{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T08:46:15Z","timestamp":1780994775322,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,12,7]],"date-time":"2015-12-07T00:00:00Z","timestamp":1449446400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-0831298 and CNS-1319137"],"award-info":[{"award-number":["CNS-0831298 and CNS-1319137"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,12,7]]},"DOI":"10.1145\/2818000.2818016","type":"proceedings-article","created":{"date-parts":[[2015,12,11]],"date-time":"2015-12-11T17:06:08Z","timestamp":1449853568000},"page":"91-100","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":47,"title":["Control Flow and Code Integrity for COTS binaries"],"prefix":"10.1145","author":[{"given":"Mingwei","family":"Zhang","sequence":"first","affiliation":[{"name":"Privacy and Intelligence Lab, Intel Labs"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"R.","family":"Sekar","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2015,12,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"CVE-2000-0854: Earliest side-loading attack.  CVE-2000-0854: Earliest side-loading attack."},{"key":"e_1_3_2_1_2_1","unstructured":"CVE-2007-3508: Integer overflow in loader. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2007-3508.  CVE-2007-3508: Integer overflow in loader. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2007-3508."},{"key":"e_1_3_2_1_3_1","unstructured":"CVE-2010-0830: Integer signedness error in loader. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-0830.  CVE-2010-0830: Integer signedness error in loader. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-0830."},{"key":"e_1_3_2_1_4_1","unstructured":"CVE-2010-3847: privilege escalation in loader with $origin for the ld_audit environment variable. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-3847.  CVE-2010-3847: privilege escalation in loader with $origin for the ld_audit environment variable. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-3847."},{"key":"e_1_3_2_1_5_1","unstructured":"CVE-2010-3856: privilege escalation in loader with the ld audit environment. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-3856.  CVE-2010-3856: privilege escalation in loader with the ld audit environment. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-3856."},{"key":"e_1_3_2_1_6_1","unstructured":"CVE-2011-0562: Untrusted search path vulnerability in adobe reader.  CVE-2011-0562: Untrusted search path vulnerability in adobe reader."},{"key":"e_1_3_2_1_7_1","unstructured":"CVE-2011-0570: Untrusted search path vulnerability in adobe reader. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-0570.  CVE-2011-0570: Untrusted search path vulnerability in adobe reader. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-0570."},{"key":"e_1_3_2_1_8_1","unstructured":"CVE-2011-0588: Untrusted search path vulnerability in adobe reader. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-0588.  CVE-2011-0588: Untrusted search path vulnerability in adobe reader. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-0588."},{"key":"e_1_3_2_1_9_1","unstructured":"CVE-2011-1658: privilege escalation in loader with $origin in rpath. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-1658.  CVE-2011-1658: privilege escalation in loader with $origin in rpath. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-1658."},{"key":"e_1_3_2_1_10_1","unstructured":"CVE-2011-2398: privilege escalation in loader. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-2398.  CVE-2011-2398: privilege escalation in loader. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-2398."},{"key":"e_1_3_2_1_11_1","unstructured":"CVE-2012-0158: Side loading attack via microsoft office. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-0158.  CVE-2012-0158: Side loading attack via microsoft office. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-0158."},{"key":"e_1_3_2_1_12_1","unstructured":"CVE-2013-0977: overlapping segments. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-0977.  CVE-2013-0977: overlapping segments. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-0977."},{"key":"e_1_3_2_1_13_1","unstructured":"CVE-2014-1273: text relocation. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-1273.  CVE-2014-1273: text relocation. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-1273."},{"key":"e_1_3_2_1_14_1","unstructured":"LibJIT. https:\/\/code.google.com\/p\/libjit-linear-scan-register-allocator\/.  LibJIT. https:\/\/code.google.com\/p\/libjit-linear-scan-register-allocator\/."},{"key":"e_1_3_2_1_15_1","unstructured":"WinSxS: Side-by-side assembly. http:\/\/en.wikipedia.org\/wiki\/Side-by-side_assembly.  WinSxS: Side-by-side assembly. http:\/\/en.wikipedia.org\/wiki\/Side-by-side_assembly."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_3_2_1_17_1","volume-title":"USENIX Security","author":"Akritidis P.","year":"2009","unstructured":"P. Akritidis , M. Costa , M. Castro , and S. Hand . Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors . In USENIX Security , 2009 . P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In USENIX Security, 2009."},{"key":"e_1_3_2_1_18_1","volume-title":"USENIX Security","author":"Backes M.","year":"2014","unstructured":"M. Backes and S. N\u00fcrnberger . Oxymoron: Making fine-grained memory randomization practical by allowing code sharing . In USENIX Security , 2014 . M. Backes and S. N\u00fcrnberger. Oxymoron: Making fine-grained memory randomization practical by allowing code sharing. In USENIX Security, 2014."},{"key":"e_1_3_2_1_19_1","volume-title":"https:\/\/github.com\/eliben\/libjit-samples","author":"Bendersky E.","year":"2013","unstructured":"E. Bendersky . Lib JIT Samples . https:\/\/github.com\/eliben\/libjit-samples , 2013 . E. Bendersky. LibJIT Samples. https:\/\/github.com\/eliben\/libjit-samples, 2013."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_1"},{"key":"e_1_3_2_1_21_1","volume-title":"USENIX Security","author":"Bhatkar S.","year":"2005","unstructured":"S. Bhatkar , R. Sekar , and D. DuVarney . Efficient techniques for comprehensive protection from memory error exploits . In USENIX Security , 2005 . S. Bhatkar, R. Sekar, and D. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In USENIX Security, 2005."},{"key":"e_1_3_2_1_22_1","volume-title":"USENIX Security","author":"Carlini N.","year":"2014","unstructured":"N. Carlini and D. Wagner . ROP is still dangerous: Breaking modern defenses . In USENIX Security , 2014 . N. Carlini and D. Wagner. ROP is still dangerous: Breaking modern defenses. In USENIX Security, 2014."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.52"},{"key":"e_1_3_2_1_24_1","volume-title":"NDSS","author":"Davi L.","year":"2012","unstructured":"L. Davi , R. Dmitrienko , M. Egele , T. Fischer , T. Holz , R. Hund , S. N\u00e3ijrnberger , and A. reza Sadeghi . MoCFI : a framework to mitigate control-flow attacks on smartphones . In NDSS , 2012 . L. Davi, R. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. N\u00e3ijrnberger, and A. reza Sadeghi. MoCFI: a framework to mitigate control-flow attacks on smartphones. In NDSS, 2012."},{"key":"e_1_3_2_1_25_1","volume-title":"USENIX Security","author":"Davi L.","year":"2014","unstructured":"L. Davi , D. Lehmann , A.-R. Sadeghi , and F. Monrose . Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection . In USENIX Security , 2014 . L. Davi, D. Lehmann, A.-R. Sadeghi, and F. Monrose. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In USENIX Security, 2014."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23262"},{"key":"e_1_3_2_1_27_1","first-page":"x0b","article-title":"Bypassing pax aslr protection. Technical report","volume":"0","author":"Durden T.","year":"2002","unstructured":"T. Durden . Bypassing pax aslr protection. Technical report , Phrack Magazine , vol. 0 x0b , no. 0x3b, 2002 . T. Durden. Bypassing pax aslr protection. Technical report, Phrack Magazine, vol. 0x0b, no. 0x3b, 2002.","journal-title":"Phrack Magazine"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"e_1_3_2_1_29_1","volume-title":"USENIX Security","author":"Federico A. D.","year":"2015","unstructured":"A. D. Federico , A. Cama , Y. Shoshitaishvili , C. Kruegel , and G. Vigna . How the elf ruined christmas . In USENIX Security , 2015 . A. D. Federico, A. Cama, Y. Shoshitaishvili, C. Kruegel, and G. Vigna. How the elf ruined christmas. In USENIX Security, 2015."},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX ATC","author":"Ford B.","year":"2008","unstructured":"B. Ford and R. Cox . Vx32: lightweight user-level sandboxing on the x86 . In USENIX ATC , 2008 . B. Ford and R. Cox. Vx32: lightweight user-level sandboxing on the x86. In USENIX ATC, 2008."},{"key":"e_1_3_2_1_31_1","volume-title":"USENIX Security","author":"G\u00f6kta\u015f E.","year":"2014","unstructured":"E. G\u00f6kta\u015f , E. Athanasopoulos , M. Polychronakis , H. Bos , and G. Portokalidis . Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard . In USENIX Security , 2014 . E. G\u00f6kta\u015f, E. Athanasopoulos, M. Polychronakis, H. Bos, and G. Portokalidis. Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard. In USENIX Security, 2014."},{"key":"e_1_3_2_1_32_1","volume-title":"S&P","author":"G\u00e3\u0171kta E.","year":"2014","unstructured":"E. G\u00e3\u0171kta , E. Athanasopoulos , H. Bos , and G. Portokalidis . Out of control: Overcoming control-flow integrity . In S&P , 2014 . E. G\u00e3\u0171kta, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In S&P, 2014."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2259016.2259034"},{"key":"e_1_3_2_1_34_1","volume-title":"AADEBUG","author":"Jones R. W. M.","year":"1997","unstructured":"R. W. M. Jones , P. H. J. Kelly , M. C, and U. Errors . Backwards-compatible bounds checking for arrays and pointers in c programs . In AADEBUG , 1997 . R. W. M. Jones, P. H. J. Kelly, M. C, and U. Errors. Backwards-compatible bounds checking for arrays and pointers in c programs. In AADEBUG, 1997."},{"key":"e_1_3_2_1_35_1","volume-title":"OSDI","author":"Kuznetsov V.","year":"2014","unstructured":"V. Kuznetsov , L. Szekeres , M. Payer , G. Candea , R. Sekar , and D. Song . Code-pointer integrity . In OSDI , 2014 . V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. Code-pointer integrity. In OSDI, 2014."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.10"},{"key":"e_1_3_2_1_37_1","volume-title":"USENIX Security","author":"McCamant S.","year":"2006","unstructured":"S. McCamant and G. Morrisett . Evaluating SFI for a CISC architecture . In USENIX Security , 2006 . S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. In USENIX Security, 2006."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23271"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542504"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2006.6"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.29"},{"key":"e_1_3_2_1_42_1","volume-title":"Phrack Magazine","year":"2001","unstructured":"Nergal. The advanced return-into-lib(c) exploits: PaX case study . Phrack Magazine , 2001 . Nergal. The advanced return-into-lib(c) exploits: PaX case study. Phrack Magazine, 2001."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813644"},{"key":"e_1_3_2_1_44_1","unstructured":"B. Niu and G. Tan. RockJIT: Securing just-in-time compilation using modular control-flow integrity.  B. Niu and G. Tan. RockJIT: Securing just-in-time compilation using modular control-flow integrity."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516649"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594295"},{"key":"e_1_3_2_1_47_1","volume-title":"http:\/\/pax.grsecurity.net\/docs\/aslr.txt","author":"X. Address","year":"2001","unstructured":"Pa X. Address space layout randomization. http:\/\/pax.grsecurity.net\/docs\/aslr.txt , 2001 . PaX. Address space layout randomization. http:\/\/pax.grsecurity.net\/docs\/aslr.txt, 2001."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.11"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523674"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_3_2_1_53_1","volume-title":"USENIX WOOT","author":"Shapiro R.","year":"2013","unstructured":"R. Shapiro , S. Bratus , and S. W. Smith . \" weird machines\" in elf: A spotlight on the underappreciated metadata . In USENIX WOOT , 2013 . R. Shapiro, S. Bratus, and S. W. Smith. \"weird machines\" in elf: A spotlight on the underappreciated metadata. In USENIX WOOT, 2013."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23233"},{"key":"e_1_3_2_1_56_1","volume-title":"DLL side-loading: A thorn in the side of the anti-virus industry","author":"Stewart A.","year":"2014","unstructured":"A. Stewart . DLL side-loading: A thorn in the side of the anti-virus industry , 2014 . http:\/\/www.fireeye.com\/resources\/pdfs\/fireeye-dll-sideloading.pdf. A. Stewart. DLL side-loading: A thorn in the side of the anti-virus industry, 2014. http:\/\/www.fireeye.com\/resources\/pdfs\/fireeye-dll-sideloading.pdf."},{"key":"e_1_3_2_1_57_1","volume-title":"USENIX Security","author":"Tice C.","year":"2014","unstructured":"C. Tice , T. Roeder , P. Collingbourne , S. Checkoway , \u00da. Erlingsson, L. Lozano , and G. Pike . Enforcing forward-edge control-flow integrity in gcc & llvm . In USENIX Security , 2014 . C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, \u00da. Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-flow integrity in gcc & llvm. In USENIX Security, 2014."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813673"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029894.1029913"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755688.1755707"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046713"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.44"},{"key":"e_1_3_2_1_64_1","unstructured":"M. Zhang. PSI: Platform for Static binary Instrumentation. http:\/\/seclab.cs.sunysb.edu\/seclab\/download.html.  M. Zhang. PSI: Platform for Static binary Instrumentation. http:\/\/seclab.cs.sunysb.edu\/seclab\/download.html."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2576195.2576208"},{"key":"e_1_3_2_1_66_1","volume-title":"USENIX Security","author":"Zhang M.","year":"2013","unstructured":"M. Zhang and R. Sekar . Control flow integrity for COTS binaries . In USENIX Security , 2013 . M. Zhang and R. Sekar. Control flow integrity for COTS binaries. In USENIX Security, 2013."},{"key":"e_1_3_2_1_67_1","unstructured":"M. Zhang and R. Sekar. Squeezing the dynamic loader for fun and profit. http:\/\/seclab.cs.sunysb.edu\/seclab\/pubs\/seclab15-12.pdf 2015.  M. Zhang and R. Sekar. Squeezing the dynamic loader for fun and profit. http:\/\/seclab.cs.sunysb.edu\/seclab\/pubs\/seclab15-12.pdf 2015."}],"event":{"name":"ACSAC 2015: 2015 Annual Computer Security Applications Conference","location":"Los Angeles CA USA","acronym":"ACSAC 2015","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 31st Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2818000.2818016","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2818000.2818016","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:43:26Z","timestamp":1750225406000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2818000.2818016"}},"subtitle":["An Effective Defense Against Real-World ROP Attacks"],"short-title":[],"issued":{"date-parts":[[2015,12,7]]},"references-count":67,"alternative-id":["10.1145\/2818000.2818016","10.1145\/2818000"],"URL":"https:\/\/doi.org\/10.1145\/2818000.2818016","relation":{},"subject":[],"published":{"date-parts":[[2015,12,7]]},"assertion":[{"value":"2015-12-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}