533000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11418050\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":161,"URL":"https:\/\/doi.org\/10.1109\/acsacw69556.2025.00062","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}