{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,19]],"date-time":"2026-06-19T16:11:23Z","timestamp":1781885483919,"version":"3.54.5"},"reference-count":74,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Science and Technology Innovation Program of Hunan Province","award":["2024RC3136"],"award-info":[{"award-number":["2024RC3136"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62272477"],"award-info":[{"award-number":["62272477"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62421002"],"award-info":[{"award-number":["62421002"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62272472"],"award-info":[{"award-number":["62272472"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62302050"],"award-info":[{"award-number":["62302050"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372121"],"award-info":[{"award-number":["62372121"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Research Project of National University of Defense Technology","award":["ZK23-14"],"award-info":[{"award-number":["ZK23-14"]}]},{"name":"Research Project of Key Laboratory of the State Administration of Science, Technology and Industry for National Defense","award":["WDZC20245250105"],"award-info":[{"award-number":["WDZC20245250105"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3580342","type":"journal-article","created":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T14:56:40Z","timestamp":1750085800000},"page":"7137-7152","source":"Crossref","is-referenced-by-count":2,"title":["Efficient Forward-Edge Control-Flow Integrity for COTS Binaries via Arm BTI"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7276-8735","authenticated-orcid":false,"given":"Tai","family":"Yue","sequence":"first","affiliation":[{"name":"Intelligent Game and Decision Lab, Academy of Military Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2284-7897","authenticated-orcid":false,"given":"Kai","family":"Lu","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7763-1079","authenticated-orcid":false,"given":"Zhenyu","family":"Ning","sequence":"additional","affiliation":[{"name":"College of Computer Science and Electronic Engineering, Hunan University, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3408-4153","authenticated-orcid":false,"given":"Pengfei","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5027-1234","authenticated-orcid":false,"given":"Lei","family":"Zhou","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0075-5003","authenticated-orcid":false,"given":"Xu","family":"Zhou","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yaohua","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3365-2526","authenticated-orcid":false,"given":"Fengwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, the Research Institute of Trustworthy Autonomous Systems, Southern University of Science and Technology, Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7709-0751","authenticated-orcid":false,"given":"Gen","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Return oriented programming for the arm architecture","author":"Kornau","year":"2010"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"ref4","article-title":"Data execution prevention. changes to functionality in Microsoft windows XP service pack 2, part 3: Memory protection technologies","author":"Andersen","year":"2004"},{"key":"ref5","volume-title":"PaX Address Space Layout Randomization (ASLR)","author":"Team","year":"2003"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607219"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818017"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.44"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24386"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714635"},{"key":"ref12","first-page":"144","article-title":"Fine-grained control-flow integrity through binary hardening","volume-title":"Proc. Int. Conf. Detection Intrusions Malware, Vulnerability Assessment","author":"Almgren"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966920"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.60"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00009"},{"key":"ref16","first-page":"1683","article-title":"Breaking through binaries: Compiler-quality instrumentation for better binary-only fuzzing","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Nagy"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813673"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3093336.3037716"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029830"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2017.18"},{"key":"ref21","first-page":"131","article-title":"Efficient protection of path-sensitive control security","volume-title":"Proc. USENIX Conf. Security","author":"Ding"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243797"},{"key":"ref23","article-title":"Intel processor trace on Linux","volume-title":"Tracing Summit 2015","author":"Kleen","year":"2015"},{"key":"ref24","volume-title":"Arm CoreSight SoC-400 Technical Reference Manual","year":"2016"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_13"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00017"},{"key":"ref27","volume-title":"Intel 64 and Ia-32 Architectures Software Developer Manuals","year":"2024"},{"key":"ref28","first-page":"447","article-title":"Transparent ROP exploit mitigation using indirect branch tracing","volume-title":"Proc. 22nd USENIX Secur. Symp. (USENIX Secur. 13)","author":"Pappas"},{"key":"ref29","first-page":"385","article-title":"ROP is still dangerous: Breaking modern defenses","volume-title":"Proc. USENIX Secur. Symp.","author":"Carlini"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00061"},{"key":"ref31","first-page":"557","article-title":"Inferring fine-grained control flow inside SGX enclaves with branch shadowing","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur. 17)","author":"Lee"},{"key":"ref32","article-title":"Detecting process hijacking and software supply chain attacks using Intel threat detection technology","author":"Zhang"},{"key":"ref33","first-page":"337","article-title":"Control flow integrity for COTS binaries","volume-title":"Proc. 22nd USENIX Secur. Symp.","author":"Zhang"},{"key":"ref34","first-page":"161","article-title":"Control-flow bending: On the effectiveness of control-flow integrity","volume-title":"Proc. 24th USENIX Secur. Symp. (USENIX Secur. 15)","author":"Carlini"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23297"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_20"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2013.6657084"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2013.6522324"},{"key":"ref39","article-title":"InversOS: Efficient control-flow protection for AArch64 applications with privilege inversion","author":"Shen","year":"2023","journal-title":"arXiv:2304.08717"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813671"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.43"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"ref43","volume-title":"Arm Architecture Reference Manual for A-profile Architecture","year":"2023"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378470"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387550"},{"key":"ref46","volume-title":"The CFI Function of Etharden is Incomplete","year":"2025"},{"key":"ref47","first-page":"1075","article-title":"Datalog disassembly","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Flores-Montoya"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3546096.3546112"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134627"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3385972"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23156"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/TVLSI.2016.2548561"},{"key":"ref53","first-page":"1","article-title":"Afl++: Combining incremental steps of fuzzing research","volume-title":"Proc. 14th USENIX Workshop Offensive Technol. (WOOT 20)","author":"Fioraldi"},{"key":"ref54","first-page":"2307","article-title":"EcoFuzz: Adaptive energy-saving greybox fuzzing as a variant of the adversarial multi-armed bandit","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Yue"},{"key":"ref55","first-page":"209","article-title":"KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs","volume-title":"Proc. OSDI","volume":"8","author":"Cadar"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/1064978.1065034"},{"key":"ref58","article-title":"Efficient, transparent, and comprehensive runtime code manipulation","author":"Bruening","year":"2004"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397377"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359823"},{"key":"ref61","first-page":"6311","article-title":"Armore: Pushing love back into binaries","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Di Bartolomeo"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-017-0299-1"},{"key":"ref63","volume-title":"Linux\/Unix nbench","author":"Mayer","year":"2003"},{"key":"ref64","first-page":"177","article-title":"PAC it up: Towards pointer integrity using ARM pointer authentication","volume-title":"Proc. 28th USENIX Conf. Secur. Symp.","author":"Liljestrand"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560627"},{"key":"ref66","first-page":"31","article-title":"DECAF++: Elastic whole-system dynamic taint analysis","volume-title":"Proc. 22nd Int. Symp. Res. Attacks, Intrusions Defenses (RAID)","author":"Davanian"},{"key":"ref67","first-page":"437","article-title":"HyperEnclave: An open and cross-platform trusted execution environment","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Jia"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179307"},{"issue":"7","key":"ref69","first-page":"848","article-title":"An improved method on static binary analysis to enhance the context-sensitive CFI","volume":"11","author":"Shen","year":"2017","journal-title":"Int. J. Comput. Inf. Eng."},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/3316781.3322469"},{"key":"ref71","article-title":"A study of binary instrumentation techniques","author":"Priyadarshan","year":"2019"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2744847"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3517208.3523758"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3371151"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11037594.pdf?arnumber=11037594","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T18:35:15Z","timestamp":1762281315000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11037594\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":74,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3580342","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}