{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T14:23:19Z","timestamp":1775053399738,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,4,13]],"date-time":"2010-04-13T00:00:00Z","timestamp":1271116800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,4,13]]},"DOI":"10.1145\/1755913.1755934","type":"proceedings-article","created":{"date-parts":[[2010,4,27]],"date-time":"2010-04-27T12:45:48Z","timestamp":1272372348000},"page":"195-208","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":105,"title":["Defeating return-oriented rootkits with \"\n            <i>Return-Less<\/i>\n            \" kernels"],"prefix":"10.1145","author":[{"given":"Jinku","family":"Li","sequence":"first","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]},{"given":"Zhi","family":"Wang","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]},{"given":"Michael","family":"Grace","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]},{"given":"Sina","family":"Bahram","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]}],"member":"320","published-online":{"date-parts":[[2010,4,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Driver Signing Requirements for Windows. http:\/\/www.microsoft.com\/whdc\/winlogo\/drvsign\/drvsign.mspx.  Driver Signing Requirements for Windows. http:\/\/www.microsoft.com\/whdc\/winlogo\/drvsign\/drvsign.mspx."},{"key":"e_1_3_2_1_2_1","unstructured":"The LLVM Target-Independent Code Generator. http:\/\/llvm.org\/docs\/CodeGenerator.html.  The LLVM Target-Independent Code Generator. http:\/\/llvm.org\/docs\/CodeGenerator.html."},{"key":"e_1_3_2_1_3_1","unstructured":"W^X. http:\/\/en.wikipedia.org\/wiki\/W^ X.  W^X. http:\/\/en.wikipedia.org\/wiki\/W^ X."},{"key":"e_1_3_2_1_4_1","unstructured":"Peephole Optimization. http:\/\/en.wikipedia.org\/wiki\/Peephole optimization.  Peephole Optimization. http:\/\/en.wikipedia.org\/wiki\/Peephole optimization."},{"key":"e_1_3_2_1_5_1","unstructured":"Xinu. http:\/\/en.wikipedia.org\/wiki\/Xinu.  Xinu. http:\/\/en.wikipedia.org\/wiki\/Xinu."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_3_2_1_7_1","volume-title":"September","author":"Manual Architecture Programmers","year":"2007","unstructured":"AMD64 Architecture Programmers Manual Volume 3 : General-Purpose and System Instructions. Advanced Micro Devices, 3.14 edition , September 2007 . AMD64 Architecture Programmers Manual Volume 3: General-Purpose and System Instructions. Advanced Micro Devices, 3.14 edition, September 2007."},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the 18th USENIX Security Symposium","author":"Akritidis P.","year":"2009","unstructured":"P. Akritidis , M. Costa , M. Castro , and S. Hand . Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors . In Proceedings of the 18th USENIX Security Symposium , August 2009 . P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors. In Proceedings of the 18th USENIX Security Symposium, August 2009."},{"key":"e_1_3_2_1_9_1","unstructured":"Apache. Apache HTTP Server Project. http:\/\/httpd.apache.org\/.  Apache. Apache HTTP Server Project. http:\/\/httpd.apache.org\/."},{"key":"e_1_3_2_1_10_1","unstructured":"ApacheBench. http:\/\/httpd.apache.org\/docs\/2.2\/programs\/ab.html.  ApacheBench. http:\/\/httpd.apache.org\/docs\/2.2\/programs\/ab.html."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455776"},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation","author":"Castro M.","year":"2006","unstructured":"M. Castro , M. Costa , and T. Harris . Securing Software by Enforcing Data-Flow Integrity . In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation , November 2006 . M. Castro, M. Costa, and T. Harris. Securing Software by Enforcing Data-Flow Integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, November 2006."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/2245737.2245881"},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 7th USENIX Security Symposium","author":"Cowan C.","year":"1998","unstructured":"C. Cowan , C. Pu , D. Maier , J. Walpole , P. Bakke , S. Beattie , A. Grier , P. Wagle , Q. Zhang , and H. Hinton . StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks . In Proceedings of the 7th USENIX Security Symposium , January 1998 . C. Cowan, C. Pu, D.Maier, J.Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In Proceedings of the 7th USENIX Security Symposium, January 1998."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855768.1855774"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134309"},{"key":"e_1_3_2_1_17_1","unstructured":"H. Etoh. GCC extension for protecting applications from stack--smashing attacks. http:\/\/www.trl.ibm.com\/projects\/security\/ssp\/.  H. Etoh. GCC extension for protecting applications from stack--smashing attacks. http:\/\/www.trl.ibm.com\/projects\/security\/ssp\/."},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 10th Annual Network & Distributed System Security Symposium","author":"Garfinkel T.","year":"2003","unstructured":"T. Garfinkel and M. Rosenblum . A Virtual Machine Introspection Based Architecture for Intrusion Detection . In Proceedings of the 10th Annual Network & Distributed System Security Symposium , February 2003 . T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the 10th Annual Network & Distributed System Security Symposium, February 2003."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 18th USENIX Security Symposium","author":"Hund R.","year":"2009","unstructured":"R. Hund , T. Holz , and F. C. Freiling . Return-Oriented Rootkits: Bypasssing Kernel Code Integrity Protection Mechanisms . In Proceedings of the 18th USENIX Security Symposium , August 2009 . R. Hund, T. Holz, and F. C. Freiling. Return-Oriented Rootkits: Bypasssing Kernel Code Integrity Protection Mechanisms. In Proceedings of the 18th USENIX Security Symposium, August 2009."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 2002 USENIX Annual Technical Conference","author":"Jim T.","year":"2002","unstructured":"T. Jim , J. G. Morrisett , D. Grossman , M. W. Hicks , J. Cheney , and Y. Wang . Cyclone: A Safe Dialect of C . In Proceedings of the 2002 USENIX Annual Technical Conference , June 2002 . T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720293"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.19"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 16th Annual Network & Distributed System Security Symposium","author":"Lanzi A.","year":"2009","unstructured":"A. Lanzi , M. Sharif , and W. Lee . K-Tracer: A System for Extracting Kernel Malware Behavior . In Proceedings of the 16th Annual Network & Distributed System Security Symposium , February 2009 . A. Lanzi, M. Sharif, and W. Lee. K-Tracer: A System for Extracting Kernel Malware Behavior. In Proceedings of the 16th Annual Network & Distributed System Security Symposium, February 2009."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/977395.977673"},{"key":"e_1_3_2_1_26_1","unstructured":"LMbench. LMbench -- Tools for Performance Analysis. http:\/\/www.bitmover.com\/lmbench\/lmbench.html\/.  LMbench. LMbench -- Tools for Performance Analysis. http:\/\/www.bitmover.com\/lmbench\/lmbench.html\/."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/364995.365000"},{"key":"e_1_3_2_1_28_1","volume-title":"The Design and Implementation of the FreeBSD Operating System","author":"McKusick M. K.","year":"2004","unstructured":"M. K. McKusick and G. V. Neville-Neil . The Design and Implementation of the FreeBSD Operating System . Addison-Wesley Professional , 2004 . ISBN 0-201-70245-2. M. K. McKusick and G. V. Neville-Neil. The Design and Implementation of the FreeBSD Operating System. Addison-Wesley Professional, 2004. ISBN 0-201-70245-2."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542504"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065887.1065892"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315260"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251375.1251388"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the 15th USENIX Security Symposium","author":"Petroni J. Nick L.","year":"2006","unstructured":"J. Nick L. Petroni , T. Fraser , A. Walters , and W. A. Arbaugh . An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data . In Proceedings of the 15th USENIX Security Symposium , July 2006 . J. Nick L. Petroni, T. Fraser, A. Walters, and W. A. Arbaugh. An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In Proceedings of the 15th USENIX Security Symposium, July 2006."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2006.166"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/11690634_6"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/330249.330250"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/1433006.1433008"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519072"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1508293.1508311"},{"key":"e_1_3_2_1_43_1","unstructured":"Vendicator. Stack Shield: A \"stack smashing\" technique protection tool for Linux. http:\/\/www.angelfire.com\/sk\/stackshield\/info.html.  Vendicator. Stack Shield: A \"stack smashing\" technique protection tool for Linux. http:\/\/www.angelfire.com\/sk\/stackshield\/info.html."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2005.39"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653728"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542452.1542461"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"e_1_3_2_1_48_1","volume-title":"Proceedings of the 16th Annual Network & Distributed System Security Symposium","author":"Yin H.","year":"2008","unstructured":"H. Yin , Z. Liang , and D. Song . HookFinder: Identifying and Understanding Malware Hooking Behaviors . In Proceedings of the 16th Annual Network & Distributed System Security Symposium , February 2008 . H. Yin, Z. Liang, and D. Song. HookFinder: Identifying and Understanding Malware Hooking Behaviors. In Proceedings of the 16th Annual Network & Distributed System Security Symposium, February 2008."}],"event":{"name":"EuroSys '10: Fifth EuroSys Conference 2010","location":"Paris France","acronym":"EuroSys '10","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 5th European conference on Computer systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1755913.1755934","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1755913.1755934","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:45:34Z","timestamp":1750250734000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1755913.1755934"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,4,13]]},"references-count":48,"alternative-id":["10.1145\/1755913.1755934","10.1145\/1755913"],"URL":"https:\/\/doi.org\/10.1145\/1755913.1755934","relation":{},"subject":[],"published":{"date-parts":[[2010,4,13]]},"assertion":[{"value":"2010-04-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}