{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T14:40:35Z","timestamp":1775054435646,"version":"3.50.1"},"reference-count":69,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2019,3,1]],"date-time":"2019-03-01T00:00:00Z","timestamp":1551398400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,3,1]],"date-time":"2019-03-01T00:00:00Z","timestamp":1551398400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,3,1]],"date-time":"2019-03-01T00:00:00Z","timestamp":1551398400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001381","name":"National Research Foundation Singapore","doi-asserted-by":"publisher","award":["NRF2016NCRNCR002-026"],"award-info":[{"award-number":["NRF2016NCRNCR002-026"]}],"id":[{"id":"10.13039\/501100001381","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100012543","name":"Shanghai Science and Technology Development Fund","doi-asserted-by":"publisher","award":["16JC1400801"],"award-info":[{"award-number":["16JC1400801"]}],"id":[{"id":"10.13039\/100012543","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2019,3]]},"DOI":"10.1109\/tifs.2018.2855648","type":"journal-article","created":{"date-parts":[[2018,7,12]],"date-time":"2018-07-12T18:37:26Z","timestamp":1531420646000},"page":"693-708","source":"Crossref","is-referenced-by-count":6,"title":["Layered Object-Oriented Programming: Advanced VTable Reuse Attacks on Binary-Level Defense"],"prefix":"10.1109","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1973-4464","authenticated-orcid":false,"given":"Chenyu","family":"Wang","sequence":"first","affiliation":[]},{"given":"Bihuan","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Yang","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Hongjun","family":"Wu","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","first-page":"1","article-title":"Non-control-data attacks are realistic threats","author":"chen","year":"2005","journal-title":"Proc USENIX Security07"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.62"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382216"},{"key":"ref32","author":"joly","year":"2015","journal-title":"Advanced Exploitation of Internet Explorer 10\/Windows 8 Overflow (Pwn2Own 2013)"},{"key":"ref31","year":"2018","journal-title":"Exploiting a 64-Bit Browser With Flash CVE-2015-5119"},{"key":"ref30","year":"2018","journal-title":"CVE-2015-5119"},{"key":"ref37","first-page":"161","article-title":"Control-flow bending: On the effectiveness of control-flow integrity","volume":"14","author":"carlini","year":"2015","journal-title":"Proc USENIX Security07"},{"key":"ref36","first-page":"140","article-title":"Strict virtual call integrity checking for C++ binaries","author":"elsabagh","year":"2017","journal-title":"Proc CCS"},{"key":"ref35","first-page":"1","article-title":"MARX: Uncovering class hierarchies in C++ programs","author":"pawlowski","year":"2017","journal-title":"Proc NDSS"},{"key":"ref34","first-page":"144","article-title":"Fine-grained control-flow integrity through binary hardening","author":"payer","year":"2015","journal-title":"Proc DIMVA"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-49538-X_5"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23421"},{"key":"ref61","first-page":"263","article-title":"Preventing memory error exploits with WIT","author":"akritidis","year":"2008","journal-title":"Proc IEEE Symp Secur Privacy (SP)"},{"key":"ref63","first-page":"1","article-title":"CFIXX: Object type integrity for C++","author":"burow","year":"2018","journal-title":"Proc NDSS"},{"key":"ref28","year":"2018","journal-title":"CVE-2016-9079"},{"key":"ref64","first-page":"147","article-title":"Securing software by enforcing data-flow integrity","author":"castro","year":"2006","journal-title":"Proc OSDI"},{"key":"ref27","year":"2018"},{"key":"ref65","first-page":"1","article-title":"Enforcing kernel security invariants with data flow integrity","author":"song","year":"2016","journal-title":"Proc NDSS"},{"key":"ref66","first-page":"275","article-title":"Cyclone: A safe dialect of C","author":"jim","year":"2002","journal-title":"Proc USENIX ATC"},{"key":"ref29","year":"2018","journal-title":"CVE-2016-9079"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503286"},{"key":"ref68","first-page":"177","article-title":"Cling: A memory allocator to mitigate dangling pointers","author":"akritidis","year":"2010","journal-title":"Proc USENIX Security07"},{"key":"ref69","first-page":"309","article-title":"Address-Sanitizer: A fast address sanity checker","author":"serebryany","year":"2012","journal-title":"Proc USENIX ATC"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.152"},{"key":"ref1","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1007\/978-3-642-23644-0_7","article-title":"On the expressiveness of return-into-libc attacks","author":"tran","year":"2011","journal-title":"Proc 9th Int Conf Recent Adv Intrusion Detect (RAID)"},{"key":"ref20","first-page":"27","article-title":"Opaque control-flow integrity","author":"mohan","year":"2015","journal-title":"Proc NDSS"},{"key":"ref22","year":"2018","journal-title":"$\\times64$ Software Conventions Calling Conventions"},{"key":"ref21","author":"matz","year":"2013","journal-title":"System V Application Binary Interface"},{"key":"ref24","first-page":"1","article-title":"The info leak era on software exploitation","author":"serna","year":"2012","journal-title":"Proc Black Hat USA"},{"key":"ref23","year":"2003","journal-title":"Address Space Layout Randomization (ASLR)"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"ref25","first-page":"25","article-title":"Q: Exploit hardening made easy","author":"schwartz","year":"2011","journal-title":"Proc USENIX Security07"},{"key":"ref50","first-page":"514","article-title":"CodeArmor: Virtualizing the code space to counter disclosure attacks","author":"chen","year":"2017","journal-title":"Proc IEEE Eur Symp Secur Privacy (EuroS P)"},{"key":"ref51","article-title":"XIFER: A software diversity tool against code-reuse attacks","volume":"174","author":"davi","year":"2012","journal-title":"Proc 4th ACM Int Workshop Wireless Students Students Students (S3)"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23287"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813644"},{"key":"ref57","doi-asserted-by":"crossref","first-page":"577","DOI":"10.1145\/2666356.2594295","article-title":"Modular control-flow integrity","volume":"49","author":"niu","year":"2014","journal-title":"ACM SIGPLAN Notices"},{"key":"ref56","first-page":"27","article-title":"Enforcing forward-edge control-flow integrity in GCC & LLVM","volume":"26","author":"tice","year":"2014","journal-title":"Proc USENIX Security07"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991121"},{"key":"ref54","article-title":"Using virtual table protections to prevent the exploitation of object corruption vulnerabilities","author":"miller","year":"2014"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23262"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920269"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.43"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"ref40","first-page":"177","article-title":"Automatic generation of data-oriented exploits","author":"hu","year":"2015","journal-title":"Proc USENIX Security07"},{"key":"ref12","first-page":"745","article-title":"Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications","author":"schuster","year":"2015","journal-title":"Proc S&P"},{"key":"ref13","first-page":"396","article-title":"Towards automated integrity protection of C++ virtual function tables in binary programs","author":"gawlik","year":"2014","journal-title":"Proc CCS"},{"key":"ref14","first-page":"1","article-title":"VTint: Protecting virtual function tables’ integrity","author":"zhang","year":"2015","journal-title":"Proc NDSS"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813676"},{"key":"ref16","first-page":"1","article-title":"VTrust: Regaining trust on virtual calls","author":"zhang","year":"2016","journal-title":"Proc NDSS"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813682"},{"key":"ref18","first-page":"934","article-title":"A tough call: Mitigating advanced code-reuse attacks at the binary level","author":"van der veen","year":"2016","journal-title":"Proc S&P"},{"key":"ref19","first-page":"1","article-title":"vfGuard: Strict protection for virtual function calls in COTS C++ binaries","author":"prakash","year":"2015","journal-title":"Proc NDSS"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"340","DOI":"10.1145\/1102120.1102165","article-title":"Control-flow integrity","author":"abadi","year":"2005","journal-title":"Proc CCS"},{"key":"ref3","article-title":"Data execution prevention. Changes to functionality in microsoft windows XP service pack 2, part 3: Memory protection technologies","author":"andersen","year":"2004"},{"key":"ref6","first-page":"1","article-title":"kBouncer: Efficient and transparent ROP mitigation","author":"pappas","year":"2012"},{"key":"ref5","first-page":"1","article-title":"Robert. ROPecker: A generic and practical approach for defending against ROP attack","author":"cheng","year":"2014","journal-title":"Proc NDSS"},{"key":"ref8","first-page":"385","article-title":"ROP is still dangerous: Breaking modern defenses","author":"carlini","year":"2014","journal-title":"Proc USENIX Security07"},{"key":"ref7","first-page":"559","article-title":"Practical control flow integrity and randomization for binary executables","author":"zhang","year":"2013","journal-title":"Proc S&P"},{"key":"ref49","doi-asserted-by":"crossref","first-page":"268","DOI":"10.1145\/2810103.2813691","article-title":"Timely rerandomization for mitigating memory disclosures","author":"bigelow","year":"2015","journal-title":"Proc 22nd ACM SIGSAC Conf Comput Commun Secur"},{"key":"ref9","first-page":"401","article-title":"Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection","author":"davi","year":"2014","journal-title":"Proc USENIX Security07"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.52"},{"key":"ref45","first-page":"433","article-title":"Oxymoron: Making fine-grained memory randomization practical by allowing code sharing","author":"backes","year":"2014","journal-title":"Proc USENIX Security07"},{"key":"ref48","first-page":"35","article-title":"No-execute-after-read: Preventing code disclosure in commodity software","author":"werner","year":"2016","journal-title":"Proc ASIACCS"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813685"},{"key":"ref42","first-page":"1675","article-title":"The dynamics of innocent flesh on the bone: Code reuse ten years later","author":"van der veen","year":"2017","journal-title":"Proc CCS"},{"key":"ref41","first-page":"30","article-title":"Jump-oriented programming: A new class of code-reuse attack","author":"bletsch","year":"2011","journal-title":"Proc ASIACCS"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813673"},{"key":"ref43","first-page":"147","article-title":"Code-pointer integrity","author":"kuznetsov","year":"2014","journal-title":"Proc OSDI"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/8439094\/08410568.pdf?arnumber=8410568","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,3]],"date-time":"2023-09-03T18:09:03Z","timestamp":1693764543000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8410568\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,3]]},"references-count":69,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2018.2855648","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,3]]}}}