{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T02:12:28Z","timestamp":1775873548125,"version":"3.50.1"},"reference-count":68,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179433","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"1271-1288","source":"Crossref","is-referenced-by-count":6,"title":["WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches"],"prefix":"10.1109","author":[{"given":"Jianhao","family":"Xu","sequence":"first","affiliation":[{"name":"Nanjing University,State Key Laboratory for Novel Software Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luca Di","family":"Bartolomeo","sequence":"additional","affiliation":[{"name":"EPFL"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Flavio","family":"Toffalini","sequence":"additional","affiliation":[{"name":"EPFL"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bing","family":"Mao","sequence":"additional","affiliation":[{"name":"Nanjing University,State Key Laboratory for Novel Software Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mathias","family":"Payer","sequence":"additional","affiliation":[{"name":"EPFL"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref2","article-title":"Pax address space layout randomization (aslr)","author":"PaX","year":"2003"},{"key":"ref3","first-page":"63","article-title":"Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks","volume-title":"USENIX security symposium","volume":"98","author":"Cowan"},{"key":"ref4","article-title":"Data execution prevention (dep)","year":"2006"},{"key":"ref5","article-title":"The advanced return-into-lib (c) exploits: Pax case study","volume":"70","author":"Wojtczuk","year":"2001","journal-title":"Phrack Magazine, Volume 0x0b, Issue 0x3a, Phile# 0x04 of 0x0e"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_7"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"ref12","article-title":"Clang 16.0.0git documentation: Control flow integrity","author":"team","year":"2022"},{"key":"ref13","first-page":"941","article-title":"Enforcing {Forward-Edge}{Control-Flow} integrity in {GCC} & {LLVM}","volume-title":"23rd USENIX security symposium (USENIX security 14)","author":"Tice"},{"key":"ref14","article-title":"Kernel control flow integrity","author":"Docs","year":"2022"},{"key":"ref15","article-title":"Control flow guard for platform security","author":"Docs"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24078"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3054924"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813671"},{"key":"ref19","first-page":"107","article-title":"Midas: Systematic kernel TOCTTOU protection","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Bhattacharyya"},{"key":"ref20","article-title":"Lock-down: Dynamic control-flow integrity","author":"Payer","year":"2014"},{"key":"ref21","first-page":"941","article-title":"Enforcing Forward-Edge Control-Flow integrity in GCC & LLVM","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Tice"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046713"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594295"},{"key":"ref24","article-title":"Xen xsa 155: Double fetches in paravirtualized devices","author":"Wilhelm","year":"2020"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.4345"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714635"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23318"},{"key":"ref29","first-page":"401","article-title":"Stitching the gadgets: On the ineffectiveness of {Coarse-Grained} {Control-Flow} integrity protection","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Davi"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243739"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243797"},{"key":"ref32","first-page":"1","article-title":"How Double-Fetch situations turn into Double-Fetch vulnerabilities: A study of double fetches in the linux kernel","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Wang"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00017"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.53"},{"key":"ref35","article-title":"Exploiting a cross-mmap overflow in firefox","author":"Gro\u00df","year":"2017"},{"key":"ref36","article-title":"Html living standard: Web workers","year":"2022"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00076"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23190"},{"key":"ref39","article-title":"blazefox - blaze ctf 2018","year":"2018"},{"key":"ref40","article-title":"Radare2 github repository","author":"Team","year":"2017"},{"key":"ref41","first-page":"1805","article-title":"{CONFIRM}: Evaluating compatibility and relevance of control-flow integrity protections for modern software","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Xu"},{"key":"ref42","article-title":"Rap: Rip rop","volume-title":"Hackers 2 Hackers Conference (H2HC)","author":"Team"},{"key":"ref43","article-title":"\/guard (enable control flow guard)","author":"CGH","year":"2021"},{"key":"ref44","article-title":"A technical look at intel\u2019s control-flow enforcement technology","volume-title":"Intel","author":"Patel","year":"2020"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3399742"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3357033"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3129743.3129748"},{"key":"ref48","first-page":"337","article-title":"Control flow integrity for COTS binaries","volume-title":"22nd USENIX Security Symposium (USENIX Security 13)","author":"Zhang","year":"2013"},{"key":"ref49","first-page":"144","article-title":"Fine-grained control-flow integrity through binary hardening","volume-title":"Proceedings of the 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9148, ser. DIMVA 2015","author":"Payer"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664249"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23297"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23099"},{"key":"ref54","first-page":"89","article-title":"In-Kernel Control-Flow integrity on commodity OSes using ARM pointer authentication","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Yoo"},{"key":"ref55","first-page":"161","article-title":"Control-Flow bending: On the effectiveness of Control-Flow integrity","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Carlini"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.62"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196508"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993532"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594334"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/966221.966235"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1090\/psapm\/019\/0242403"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2015.33"},{"key":"ref63","first-page":"1025","article-title":"Dead store elimination (still) considered harmful","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Yang"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.12"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2017.13"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/3377555.3377897"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/3280984"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417289"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2023,5,21]]},"end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179433.pdf?arnumber=10179433","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:14:49Z","timestamp":1721452489000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179433\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":68,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179433","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}