{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T08:44:34Z","timestamp":1773737074141,"version":"3.50.1"},"reference-count":67,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2018,6,1]],"date-time":"2018-06-01T00:00:00Z","timestamp":1527811200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"name":"Natural Science Basic Research Plan in Shaanxi Province of China","award":["2015JM6351"],"award-info":[{"award-number":["2015JM6351"]}]},{"DOI":"10.13039\/501100001809","name":"Key Program of the National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1405255"],"award-info":[{"award-number":["U1405255"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Shaanxi Science and Technology Coordination and Innovation Project","award":["2016TZC-G-6-3"],"award-info":[{"award-number":["2016TZC-G-6-3"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2018,6]]},"DOI":"10.1109\/tifs.2018.2797932","type":"journal-article","created":{"date-parts":[[2018,1,25]],"date-time":"2018-01-25T19:16:28Z","timestamp":1516907788000},"page":"1535-1550","source":"Crossref","is-referenced-by-count":36,"title":["Fine-CFI: Fine-Grained Control-Flow Integrity for Operating System Kernels"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0709-7434","authenticated-orcid":false,"given":"Jinku","family":"Li","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5528-7131","authenticated-orcid":false,"given":"Xiaomeng","family":"Tong","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3365-2526","authenticated-orcid":false,"given":"Fengwei","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Jianfeng","family":"Ma","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","year":"2017","journal-title":"Supervisor Mode Access Prevention"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.24"},{"key":"ref33","year":"2017","journal-title":"Kernel-based Virtual Machine"},{"key":"ref32","year":"2017","journal-title":"LLVM-Project"},{"key":"ref31","year":"2017","journal-title":"LLVM Language Reference Manual"},{"key":"ref30","year":"2017","journal-title":"The Llvm Compiler Infrastructure"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076739"},{"key":"ref36","author":"salwan","year":"2017","journal-title":"ropgadget"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_1"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755934"},{"key":"ref62","first-page":"1","article-title":"Secure virtualarchitecture: A safe execution environment for commodity operating systems","author":"criswell","year":"2007","journal-title":"Proc ACM Symp Oper Syst Principles"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315260"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2159712"},{"key":"ref63","year":"2017","journal-title":"Rap Rip Rop"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.26"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"ref65","first-page":"1","article-title":"Control-flow bending: On the effectiveness of control-flow integrity","author":"carlini","year":"2015","journal-title":"Proc Usenix Secur Symp"},{"key":"ref29","year":"2017","journal-title":"QEMU-the FAST! Processor Emulator"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516713"},{"key":"ref2","first-page":"2017","article-title":"Exec shield","volume":"1","author":"van de ven","year":"2004","journal-title":"Retr Mar"},{"key":"ref1","author":"andersen","year":"2004","journal-title":"Data Execution Prevention Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 3 Memory Protection Technologies"},{"key":"ref20","first-page":"1","article-title":"Code-pointer integrity","author":"kuznetsov","year":"2014","journal-title":"Proc USENIX Symp on Operating System Design and Implementation"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813676"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23271"},{"key":"ref24","author":"kuznetsov","year":"2015","journal-title":"Poster Getting the Point (er) On the Feasibility of Attacks on Code-Pointer Integrity"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.53"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.30"},{"key":"ref25","first-page":"1","article-title":"kGuard: Lightweight kernel protection against return-to-user attacks","author":"kemerlis","year":"2012","journal-title":"Proc Usenix Secur Symp"},{"key":"ref50","first-page":"177","article-title":"Non-control-data attacks are realistic threats","author":"chen","year":"2005","journal-title":"Proc Usenix Secur Symp"},{"key":"ref51","first-page":"75","article-title":"XFI: Software guards for system address spaces","author":"erlingsson","year":"2006","journal-title":"Proc USENIX Symp on Operating System Design and Implementation"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813673"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813644"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516649"},{"key":"ref55","first-page":"1","article-title":"Strato: A retargetable framework for low-level inlined-reference monitors","author":"zeng","year":"2013","journal-title":"Proc Usenix Secur Symp"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076783"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23421"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23218"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.23"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref40","year":"2017","journal-title":"Supervisor Mode Access Prevention"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"ref13","first-page":"1","article-title":"Control flow integrity for COTS binaries","author":"zhang","year":"2013","journal-title":"Proc Usenix Secur Symp"},{"key":"ref14","first-page":"559","article-title":"Practical control flow integrity and randomization for binary executables","author":"zhang","year":"2013","journal-title":"Proc IEEE Symp Secur Privacy (SP)"},{"key":"ref15","first-page":"1","article-title":"Enforcing forward-edge control-flow integrity in GCC & LLVM","author":"tice","year":"2014","journal-title":"Proc Usenix Secur Symp"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.43"},{"key":"ref17","first-page":"1","article-title":"ROP is still dangerous: Breaking modern defenses","author":"carlini","year":"2014","journal-title":"Proc Usenix Secur Symp"},{"key":"ref18","first-page":"1","article-title":"Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection","author":"davi","year":"2014","journal-title":"Proc Usenix Secur Symp"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813671"},{"key":"ref4","first-page":"552","article-title":"The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the \n$\\times$\n86)","author":"shacham","year":"2007","journal-title":"Proc ACM Conf Comput Commun Secur"},{"key":"ref3","first-page":"4","article-title":"The advanced return-into-lib (c) exploits: Pax case study","volume":"11","author":"wojtczuk","year":"2001","journal-title":"Phrack Mag"},{"key":"ref6","first-page":"1","article-title":"Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms","author":"hund","year":"2009","journal-title":"Proc Usenix Secur Symp"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455776"},{"key":"ref8","first-page":"30","article-title":"Jump-oriented programming: A new class of code-reuse attack","author":"bletsch","year":"2011","journal-title":"Computer Communications of the ACM"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23233"},{"key":"ref9","year":"2003","journal-title":"Pax ASLR"},{"key":"ref46","year":"2017","journal-title":"SPEC CPU 2006"},{"key":"ref45","year":"2017","journal-title":"UnixBench"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_2"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653728"},{"key":"ref42","year":"2017","journal-title":"Practical Smep\/Smap Bypass Techniques on Linux"},{"key":"ref41","year":"2017","journal-title":"CVE-2017-2636 Exploit the Race Condition in the n_hdlc Linux Kernel Driver Bypassing SMEP"},{"key":"ref44","year":"2017","journal-title":"LMbench—Tools for Performance Analysis"},{"key":"ref43","year":"2017","journal-title":"Phoronix test suite"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/8283858\/08269390.pdf?arnumber=8269390","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:17:55Z","timestamp":1642004275000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/8269390\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,6]]},"references-count":67,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2018.2797932","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,6]]}}}