{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:41:39Z","timestamp":1762004499302,"version":"3.41.0"},"reference-count":53,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2013,6,1]],"date-time":"2013-06-01T00:00:00Z","timestamp":1370044800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"DOCOMO Euro-Labs"},{"name":"Interuniversity Attraction Poles Programme Belgian State, Belgian Science Policy"},{"DOI":"10.13039\/501100004040","name":"KU Leuven","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004040","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004963","name":"Seventh Framework Programme","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2013,6]]},"abstract":"Code Pointer Masking (CPM) is a novel countermeasure against code injection attacks on native code. By enforcing the correct semantics of code pointers, CPM thwarts attacks that modify code pointers to divert the application\u2019s control flow. It does not rely on secret values such as stack canaries and protects against attacks that are not addressed by state-of-the-art countermeasures of similar performance. This article reports on two prototype implementations on very distinct processor architectures, showing that the idea behind CPM is portable. The evaluation also shows that the overhead of using our countermeasure is very small and the security benefits are substantial.<\/jats:p>","DOI":"10.1145\/2487222.2487223","type":"journal-article","created":{"date-parts":[[2013,6,18]],"date-time":"2013-06-18T12:36:08Z","timestamp":1371558968000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["CPM"],"prefix":"10.1145","volume":"16","author":[{"given":"Pieter","family":"Philippaerts","sequence":"first","affiliation":[{"name":"DistriNet Research Group, University of Leuven"}]},{"given":"Yves","family":"Younan","sequence":"additional","affiliation":[{"name":"DistriNet Research Group, University of Leuven"}]},{"given":"Stijn","family":"Muylle","sequence":"additional","affiliation":[{"name":"DistriNet Research Group, University of Leuven"}]},{"given":"Frank","family":"Piessens","sequence":"additional","affiliation":[{"name":"DistriNet Research Group, University of Leuven"}]},{"given":"Sven","family":"Lachmund","sequence":"additional","affiliation":[{"name":"DOCOMO Euro-Labs"}]},{"given":"Thomas","family":"Walter","sequence":"additional","affiliation":[{"name":"DOCOMO Euro-Labs"}]}],"member":"320","published-online":{"date-parts":[[2013,6]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"volume-title":"Proceedings of the 18th USENIX Security Symposium.","author":"Akritidis P.","key":"e_1_2_1_2_1","unstructured":"Akritidis , P. , Costa , M. , Castro , M. , and Hand , S . 2009. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors . In Proceedings of the 18th USENIX Security Symposium. Akritidis, P., Costa, M., Castro, M., and Hand, S. 2009. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In Proceedings of the 18th USENIX Security Symposium."},{"key":"e_1_2_1_3_1","unstructured":"Anisimov A. 2005. Defeating microsoft windows xp sp2 heap protection and dep bypass. http:\/\/www.ptsecurity.com\/download\/defeating-xpsp2-heap-protection.pdf. Anisimov A. 2005. Defeating microsoft windows xp sp2 heap protection and dep bypass. http:\/\/www.ptsecurity.com\/download\/defeating-xpsp2-heap-protection.pdf."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/178243.178446"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948147"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_1"},{"volume-title":"Proceedings of the 12th USENIX Security Symposium. USENIX Association.","author":"Bhatkar S.","key":"e_1_2_1_7_1","unstructured":"Bhatkar , S. , Duvarney , D. C. , and Sekar , R . 2003. Address obfuscation: An efficient approach to combat a broad range of memory error exploits . In Proceedings of the 12th USENIX Security Symposium. USENIX Association. Bhatkar, S., Duvarney, D. C., and Sekar, R. 2003. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium. USENIX Association."},{"volume-title":"Proceedings of the 14th USENIX Security Symposium. USENIX Association.","author":"Bhatkar S.","key":"e_1_2_1_8_1","unstructured":"Bhatkar , S. , Sekar , R. , and Duvarney , D. C . 2005. Efficient techniques for comprehensive protection from memory error exploits . In Proceedings of the 14th USENIX Security Symposium. USENIX Association. Bhatkar, S., Sekar, R., and Duvarney, D. C. 2005. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th USENIX Security Symposium. USENIX Association."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076783"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10772-6_13"},{"volume-title":"Proceedings of the 21st International Conference on Distributed Computing Systems. 409--420","author":"Chiueh T.","key":"e_1_2_1_11_1","unstructured":"Chiueh , T. and Hsu , F. H . 2001. RAD: A compile-time solution to buffer overflow attacks . In Proceedings of the 21st International Conference on Distributed Computing Systems. 409--420 . Chiueh, T. and Hsu, F. H. 2001. RAD: A compile-time solution to buffer overflow attacks. In Proceedings of the 21st International Conference on Distributed Computing Systems. 409--420."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/781131.781157"},{"volume-title":"Proceedings of the 7th USENIX Security Symposium. USENIX Association.","author":"Cowan C.","key":"e_1_2_1_13_1","unstructured":"Cowan , C. , Pu , C. , Maier , D. , Hinton , H. , Walpole , J. , Bakke , P. , Beattie , S. , Grier , A. , Wagle , P. , and Zhang , Q . 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks . In Proceedings of the 7th USENIX Security Symposium. USENIX Association. Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium. USENIX Association."},{"volume-title":"Proceedings of the 12th USENIX Security Symposium. USENIX Association, 91--104","author":"Cowan C.","key":"e_1_2_1_14_1","unstructured":"Cowan , C. , Beattie , S. , Johansen , J. , and Wagle , P . 2003. PointGuard: Protecting pointers from buffer overflow vulnerabilities . In Proceedings of the 12th USENIX Security Symposium. USENIX Association, 91--104 . Cowan, C., Beattie, S., Johansen, J., and Wagle, P. 2003. PointGuard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium. USENIX Association, 91--104."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655108.1655117"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966920"},{"key":"e_1_2_1_17_1","unstructured":"Erlingsson U. 2007. Low-level software security: Attacks and defenses. Tech. rep. MSR-TR-2007-153 Microsoft Research. Erlingsson U. 2007. Low-level software security: Attacks and defenses. Tech. rep. MSR-TR-2007-153 Microsoft Research."},{"key":"e_1_2_1_18_1","unstructured":"Etoh H. and Yoda K. 2000. Protecting from stack-smashing attacks. Tech. rep. IBM Research Divison. Tokyo Research Laboratory. Etoh H. and Yoda K. 2000. Protecting from stack-smashing attacks. Tech. rep. IBM Research Divison. Tokyo Research Laboratory."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11747-3_1"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.869367"},{"volume-title":"Proceedings of the USENIX Annual Technical Conference. USENIX Association, 275--288","author":"Jim T.","key":"e_1_2_1_21_1","unstructured":"Jim , T. , Morrisett , G. , Grossman , D. , Hicks , M. , Cheney , J. , and Wang , Y . 2002. Cyclone: A safe dialect of c . In Proceedings of the USENIX Annual Technical Conference. USENIX Association, 275--288 . Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., and Wang, Y. 2002. Cyclone: A safe dialect of c. In Proceedings of the USENIX Annual Technical Conference. USENIX Association, 275--288."},{"volume-title":"Proceedings of the 3rd International Workshop on Automatic Debugging.","author":"Jones R. W. M.","key":"e_1_2_1_22_1","unstructured":"Jones , R. W. M. and Kelly , P. H. J. 1997. Backwards-compatible bounds checking for arrays and pointers in c programs . In Proceedings of the 3rd International Workshop on Automatic Debugging. Jones, R. W. M. and Kelly, P. H. J. 1997. Backwards-compatible bounds checking for arrays and pointers in c programs. In Proceedings of the 3rd International Workshop on Automatic Debugging."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the USENIX","author":"Kendall S. C.","year":"1983","unstructured":"Kendall , S. C. 1983 . Bcc: Runtime checking for c programs . In Proceedings of the USENIX Summer 1983 Conference. USENIX Association, 5--16. Kendall, S. C. 1983. Bcc: Runtime checking for c programs. In Proceedings of the USENIX Summer 1983 Conference. USENIX Association, 5--16."},{"volume-title":"Proceedings of the 11th USENIX Security Symposium. USENIX Association.","author":"Kiriansky V.","key":"e_1_2_1_25_1","unstructured":"Kiriansky , V. , Bruening , D. , and Amarasinghe , S . 2002. Secure execution via program shepherding . In Proceedings of the 11th USENIX Security Symposium. USENIX Association. Kiriansky, V., Bruening, D., and Amarasinghe, S. 2002. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium. USENIX Association."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/581630.581678"},{"key":"e_1_2_1_27_1","unstructured":"Krennmair A. 2003. ContraPolice: A libc extension for protecting applications from heap-smashing attacks. http:\/\/www.synflood.at\/contrapolice. Krennmair A. 2003. ContraPolice: A libc extension for protecting applications from heap-smashing attacks. http:\/\/www.synflood.at\/contrapolice."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2004.1293079"},{"volume-title":"Proceedings of the 11th USENIX Security Symposium. USENIX Association, 81--90","author":"Lhee K. S.","key":"e_1_2_1_29_1","unstructured":"Lhee , K. S. and Chapin , S. J . 2002. Type-assisted dynamic buffer overflow detection . In Proceedings of the 11th USENIX Security Symposium. USENIX Association, 81--90 . Lhee, K. S. and Chapin, S. J. 2002. Type-assisted dynamic buffer overflow detection. In Proceedings of the 11th USENIX Security Symposium. USENIX Association, 81--90."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.515"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755934"},{"volume-title":"Proceedings of the 15th USENIX Security Symposium. USENIX Association.","author":"McCamant S.","key":"e_1_2_1_32_1","unstructured":"McCamant , S. and Morrisett , G . 2006. Evaluating SFI for a CISC architecture . In Proceedings of the 15th USENIX Security Symposium. USENIX Association. McCamant, S. and Morrisett, G. 2006. Evaluating SFI for a CISC architecture. In Proceedings of the 15th USENIX Security Symposium. USENIX Association."},{"key":"e_1_2_1_33_1","unstructured":"National Institute of Standards and Technology. 2013. National vulnerability database statistics. http:\/\/nvd.nist.gov\/statistics.cfm. National Institute of Standards and Technology. 2013. National vulnerability database statistics. http:\/\/nvd.nist.gov\/statistics.cfm."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503286"},{"volume-title":"Proceedings of the International Symposium on Software Security.","author":"Oiwa Y.","key":"e_1_2_1_35_1","unstructured":"Oiwa , Y. , Sekiguchi , T. , Sumii , E. , and Yonezawa , A . 2002. Fail-safe ANSI-C compiler: An approach to making c programs secure: Progress report . In Proceedings of the International Symposium on Software Security. Oiwa, Y., Sekiguchi, T., Sumii, E., and Yonezawa, A. 2002. Fail-safe ANSI-C compiler: An approach to making c programs secure: Progress report. In Proceedings of the International Symposium on Software Security."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920269"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1002\/(SICI)1097-024X(199701)27:1%3C87::AID-SPE78%3E3.0.CO;2-P"},{"volume-title":"Proceedings of the 8th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA\u201911)","author":"Philippaerts P.","key":"e_1_2_1_38_1","unstructured":"Philippaerts , P. , Younan , Y. , Muylle , S. , Piessens , F. , Lachmund , S. , and Walter , T . 2011. Code pointer masking: Hardening applications against code injection attacks . In Proceedings of the 8th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA\u201911) . Philippaerts, P., Younan, Y., Muylle, S., Piessens, F., Lachmund, S., and Walter, T. 2011. Code pointer masking: Hardening applications against code injection attacks. In Proceedings of the 8th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA\u201911)."},{"volume-title":"Proceedings of the 17th Large Installation Systems Administrators Conference. USENIX Association.","author":"Robertson W.","key":"e_1_2_1_39_1","unstructured":"Robertson , W. , Kruegel , C. , Mutz , D. , and Valeur , F . 2003. Run-time detection of heap-based over-flows . In Proceedings of the 17th Large Installation Systems Administrators Conference. USENIX Association. Robertson, W., Kruegel, C., Mutz, D., and Valeur, F. 2003. Run-time detection of heap-based over-flows. In Proceedings of the 17th Large Installation Systems Administrators Conference. USENIX Association."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_2_1_42_1","unstructured":"Skape and Skywing. 2005. Bypassing windows hardware-enforced data execution prevention. Uninformed 2. http:\/\/www.uninformed.org\/?v=2&a=4&t=txt. Skape and Skywing. 2005. Bypassing windows hardware-enforced data execution prevention. Uninformed 2. http:\/\/www.uninformed.org\/?v=2&a=4&t=txt."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.4380220403"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519144.1519145"},{"key":"e_1_2_1_45_1","unstructured":"The PaX Team. 2012. Documentation for the PaX project. http:\/\/pax.grsecurity.net\/docs\/. The PaX Team. 2012. Documentation for the PaX project. http:\/\/pax.grsecurity.net\/docs\/."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_2_1_47_1","unstructured":"Wojtczuk R. 1998. Defeating solar designer non-executable stack patch. Posted on the Bugtraq mailinglist. http:\/\/insecure.org\/sploits\/non-executable.stack.problems.html. Wojtczuk R. 1998. Defeating solar designer non-executable stack patch. Posted on the Bugtraq mailinglist. http:\/\/insecure.org\/sploits\/non-executable.stack.problems.html."},{"volume-title":"Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS\u201903)","author":"Xu J.","key":"e_1_2_1_48_1","unstructured":"Xu , J. , Kalbarczyk , Z. , and Iyer , R. K . 2003. Transparent runtime randomization for security . In Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS\u201903) . Xu, J., Kalbarczyk, Z., and Iyer, R. K. 2003. Transparent runtime randomization for security. In Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS\u201903)."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029894.1029913"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.27"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187671.2187679"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755688.1755707"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187671.2187679"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2487222.2487223","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2487222.2487223","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:48:38Z","timestamp":1750236518000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2487222.2487223"}},"subtitle":["Masking Code Pointers to Prevent Code Injection Attacks"],"short-title":[],"issued":{"date-parts":[[2013,6]]},"references-count":53,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,6]]}},"alternative-id":["10.1145\/2487222.2487223"],"URL":"https:\/\/doi.org\/10.1145\/2487222.2487223","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2013,6]]},"assertion":[{"value":"2012-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-06-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}