{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T10:03:41Z","timestamp":1773655421960,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,3,22]],"date-time":"2011-03-22T00:00:00Z","timestamp":1300752000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,3,22]]},"DOI":"10.1145\/1966913.1966920","type":"proceedings-article","created":{"date-parts":[[2011,4,7]],"date-time":"2011-04-07T09:36:11Z","timestamp":1302168971000},"page":"40-51","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":159,"title":["ROPdefender"],"prefix":"10.1145","author":[{"given":"Lucas","family":"Davi","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"}]},{"given":"Ahmad-Reza","family":"Sadeghi","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"}]},{"given":"Marcel","family":"Winandy","sequence":"additional","affiliation":[{"name":"Ruhr-Universit\u00e4t Bochum, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2011,3,22]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_3_2_1_2_1","first-page":"75","volume-title":"OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation","author":"Abadi M.","year":"2006","unstructured":"M. Abadi , M. Budiu , U. Erlingsson , G. C. Necula , and M. Vrable . XFI: software guards for system address spaces . In OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation , pages 75 -- 88 . USENIX Association , 2006 . M. Abadi, M. Budiu, U. Erlingsson, G. C. Necula, and M. Vrable. XFI: software guards for system address spaces. In OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation, pages 75--88. USENIX Association, 2006."},{"key":"e_1_3_2_1_3_1","unstructured":"Adobe Systems. Security Advisory for Flash Player Adobe Reader and Acrobat: CVE-2010-1297. http:\/\/www.adobe.com\/support\/security\/advisories\/apsa10-01.html 2010.  Adobe Systems. Security Advisory for Flash Player Adobe Reader and Acrobat: CVE-2010-1297. http:\/\/www.adobe.com\/support\/security\/advisories\/apsa10-01.html 2010."},{"issue":"14","key":"e_1_3_2_1_4_1","article-title":"Smashing the stack for fun and profit","volume":"49","author":"One Aleph","year":"1996","unstructured":"Aleph One . Smashing the stack for fun and profit . Phrack Magazine , 49 ( 14 ), 1996 . Aleph One. Smashing the stack for fun and profit. Phrack Magazine, 49(14), 1996.","journal-title":"Phrack Magazine"},{"issue":"9","key":"e_1_3_2_1_5_1","article-title":"Once upon a free()","volume":"57","author":"Anonymous","year":"2001","unstructured":"Anonymous . Once upon a free() . Phrack Magazine , 57 ( 9 ), 2001 . Anonymous. Once upon a free(). Phrack Magazine, 57(9), 2001.","journal-title":"Phrack Magazine"},{"key":"e_1_3_2_1_6_1","unstructured":"Phrack Magazine 2002 60 10 Basic integer overflows"},{"key":"e_1_3_2_1_7_1","unstructured":"D. L. Bruening. Efficient transparent and comprehensive runtime code manipulation. http:\/\/groups.csail.mit.edu\/cag\/rio\/derek-phd-thesis.pdf 2004. PhD thesis M.I.T.   D. L. Bruening. Efficient transparent and comprehensive runtime code manipulation. http:\/\/groups.csail.mit.edu\/cag\/rio\/derek-phd-thesis.pdf 2004. PhD thesis M.I.T."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455776"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1177\/109434200001400404"},{"key":"e_1_3_2_1_10_1","first-page":"15","volume-title":"Proceedings of USENIX 2004 Annual Technical Conference","author":"Cantrill B. M.","year":"2004","unstructured":"B. M. Cantrill , M. W. Shapiro , and A. H. Leventhal . Dynamic instrumentation of production systems . In Proceedings of USENIX 2004 Annual Technical Conference , pages 15 -- 28 . USENIX Association , 2004 . B. M. Cantrill, M. W. Shapiro, and A. H. Leventhal. Dynamic instrumentation of production systems. In Proceedings of USENIX 2004 Annual Technical Conference, pages 15--28. USENIX Association, 2004."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of EVT\/WOTE 2009","author":"Checkoway S.","year":"2009","unstructured":"S. Checkoway , A. J. Feldman , B. Kantor , J. A. Halderman , E. W. Felten , and H. Shacham . Can DREs provide long-lasting security? The case of return-oriented programming and the AVC advantage . In Proceedings of EVT\/WOTE 2009 , 2009 . S. Checkoway, A. J. Feldman, B. Kantor, J. A. Halderman, E. W. Felten, and H. Shacham. Can DREs provide long-lasting security? The case of return-oriented programming and the AVC advantage. In Proceedings of EVT\/WOTE 2009, 2009."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10772-6_13"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/1940366.1940380"},{"key":"e_1_3_2_1_15_1","first-page":"409","volume-title":"International Conference on Distributed Computing Systems","author":"Chiueh T.","year":"2001","unstructured":"T. Chiueh and F.-H. Hsu . RAD : A compile-time solution to buffer overflow attacks . In International Conference on Distributed Computing Systems , pages 409 -- 417 . IEEE Computer Society , 2001 . T. Chiueh and F.-H. Hsu. RAD: A compile-time solution to buffer overflow attacks. In International Conference on Distributed Computing Systems, pages 409--417. IEEE Computer Society, 2001."},{"key":"e_1_3_2_1_16_1","first-page":"211","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Chiueh T.","year":"2003","unstructured":"T. Chiueh and M. Prasad . A binary rewriting defense against stack based overflow attacks . In Proceedings of the USENIX Annual Technical Conference , pages 211 -- 224 . USENIX Association , 2003 . T. Chiueh and M. Prasad. A binary rewriting defense against stack based overflow attacks. In Proceedings of the USENIX Annual Technical Conference, pages 211--224. USENIX Association, 2003."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273490"},{"key":"e_1_3_2_1_18_1","first-page":"91","volume-title":"SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium","author":"Cowan C.","year":"2003","unstructured":"C. Cowan , S. Beattie , J. Johansen , and P. Wagle . Pointguard TM: protecting pointers from buffer overflow vulnerabilities . In SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium , pages 91 -- 104 . USENIX Association , 2003 . C. Cowan, S. Beattie, J. Johansen, and P. Wagle. Pointguard TM: protecting pointers from buffer overflow vulnerabilities. In SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium, pages 91--104. USENIX Association, 2003."},{"key":"e_1_3_2_1_19_1","first-page":"63","volume-title":"SSYM'98: Proceedings of the 7th conference on USENIX Security Symposium","author":"Cowan C.","year":"1998","unstructured":"C. Cowan , C. Pu , D. Maier , H. Hintony , J. Walpole , P. Bakke , S. Beattie , A. Grier , P. Wagle , and Q. Zhang . StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks . In SSYM'98: Proceedings of the 7th conference on USENIX Security Symposium , pages 63 -- 78 . USENIX Association , 1998 . C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In SSYM'98: Proceedings of the 7th conference on USENIX Security Symposium, pages 63--78. USENIX Association, 1998."},{"key":"e_1_3_2_1_20_1","volume-title":"SOURCE Boston 2010","author":"Zovi D. Dai","year":"2010","unstructured":"D. Dai Zovi . Practical return-oriented programming . SOURCE Boston 2010 , Apr. 2010 . Presentation. Slides : http:\/\/trailofbits.files.wordpress.com\/2010\/04\/practical-rop.pdf. D. Dai Zovi. Practical return-oriented programming. SOURCE Boston 2010, Apr. 2010. Presentation. Slides: http:\/\/trailofbits.files.wordpress.com\/2010\/04\/practical-rop.pdf."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655108.1655117"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/1925004.1925012"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455775"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655077.1655083"},{"key":"e_1_3_2_1_26_1","first-page":"55","volume-title":"SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium","author":"Frantzen M.","year":"2001","unstructured":"M. Frantzen and M. Shuey . StackGhost: Hardware facilitated stack protection . In SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium , pages 55 -- 66 . USENIX Association , 2001 . M. Frantzen and M. Shuey. StackGhost: Hardware facilitated stack protection. In SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium, pages 55--66. USENIX Association, 2001."},{"key":"e_1_3_2_1_27_1","unstructured":"Phrack Magazine 2002 59 12 Advances in format string exploitation"},{"key":"e_1_3_2_1_28_1","volume-title":"http:\/\/www.theregister.co.uk\/2010\/08\/30\/apple_quicktime_critical_vuln\/","author":"Goodin D.","year":"2010","unstructured":"D. Goodin . Apple quicktime backdoor creates code-execution peril. http:\/\/www.theregister.co.uk\/2010\/08\/30\/apple_quicktime_critical_vuln\/ , 2010 . D. Goodin. Apple quicktime backdoor creates code-execution peril. http:\/\/www.theregister.co.uk\/2010\/08\/30\/apple_quicktime_critical_vuln\/, 2010."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1138912.1138926"},{"key":"e_1_3_2_1_30_1","unstructured":"J. Halliday. Jailbreakme released for apple devices. http:\/\/www.guardian.co.uk\/technology\/blog\/2010\/aug\/02\/jailbreakme-released-apple-devices-legal Aug. 2010.  J. Halliday. Jailbreakme released for apple devices. http:\/\/www.guardian.co.uk\/technology\/blog\/2010\/aug\/02\/jailbreakme-released-apple-devices-legal Aug. 2010."},{"key":"e_1_3_2_1_31_1","unstructured":"M. Howard and M. Thomlinson. Windows vista isv security. http:\/\/msdn.microsoft.com\/en-us\/library\/bb430720.aspx Apr. 2007.  M. Howard and M. Thomlinson. Windows vista isv security. http:\/\/msdn.microsoft.com\/en-us\/library\/bb430720.aspx Apr. 2007."},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 18th USENIX Security Symposium. USENIX Association","author":"Hund R.","year":"2009","unstructured":"R. Hund , T. Holz , and F. C. Freiling . Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms . In Proceedings of the 18th USENIX Security Symposium. USENIX Association , 2009 . R. Hund, T. Holz, and F. C. Freiling. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th USENIX Security Symposium. USENIX Association, 2009."},{"key":"e_1_3_2_1_33_1","unstructured":"Intel Corporation. Intel 64 and ia-32 architectures software developer's manuals. http:\/\/www.intel.com\/products\/processor\/manuals\/.  Intel Corporation. Intel 64 and ia-32 architectures software developer's manuals. http:\/\/www.intel.com\/products\/processor\/manuals\/."},{"key":"e_1_3_2_1_34_1","unstructured":"Intel Parallel Studio. http:\/\/software.intel.com\/en-us\/intel-parallel-studio-home\/.  Intel Parallel Studio. http:\/\/software.intel.com\/en-us\/intel-parallel-studio-home\/."},{"key":"e_1_3_2_1_35_1","volume-title":"Mar","author":"Iozzo V.","year":"2010","unstructured":"V. Iozzo and R.-P. Weinmann . Ralf-Philipp Weinmann & Vincenzo Iozzo own the iPhone at PWN2OWN. http:\/\/blog.zynamics.com\/2010\/03\/24\/ralf-philipp-weinmann-vincenzo-iozzo-own-the-iphone-at-pwn2own\/ , Mar 2010 . V. Iozzo and R.-P. Weinmann. Ralf-Philipp Weinmann & Vincenzo Iozzo own the iPhone at PWN2OWN. http:\/\/blog.zynamics.com\/2010\/03\/24\/ralf-philipp-weinmann-vincenzo-iozzo-own-the-iphone-at-pwn2own\/, Mar 2010."},{"key":"e_1_3_2_1_36_1","unstructured":"jduck. The latest adobe exploit and session upgrading. http:\/\/blog.metasploit.com\/2010\/03\/latest-adobe-exploit-and-session.html 2010.  jduck. The latest adobe exploit and session upgrading. http:\/\/blog.metasploit.com\/2010\/03\/latest-adobe-exploit-and-session.html 2010."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720293"},{"key":"e_1_3_2_1_38_1","unstructured":"T. Kornau. Return oriented programming for the ARM architecture. http:\/\/zynamics.com\/downloads\/kornau-tim--diplomarbeit--rop.pdf 2009. Master thesis Ruhr-University Bochum Germany.  T. Kornau. Return oriented programming for the ARM architecture. http:\/\/zynamics.com\/downloads\/kornau-tim--diplomarbeit--rop.pdf 2009. Master thesis Ruhr-University Bochum Germany."},{"key":"e_1_3_2_1_39_1","volume-title":"Black Hat USA","author":"Le L.","year":"2010","unstructured":"L. Le . Payload already inside: data re-use for ROP exploits . In Black Hat USA , July 2010 . L. Le. Payload already inside: data re-use for ROP exploits. In Black Hat USA, July 2010."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755934"},{"key":"e_1_3_2_1_41_1","unstructured":"F. Lindner. Developments in Cisco IOS forensics. CONFidence 2.0. http:\/\/www.recurity-labs.com\/content\/pub\/FX_Router_Exploitation.pdf Nov. 2009.  F. Lindner. Developments in Cisco IOS forensics. CONFidence 2.0. http:\/\/www.recurity-labs.com\/content\/pub\/FX_Router_Exploitation.pdf Nov. 2009."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"e_1_3_2_1_43_1","unstructured":"Microsoft. Data Execution Prevention (DEP). http:\/\/support.microsoft.com\/kb\/875352\/EN-US\/ 2006.  Microsoft. Data Execution Prevention (DEP). http:\/\/support.microsoft.com\/kb\/875352\/EN-US\/ 2006."},{"issue":"4","key":"e_1_3_2_1_44_1","article-title":"The advanced return-into-lib(c) exploits: PaX case study","volume":"58","author":"Nergal","year":"2001","unstructured":"Nergal . The advanced return-into-lib(c) exploits: PaX case study . Phrack Magazine , 58 ( 4 ), 2001 . Nergal. The advanced return-into-lib(c) exploits: PaX case study. Phrack Magazine, 58(4), 2001.","journal-title":"Phrack Magazine"},{"key":"e_1_3_2_1_45_1","volume-title":"http:\/\/valgrind.org\/docs\/phd2004.pdf","author":"Nethercote N.","year":"2004","unstructured":"N. Nethercote . Dynamic binary analysis and instrumentation. http:\/\/valgrind.org\/docs\/phd2004.pdf , 2004 . PhD thesis, University of Cambridge . N. Nethercote. Dynamic binary analysis and instrumentation. http:\/\/valgrind.org\/docs\/phd2004.pdf, 2004. PhD thesis, University of Cambridge."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273442.1250746"},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of the Network and Distributed Security Symposium","author":"Newsome J.","year":"2005","unstructured":"J. Newsome and D. Song . Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software . In Proceedings of the Network and Distributed Security Symposium , 2005 . J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed Security Symposium, 2005."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920269"},{"key":"e_1_3_2_1_49_1","unstructured":"PaX Team. http:\/\/pax.grsecurity.net\/.  PaX Team. http:\/\/pax.grsecurity.net\/."},{"key":"e_1_3_2_1_50_1","volume-title":"http:\/\/www.thetechherald.com\/article.php\/201036\/6128\/","author":"Ragan S.","year":"2010","unstructured":"S. Ragan . Adobe confirms zero-day - rop used to bypass windows defenses. http:\/\/www.thetechherald.com\/article.php\/201036\/6128\/ , 2010 . S. Ragan. Adobe confirms zero-day - rop used to bypass windows defenses. http:\/\/www.thetechherald.com\/article.php\/201036\/6128\/, 2010."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.16"},{"key":"e_1_3_2_1_52_1","unstructured":"H. Security. Pwn2Own 2009: Safari IE 8 and Firefox exploited. http:\/\/www.h-online.com\/security\/news\/item\/Pwn2Own-2009-Safari-IE-8--and-Firefox-exploited-740663.html 2010.  H. Security. Pwn2Own 2009: Safari IE 8 and Firefox exploited. http:\/\/www.h-online.com\/security\/news\/item\/Pwn2Own-2009-Safari-IE-8--and-Firefox-exploited-740663.html 2010."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_3_2_1_55_1","unstructured":"S. Sinnadurai Q. Zhao and W. fai Wong. Transparent runtime shadow stack: Protection against malicious return address modifications. http:\/\/citeseerx.ist.psu.edu\/viewdoc\/summary?doi=10.1.1.120.5702 2008.  S. Sinnadurai Q. Zhao and W. fai Wong. Transparent runtime shadow stack: Protection against malicious return address modifications. http:\/\/citeseerx.ist.psu.edu\/viewdoc\/summary?doi=10.1.1.120.5702 2008."},{"key":"e_1_3_2_1_56_1","unstructured":"Solar Designer. \"return-to-libc\" attack. Bugtraq 1997.  Solar Designer. \"return-to-libc\" attack. Bugtraq 1997."},{"key":"e_1_3_2_1_57_1","unstructured":"A. Sotirov and M. Dowd. Bypassing browser memory protections in Windows Vista. http:\/\/www.phreedom.org\/research\/bypassing-browser-memory-protections\/ Aug. 2008. Presented at Black Hat 2008.  A. Sotirov and M. Dowd. Bypassing browser memory protections in Windows Vista. http:\/\/www.phreedom.org\/research\/bypassing-browser-memory-protections\/ Aug. 2008. Presented at Black Hat 2008."},{"key":"e_1_3_2_1_58_1","unstructured":"SPEC Standard Performance Evaluation Corporation. http:\/\/www.spec.org.  SPEC Standard Performance Evaluation Corporation. http:\/\/www.spec.org."},{"key":"e_1_3_2_1_59_1","unstructured":"Vendicator. Stack Shield: A \"stack smashing\" technique protection tool for Linux. http:\/\/www.angelfire.com\/sk\/stackshield.  Vendicator. Stack Shield: A \"stack smashing\" technique protection tool for Linux. http:\/\/www.angelfire.com\/sk\/stackshield."},{"key":"e_1_3_2_1_60_1","unstructured":"P. Vreugdenhil. Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit. http:\/\/vreugdenhilresearch.nl\/Pwn2Own-2010-Windows7-InternetExplorer8.pdf 2010.  P. Vreugdenhil. Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit. http:\/\/vreugdenhilresearch.nl\/Pwn2Own-2010-Windows7-InternetExplorer8.pdf 2010."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"}],"event":{"name":"ASIA CCS '11: 6th ACM Symposium on Information, Compuer and Communications Security","location":"Hong Kong China","acronym":"ASIA CCS '11","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1966913.1966920","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1966913.1966920","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:52:25Z","timestamp":1750243945000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1966913.1966920"}},"subtitle":["a detection tool to defend against return-oriented programming attacks"],"short-title":[],"issued":{"date-parts":[[2011,3,22]]},"references-count":60,"alternative-id":["10.1145\/1966913.1966920","10.1145\/1966913"],"URL":"https:\/\/doi.org\/10.1145\/1966913.1966920","relation":{},"subject":[],"published":{"date-parts":[[2011,3,22]]},"assertion":[{"value":"2011-03-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}