{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T13:50:42Z","timestamp":1774965042242,"version":"3.50.1"},"reference-count":68,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,12,12]],"date-time":"2021-12-12T00:00:00Z","timestamp":1639267200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,12,12]],"date-time":"2021-12-12T00:00:00Z","timestamp":1639267200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000185","name":"DARPA","doi-asserted-by":"publisher","award":["HR0011-18-C-0019,NSF 1453806,1704778,1817020,SRC UTA19-001350,2019-TS-2965"],"award-info":[{"award-number":["HR0011-18-C-0019,NSF 1453806,1704778,1817020,SRC UTA19-001350,2019-TS-2965"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,12,12]]},"DOI":"10.1109\/host49136.2021.9702275","type":"proceedings-article","created":{"date-parts":[[2022,2,15]],"date-time":"2022-02-15T06:21:12Z","timestamp":1644906072000},"page":"226-238","source":"Crossref","is-referenced-by-count":17,"title":["Morpheus II: A RISC-V Security Extension for Protecting Vulnerable Software and Hardware"],"prefix":"10.1109","author":[{"given":"Austin","family":"Harris","sequence":"first","affiliation":[{"name":"University of Texas"}]},{"given":"Tarunesh","family":"Verma","sequence":"additional","affiliation":[{"name":"University of Michigan"}]},{"given":"Shijia","family":"Wei","sequence":"additional","affiliation":[{"name":"University of Texas"}]},{"given":"Lauren","family":"Biernacki","sequence":"additional","affiliation":[{"name":"University of Michigan"}]},{"given":"Alex","family":"Kisil","sequence":"additional","affiliation":[{"name":"Agita Labs"}]},{"given":"Misiker Tadesse","family":"Aga","sequence":"additional","affiliation":[{"name":"University of Michigan"}]},{"given":"Valeria","family":"Bertacco","sequence":"additional","affiliation":[{"name":"University of Michigan"}]},{"given":"Baris","family":"Kasikci","sequence":"additional","affiliation":[{"name":"University of Michigan"}]},{"given":"Mohit","family":"Tiwari","sequence":"additional","affiliation":[{"name":"University of Texas"}]},{"given":"Todd","family":"Austin","sequence":"additional","affiliation":[{"name":"University of Michigan"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3129743.3129748"},{"key":"ref38","year":"2018","journal-title":"Arm architecture Armv8 5-A announcement - branch target indicators (BTI) - Arm community"},{"key":"ref33","doi-asserted-by":"crossref","first-page":"1295","DOI":"10.1109\/TVLSI.2006.887799","article-title":"Hardware-assisted run-time monitoring for secure program execution on embedded processors","volume":"14","author":"arora","year":"2006","journal-title":"IEEE Trans Very Large Scale Integr Syst"},{"key":"ref32","first-page":"941","article-title":"Enforcing forward-edge control-flow integrity in GCC & LLVM","author":"tice","year":"0","journal-title":"Proceedings of the 23rd USENIX conference on Security Symposium"},{"key":"ref31","first-page":"559","article-title":"Practical control flow integrity and randomization for binary executables","author":"zhang","year":"0","journal-title":"Proceedings of the 2013 IEEE Symposium on Security and Privacy ser SP'13"},{"key":"ref30","year":"0","journal-title":"Data execution prevention - Win32 apps I microsoft docs"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3337167.3337175"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857722"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2897937.2898098"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2018.00014"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.22"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2018.2141035"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2018.00056"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23262"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3219617.3219662"},{"key":"ref65","article-title":"ZeRØ: Zero-Overhead Resilient Operation Under Pointer Integrity Attacks","author":"ziad","year":"2021","journal-title":"Proceedings of the 48th International Symposium on Computer Architecture ser ISCA'21"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/3207719.3207726"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358299"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/WWC.2001.990739"},{"key":"ref68","article-title":"Non-Control-Data Attacks Are Realistic Threats","author":"chen","year":"0","journal-title":"14th USENIX Security Symposium (USENIX Security 2005)"},{"key":"ref2","year":"0","journal-title":"DARPA FETT bug bounty program"},{"key":"ref1","first-page":"469","article-title":"Morpheus: A Vulnerability-Tolerant Secure Architecture Based on Ensembles of Moving Target Defenses with Churn","volume":"19","author":"gallagher","year":"0","journal-title":"Proceedings of the fourth international conference on Architectural support for programming languages and operating systems - AS"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"ref22","first-page":"139","article-title":"What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses","author":"maisuradze","year":"0","journal-title":"25th USENIX Security Symposium (USENIX Security 16)"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"ref24","year":"0","journal-title":"lowRISC·lowRISC"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2014.6853201"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694383"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2017.7943502"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/1133255.1134000"},{"key":"ref51","article-title":"N-variant systems: A secretless framework for security through diversity","author":"cox","year":"0","journal-title":"Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15"},{"key":"ref59","author":"barry","year":"0","journal-title":"FreeRTOS"},{"key":"ref58","first-page":"585","author":"beaulieu","year":"2015","journal-title":"SIMON and SPECK Block Ciphers for the Internet of Things"},{"key":"ref57","year":"0","journal-title":"HAFNIUM targeting Exchange Servers with 0-day exploits"},{"key":"ref56","year":"0","journal-title":"System security integrated through hardware and firmware (ssith)"},{"key":"ref55","year":"0","journal-title":"2020 CWE Top 25 Most Dangerous Software Weaknesses"},{"key":"ref54","article-title":"Using Name Confusion to Enhance Security","author":"ziad","year":"2020","journal-title":"ArXiv"},{"key":"ref53","first-page":"367","article-title":"Shuffler: Fast and Deployable Continuous Code Re-Randomization","author":"williams-king","year":"0","journal-title":"12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16)"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2008.4630087"},{"key":"ref10","author":"asanovic","year":"2016","journal-title":"The rocket chip generator"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2000.821514"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813676"},{"key":"ref12","year":"0","journal-title":"Stack-based buffer overflow (4 4)"},{"key":"ref13","year":"0","journal-title":"Heap-based buffer overflow (4 4)"},{"key":"ref14","year":"0","journal-title":"Use of externally-controlled format string (4 4)"},{"key":"ref15","year":"0","journal-title":"Use after free (4 4)"},{"key":"ref16","year":"0","journal-title":"Double free (4 4)"},{"key":"ref17","author":"peslyak","year":"1997","journal-title":"Bugtraq Getting around non-executable stack (and fix)"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"ref3","author":"shvets","year":"0","journal-title":"Enhanced virus protection \/ execute disable bit"},{"key":"ref6","year":"0","journal-title":"Internet Explorer IFRAME Src&name Parameter BoF Remote Compromise"},{"key":"ref5","author":"ngyuen","year":"0","journal-title":"Introduction to Cache Allocation Technology in the Intel® Xeon® Processor E5 v4 Family"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2024716.2024718"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3419841"},{"key":"ref9","article-title":"The gem5 Simulator: Version 20.0+","author":"lowe-power","year":"2020","journal-title":"ArXiv"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920268"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516670"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/HST.2017.7951732"},{"key":"ref47","article-title":"Where's the FEEB? The effectiveness of instruction set randomization","author":"sovarel","year":"0","journal-title":"Proceedings of the 14th USENIX Security Symposium Baltimore MD USA July 31 - August 5 2005"},{"key":"ref42","article-title":"PointGuard™: Protecting pointers from buffer overflow vulnerabilities","author":"cowan","year":"0","journal-title":"Pro ceedings of the 12th USENIX Security Symposium Washington D C USA August 4–8 2003"},{"key":"ref41","author":"productsecurity","year":"2017","journal-title":"Pointer authentication on ARMv8 3 Design and analysis of the new software security instructions"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2004.20"}],"event":{"name":"2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","location":"Tysons Corner, VA, USA","start":{"date-parts":[[2021,12,12]]},"end":{"date-parts":[[2021,12,15]]}},"container-title":["2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9702149\/9702266\/09702275.pdf?arnumber=9702275","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,16]],"date-time":"2022-05-16T20:44:36Z","timestamp":1652733876000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9702275\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,12]]},"references-count":68,"URL":"https:\/\/doi.org\/10.1109\/host49136.2021.9702275","relation":{},"subject":[],"published":{"date-parts":[[2021,12,12]]}}}