{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T15:50:39Z","timestamp":1775145039851,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,25]],"date-time":"2004-10-25T00:00:00Z","timestamp":1098662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,25]]},"DOI":"10.1145\/1030083.1030124","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:55:16Z","timestamp":1107107716000},"page":"298-307","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":521,"title":["On the effectiveness of address-space randomization"],"prefix":"10.1145","author":[{"given":"Hovav","family":"Shacham","sequence":"first","affiliation":[{"name":"Stanford University"}]},{"given":"Matthew","family":"Page","sequence":"additional","affiliation":[{"name":"Stanford University"}]},{"given":"Ben","family":"Pfaff","sequence":"additional","affiliation":[{"name":"Stanford University"}]},{"given":"Eu-Jin","family":"Goh","sequence":"additional","affiliation":[{"name":"Stanford University"}]},{"given":"Nagendra","family":"Modadugu","sequence":"additional","affiliation":[{"name":"Stanford University"}]},{"given":"Dan","family":"Boneh","sequence":"additional","affiliation":[{"name":"Stanford University"}]}],"member":"320","published-online":{"date-parts":[[2004,10,25]]},"reference":[{"issue":"14","key":"e_1_3_2_1_1_1","volume":"49","author":"One Aleph","year":"1996","unstructured":"Aleph One . Smashing the stack for fun and profit. Phrack Magazine 49 ( 14 ), Nov. 1996 . http:\/\/www.phrack.org\/phrack\/49\/P49-14]] Aleph One. Smashing the stack for fun and profit. Phrack Magazine 49(14), Nov. 1996. http:\/\/www.phrack.org\/phrack\/49\/P49-14]]","journal-title":"Phrack Magazine"},{"issue":"9","key":"e_1_3_2_1_2_1","volume":"57","author":"Anonymous","year":"2001","unstructured":"Anonymous . Once upon a free(). Phrack Magazine 57 ( 9 ), Aug. 2001 . http:\/\/www.phrack.org\/phrack\/57\/p57-0x09]] Anonymous. Once upon a free(). Phrack Magazine 57(9), Aug. 2001. http:\/\/www.phrack.org\/phrack\/57\/p57-0x09]]","journal-title":"Phrack Magazine"},{"key":"e_1_3_2_1_3_1","unstructured":"Apache Software Foundation. The Apache HTTP Server project. http:\/\/httpd.apache.org]]  Apache Software Foundation. The Apache HTTP Server project. http:\/\/httpd.apache.org]]"},{"key":"e_1_3_2_1_4_1","volume-title":"ASF bulletin","author":"Foundation Apache Software","year":"2002","unstructured":"Apache Software Foundation . ASF bulletin 2002 0617, June 2002. http:\/\/httpd.apache.org\/info\/security_bulletin_20020617.txt]] Apache Software Foundation. ASF bulletin 20020617, June 2002. http:\/\/httpd.apache.org\/info\/security_bulletin_20020617.txt]]"},{"key":"e_1_3_2_1_5_1","unstructured":"Apache Software Foundation.ASF bulletin 20020620 June 2002. http:\/\/httpd.apache.org\/info\/security_bulletin_20020620.txt]]  Apache Software Foundation.ASF bulletin 20020620 June 2002. http:\/\/httpd.apache.org\/info\/security_bulletin_20020620.txt]]"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948147"},{"key":"e_1_3_2_1_7_1","first-page":"105","volume-title":"Proc. 12th USENIX Sec. Symp.","author":"Bhatkar S.","year":"2003","unstructured":"S. Bhatkar , D. DuVarney , and R. Sekar . Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In V. Paxson, editor , Proc. 12th USENIX Sec. Symp. , pages 105 -- 120 . USENIX, Aug. 2003 .]] S. Bhatkar, D. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In V. Paxson, editor, Proc. 12th USENIX Sec. Symp., pages 105--20. USENIX, Aug. 2003.]]"},{"issue":"5","key":"e_1_3_2_1_8_1","volume":"56","author":"Bulba","year":"2000","unstructured":"Bulba and Kil3r. Bypassing StackGuard and StackShield. Phrack Magazine 56 ( 5 ), May 2000 . http:\/\/www.phrack.org\/phrack\/56\/p56-0x05]] Bulba and Kil3r. Bypassing StackGuard and StackShield. Phrack Magazine 56(5), May 2000. http:\/\/www.phrack.org\/phrack\/56\/p56-0x05]]","journal-title":"Bypassing StackGuard and StackShield. Phrack Magazine"},{"key":"e_1_3_2_1_9_1","unstructured":"CERT June 2002. http:\/\/www.cert.org\/advisories\/CA-2002-17.html]]  CERT June 2002. http:\/\/www.cert.org\/advisories\/CA-2002-17.html]]"},{"key":"e_1_3_2_1_10_1","volume-title":"Mar.","author":"CERT.","year":"2002","unstructured":"CERT. CERT advisory CA-2002-08: Multiple vulnerabilities in Oracle servers , Mar. 2002 . http:\/\/www.cert.org\/advisories\/CA-2002-08.html]] CERT. CERT advisory CA-2002-08: Multiple vulnerabilities in Oracle servers, Mar. 2002. http:\/\/www.cert.org\/advisories\/CA-2002-08.html]]"},{"key":"e_1_3_2_1_11_1","volume-title":"Jan.","author":"CERT.","year":"2003","unstructured":"CERT. CERT advisory CA-2003-04: MS-SQLServer worm , Jan. 2003 . http:\/\/www.cert.org\/advisories\/CA-2003-04.html]] CERT. CERT advisory CA-2003-04: MS-SQLServer worm, Jan. 2003. http:\/\/www.cert.org\/advisories\/CA-2003-04.html]]"},{"key":"e_1_3_2_1_13_1","first-page":"91","volume-title":"Proc. 12th USENIX Sec. Symp.","author":"Cowan C.","year":"2003","unstructured":"C. Cowan , S. Beattie , J. Johansen , and P. Wagle . PointGuard: Protecting pointers from buffer over flow vulnerabilities. In V. Paxson, editor , Proc. 12th USENIX Sec. Symp. , pages 91 -- 104 . USENIX, Aug. 2003 .]] C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting pointers from buffer over flow vulnerabilities. In V. Paxson, editor, Proc. 12th USENIX Sec. Symp., pages 91--104. USENIX, Aug. 2003.]]"},{"key":"e_1_3_2_1_14_1","first-page":"63","volume-title":"Proc. 7th USENIX Sec. Symp.","author":"Cowan C.","year":"1998","unstructured":"C. Cowan , C. Pu , D. Maier , H. Hinton , P. Bakke , S. Beattie , A. Grier , P. Wagle , and Q. Zhang . StackGuard: Automatic detection and prevention of buffer-overflow attacks. In A. Rubin, editor , Proc. 7th USENIX Sec. Symp. , pages 63 -- 78 . USENIX, Jan. 1998 .]] C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. StackGuard: Automatic detection and prevention of buffer-overflow attacks. In A. Rubin, editor, Proc. 7th USENIX Sec. Symp., pages 63--78. USENIX, Jan. 1998.]]"},{"issue":"9","key":"e_1_3_2_1_15_1","volume":"59","author":"Durden T.","year":"2002","unstructured":"T. Durden . Bypassing PaX ASLR protect on. Phrack Magazine 59 ( 9 ), June 2002 . http:\/\/www.phrack.org\/phrack\/59\/p59-0x09]] T. Durden. Bypassing PaX ASLR protect on. Phrack Magazine 59(9),June 2002. http:\/\/www.phrack.org\/phrack\/59\/p59-0x09]]","journal-title":"Phrack Magazine"},{"key":"e_1_3_2_1_16_1","unstructured":"H. Etoh and K. Yoda. ProPolice: Improved stack-smashing attack detect on. IPSJ SIGNotes Computer SECurity 014(025) Oct.2001. http:\/\/www.trl.ibm.com\/projects\/security\/ssp]]  H. Etoh and K. Yoda. ProPolice: Improved stack-smashing attack detect on. IPSJ SIGNotes Computer SECurity 014(025) Oct.2001. http:\/\/www.trl.ibm.com\/projects\/security\/ssp]]"},{"key":"e_1_3_2_1_17_1","volume-title":"Feb.","author":"CIRC.","year":"2003","unstructured":"Fed CIRC. BotNets: Detect on and mitigation , Feb. 2003 . http:\/\/www.fedcirc.gov\/library\/documents\/botNetsv32.doc]] FedCIRC. BotNets: Detect on and mitigation, Feb. 2003. http:\/\/www.fedcirc.gov\/library\/documents\/botNetsv32.doc]]"},{"key":"e_1_3_2_1_18_1","first-page":"67","volume-title":"Proc. 6th Work. Hot Topics in Operating Sys. HotOS 1997","author":"Forrest S.","year":"1997","unstructured":"S. Forrest , A. Somayaji , and D. Ackley . Building diverse computer systems. In J. Mogul, editor , Proc. 6th Work. Hot Topics in Operating Sys. HotOS 1997 . pages 67 -- 72 . IEEE Computer Society , May 1997 .]] S. Forrest, A. Somayaji, and D. Ackley. Building diverse computer systems. In J. Mogul, editor, Proc. 6th Work. Hot Topics in Operating Sys. HotOS 1997. pages 67--72. IEEE Computer Society, May 1997.]]"},{"key":"e_1_3_2_1_19_1","volume-title":"Comp. and Comm. Ind. Assn.","author":"Geer D.","year":"2003","unstructured":"D. Geer , R. Bace , P. Gutmann , P. Metzger , C. Pfleeger , J. Quarterman , and B. Schneier . Cybersecurity: The cost of monopoly--how the dominance of Microsoft 's products poses a risk to security. Technical report , Comp. and Comm. Ind. Assn. , 2003 .]] D. Geer, R. Bace, P. Gutmann, P. Metzger, C. Pfleeger, J. Quarterman, and B. Schneier. Cybersecurity: The cost of monopoly--how the dominance of Microsoft 's products poses a risk to security. Technical report, Comp. and Comm. Ind. Assn., 2003.]]"},{"issue":"8","key":"e_1_3_2_1_20_1","volume":"57","author":"Kaempf M.","year":"2001","unstructured":"M. Kaempf . Vudo malloc tricks. Phrack Magazine 57 ( 8 ), Aug. 2001 . http:\/\/www.phrack.org\/phrack\/57\/p57-0x08]] M. Kaempf. Vudo malloc tricks. Phrack Magazine 57(8), Aug. 2001. http:\/\/www.phrack.org\/phrack\/57\/p57-0x08]]","journal-title":"Phrack Magazine"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"e_1_3_2_1_22_1","unstructured":"D. Litchfield. Hackproofing Oracle Application Server Jan. 2002. http:\/\/www.nextgenss.com\/papers\/hpoas.pdf]]  D. Litchfield. Hackproofing Oracle Application Server Jan. 2002. http:\/\/www.nextgenss.com\/papers\/hpoas.pdf]]"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MDSO.2004.7"},{"issue":"4","key":"e_1_3_2_1_24_1","volume":"58","author":"The","year":"2001","unstructured":"Nergal. The advanced return-nto-lib(c)exploits (PaX case study). Phrack Magazine 58 ( 4 ), Dec. 2001 . http:\/\/www.phrack.org\/phrack\/58\/p58-0x04]] Nergal. The advanced return-nto-lib(c)exploits (PaX case study). Phrack Magazine 58(4), Dec. 2001. http:\/\/www.phrack.org\/phrack\/58\/p58-0x04]]","journal-title":"Phrack Magazine"},{"key":"e_1_3_2_1_25_1","first-page":"185","volume-title":"Proc. 16th Systems Administration Conf. --LISA 2002","author":"Patterson D.","year":"2002","unstructured":"D. Patterson . A simple way to estimate the cost of downtime. In A. Couch, edtor , Proc. 16th Systems Administration Conf. --LISA 2002 pages 185 -- 188 . USENIX, Nov. 2002 .]] D. Patterson. A simple way to estimate the cost of downtime. In A. Couch, edtor, Proc. 16th Systems Administration Conf. --LISA 2002 pages 185--8. USENIX, Nov. 2002.]]"},{"key":"e_1_3_2_1_26_1","unstructured":"PaX Team. PaX. http:\/\/pax.grsecurity.net]]  PaX Team. PaX. http:\/\/pax.grsecurity.net]]"},{"key":"e_1_3_2_1_27_1","unstructured":"PaX Team. PaX address space layout randomization (ASLR). http:\/\/pax.grsecurity.net\/docs\/aslr.txt]]  PaX Team. PaX address space layout randomization (ASLR). http:\/\/pax.grsecurity.net\/docs\/aslr.txt]]"},{"key":"e_1_3_2_1_28_1","unstructured":"Scut\/team teso. Exploiting format string vulnerabilities. http:\/\/www.team-teso.net 2001.]]  Scut\/team teso. Exploiting format string vulnerabilities. http:\/\/www.team-teso.net 2001.]]"},{"key":"e_1_3_2_1_29_1","unstructured":"Solar Designer. StackPatch. http:\/\/www.openwall.com\/linux]]  Solar Designer. StackPatch. http:\/\/www.openwall.com\/linux]]"},{"key":"e_1_3_2_1_30_1","unstructured":"Solar Designer.\"return-to-libc\" attack. Bugtraq Aug. 1997.]]  Solar Designer.\"return-to-libc\" attack. Bugtraq Aug. 1997.]]"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720288"},{"key":"e_1_3_2_1_32_1","unstructured":"Vendicator. StackShield. http:\/\/www.angelfire.com\/sk\/stackshield]]  Vendicator. StackShield. http:\/\/www.angelfire.com\/sk\/stackshield]]"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","first-page":"260","DOI":"10.1109\/RELDIS.2003.1238076","volume-title":"Proc. 22nd Symp. on Reliable Distributed Systems --SRDS 2003","author":"Xu J.","year":"2003","unstructured":"J. Xu , Z. Kalbarczyk , and R. Iyer . Transparent runtime randomization for security. In A. Fantechi, editor , Proc. 22nd Symp. on Reliable Distributed Systems --SRDS 2003 pages 260 -- 269 . IEEE Computer Society , Oct. 2003 .]] J. Xu, Z. Kalbarczyk, and R. Iyer. Transparent runtime randomization for security. In A. Fantechi, editor, Proc. 22nd Symp. on Reliable Distributed Systems --SRDS 2003 pages 260--9. IEEE Computer Society, Oct. 2003.]]"},{"key":"e_1_3_2_1_34_1","volume-title":"Proc. USENIX","author":"Yarvin C.","year":"1993","unstructured":"C. Yarvin , R. Bukowski , and T. Anderson . Anonymous RPC: Low-latency protection in a 64-bit address space . In Proc. USENIX Summer 1993 Technical Conf., pages 175--86. USENIX , June 1993.]] C. Yarvin, R. Bukowski, and T. Anderson. Anonymous RPC: Low-latency protection in a 64-bit address space. In Proc. USENIX Summer 1993 Technical Conf., pages 175--86. USENIX, June 1993.]]"},{"key":"e_1_3_2_1_35_1","unstructured":"M. Zalewski. Remote vulnerability in SSH daemon CRC32 compression attack detector Feb. 2001. http:\/\/www.bindview.com\/Support\/RAZOR\/Advisories\/2001\/adv_ssh1crc.cfm]]  M. Zalewski. Remote vulnerability in SSH daemon CRC32 compression attack detector Feb. 2001. http:\/\/www.bindview.com\/Support\/RAZOR\/Advisories\/2001\/adv_ssh1crc.cfm]]"}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","location":"Washington DC USA","acronym":"CCS04","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 11th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030124","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1030083.1030124","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:25:07Z","timestamp":1750263907000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030124"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004,10,25]]},"references-count":34,"alternative-id":["10.1145\/1030083.1030124","10.1145\/1030083"],"URL":"https:\/\/doi.org\/10.1145\/1030083.1030124","relation":{},"subject":[],"published":{"date-parts":[[2004,10,25]]},"assertion":[{"value":"2004-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}