{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:00:10Z","timestamp":1773511210348,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,10,15]],"date-time":"2018-10-15T00:00:00Z","timestamp":1539561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ONR awards","award":["N00014-17-1-2513 N00014-17-1-2498"],"award-info":[{"award-number":["N00014-17-1-2513 N00014-17-1-2498"]}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1408880 CNS-1513783 CNS-1801534 CNS-1801601"],"award-info":[{"award-number":["CNS-1408880 CNS-1513783 CNS-1801534 CNS-1801601"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Intel corporation"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,10,15]]},"DOI":"10.1145\/3243734.3243739","type":"proceedings-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T17:38:33Z","timestamp":1539711513000},"page":"1868-1882","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":86,"title":["Block Oriented Programming"],"prefix":"10.1145","author":[{"given":"Kyriakos K.","family":"Ispoglou","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bader","family":"AlBassam","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mathias","family":"Payer","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,10,15]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3054924"},{"key":"e_1_3_2_2_5_1","volume-title":"KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In OSDI.","author":"Cadar Cristian","year":"2008"},{"key":"e_1_3_2_2_6_1","unstructured":"Nicholas Carlini Antonio Barresi Mathias Payer David Wagner and Thomas R Gross. 2015. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. In USENIX Security.   Nicholas Carlini Antonio Barresi Mathias Payer David Wagner and Thomas R Gross. 2015. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. In USENIX Security."},{"key":"e_1_3_2_2_7_1","unstructured":"Nicholas Carlini and David Wagner. 2014. ROP is Still Dangerous: Breaking Modern Defenses. In USENIX Security.   Nicholas Carlini and David Wagner. 2014. ROP is Still Dangerous: Breaking Modern Defenses. In USENIX Security."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267308.1267319"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"crossref","unstructured":"Yueqiang Cheng Zongwei Zhou Yu Miao Xuhua Ding Huijie DENG et al. 2014. ROPecker: A generic and practical approach for defending against ROP attack. (2014).  Yueqiang Cheng Zongwei Zhou Yu Miao Xuhua Ding Huijie DENG et al. 2014. ROPecker: A generic and practical approach for defending against ROP attack. (2014).","DOI":"10.14722\/ndss.2014.23156"},{"key":"e_1_3_2_2_11_1","volume-title":"Leiserson","author":"Cormen Thomas H.","year":"2009"},{"key":"e_1_3_2_2_12_1","unstructured":"Crispan Cowan Calton Pu Dave Maier Jonathan Walpole Peat Bakke Steve Beattie Aaron Grier Perry Wagle Qian Zhang and Heather Hinton. 1998. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In Usenix Security.   Crispan Cowan Calton Pu Dave Maier Jonathan Walpole Peat Bakke Steve Beattie Aaron Grier Perry Wagle Qian Zhang and Heather Hinton. 1998. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In Usenix Security."},{"key":"e_1_3_2_2_13_1","unstructured":"CVEApache 2006. CVE-2006--3747: Off-by-one error in Apache 1.3.34. https: \/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006--3747.  CVEApache 2006. CVE-2006--3747: Off-by-one error in Apache 1.3.34. https: \/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006--3747."},{"key":"e_1_3_2_2_14_1","unstructured":"CVEnginx 2013. CVE-2013--2028: Nginx http server chunked encoding buffer overflow 1.4.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013--2028.  CVEnginx 2013. CVE-2013--2028: Nginx http server chunked encoding buffer overflow 1.4.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013--2028."},{"key":"e_1_3_2_2_15_1","unstructured":"CVEnullhttpd 2004. CVE-2002--1496: Heap-based buffer overflow in Null HTTP Server 0.5.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2002--1496.  CVEnullhttpd 2004. CVE-2002--1496: Heap-based buffer overflow in Null HTTP Server 0.5.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2002--1496."},{"key":"e_1_3_2_2_16_1","unstructured":"CVEopenssh 2001. CVE-2001-0144: Integer overflow in OpenSSH 1.2.27. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2001-0144.  CVEopenssh 2001. CVE-2001-0144: Integer overflow in OpenSSH 1.2.27. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2001-0144."},{"key":"e_1_3_2_2_17_1","unstructured":"CVEorzhttpd 2009. CVE\/bug in OrzHTTPd - Format String. https:\/\/www.exploit-db.com\/exploits\/10282\/.  CVEorzhttpd 2009. CVE\/bug in OrzHTTPd - Format String. https:\/\/www.exploit-db.com\/exploits\/10282\/."},{"key":"e_1_3_2_2_18_1","unstructured":"CVEproftpd 2006. CVE-2006--5815: Stack buffer overflow in ProFTPD 1.3.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006--5815.  CVEproftpd 2006. CVE-2006--5815: Stack buffer overflow in ProFTPD 1.3.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006--5815."},{"key":"e_1_3_2_2_19_1","unstructured":"CVEsmbclient 2009. CVE-2009--1886: Format string vulnerability in smbclient 3.2.12. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009--1886.  CVEsmbclient 2009. CVE-2009--1886: Format string vulnerability in smbclient 3.2.12. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009--1886."},{"key":"e_1_3_2_2_20_1","unstructured":"CVEsudo 2012. CVE-2012-0809: Format string vulnerability in SUDO 1.8.3. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-0809.  CVEsudo 2012. CVE-2012-0809: Format string vulnerability in SUDO 1.8.3. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-0809."},{"key":"e_1_3_2_2_21_1","unstructured":"CVEWireshark 2014. CVE-2014--2299: Buffer overflow in Wireshark 1.8.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014--2299.  CVEWireshark 2014. CVE-2014--2299: Buffer overflow in Wireshark 1.8.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014--2299."},{"key":"e_1_3_2_2_22_1","unstructured":"CVEwuftpd 2001. CVE-2000-0573: Format string vulnerability in wu-ftpd 2.6.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2000-0573.  CVEwuftpd 2001. CVE-2000-0573: Format string vulnerability in wu-ftpd 2.6.0. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2000-0573."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714635"},{"key":"e_1_3_2_2_24_1","unstructured":"Lucas Davi Ahmad-Reza Sadeghi Daniel Lehmann and Fabian Monrose. 2014. Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. In USENIX Security.   Lucas Davi Ahmad-Reza Sadeghi Daniel Lehmann and Fabian Monrose. 2014. Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. In USENIX Security."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966920"},{"key":"e_1_3_2_2_26_1","volume-title":"Bugtraq","author":"Designer Solar","year":"1997"},{"key":"e_1_3_2_2_27_1","unstructured":"Ren Ding Chenxiong Qian Chengyu Song Bill Harris Taesoo Kim and Wenke Lee. 2017. Efficient Protection of Path-Sensitive Control Security. (2017).   Ren Ding Chenxiong Qian Chengyu Song Bill Harris Taesoo Kim and Wenke Lee. 2017. Efficient Protection of Path-Sensitive Control Security. (2017)."},{"key":"e_1_3_2_2_28_1","volume-title":"Bypassing PaX ASLR protection. Phrack magazine #59","author":"Durden Tyler","year":"2002"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"e_1_3_2_2_30_1","volume-title":"PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution. In International Workshop on Security and Trust Management.","author":"Follner Andreas","year":"2016"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.43"},{"key":"e_1_3_2_2_32_1","volume-title":"Proceedings of the 6th USENIX conference on Offensive Technologies. USENIX Association, 7--7.","author":"Homescu Andrei","year":"2012"},{"key":"e_1_3_2_2_33_1","volume-title":"Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang.","author":"Hu Hong","year":"2015"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.62"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04897-0_1"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/368996.369025"},{"key":"e_1_3_2_2_38_1","volume-title":"Bypassing StackGuard and StackShield. Phrack magazine #53","year":"2000"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_2_40_1","first-page":"00000","article-title":"Code-Pointer Integrity","volume":"14","author":"Kuznetsov Volodymyr","year":"2014","journal-title":"OSDI"},{"key":"e_1_3_2_2_41_1","unstructured":"Microsoft. 2015. Visual Studio 2015 - Compiler Options - Enable Control Flow Guard. https:\/\/msdn.microsoft.com\/en-us\/library\/dn919635.aspx.  Microsoft. 2015. Visual Studio 2015 - Compiler Options - Enable Control Flow Guard. https:\/\/msdn.microsoft.com\/en-us\/library\/dn919635.aspx."},{"key":"e_1_3_2_2_42_1","volume-title":"ASLR smack & laugh reference. Seminar on Advanced Exploitation Techniques","author":"M\u00fcller Tilo","year":"2008"},{"key":"e_1_3_2_2_43_1","volume-title":"Brainfuck--an eight-instruction turing-complete programming language. Available at the Internet address http:\/\/en.wikipedia.org\/wiki\/Brainfuck","author":"M\u00fcller Urban","year":"1993"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594295"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813644"},{"key":"e_1_3_2_2_46_1","unstructured":"Pakt. 2013. ropc: A turing complete ROP compiler. https:\/\/github.com\/pakt\/ropc.  Pakt. 2013. ropc: A turing complete ROP compiler. https:\/\/github.com\/pakt\/ropc."},{"key":"e_1_3_2_2_47_1","volume-title":"kBouncer: Efficient and transparent ROP mitigation. tech. rep. Citeseer","author":"Pappas Vasilis","year":"2012"},{"key":"e_1_3_2_2_48_1","unstructured":"PAX-TEAM. 2003. PaX ASLR (Address Space Layout Randomization). http:\/\/pax.grsecurity.net\/docs\/aslr.txt.  PAX-TEAM. 2003. PaX ASLR (Address Space Layout Randomization). http:\/\/pax.grsecurity.net\/docs\/aslr.txt."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_8"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2011.6112327"},{"key":"e_1_3_2_2_51_1","unstructured":"Gerardo Richarte et al. 2002. Four different tricks to bypass stackshield and stackguard protection. World Wide Web (2002).  Gerardo Richarte et al. 2002. Four different tricks to bypass stackshield and stackguard protection. World Wide Web (2002)."},{"key":"e_1_3_2_2_52_1","unstructured":"Jonathan Salwan and Allan Wirth. 2012. ROPGadget. https:\/\/github.com\/JonathanSalwan\/ROPgadget.  Jonathan Salwan and Allan Wirth. 2012. ROPGadget. https:\/\/github.com\/JonathanSalwan\/ROPgadget."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"e_1_3_2_2_54_1","volume-title":"USENIX Security Symposium.","author":"Schwartz Edward J","year":"2011"},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095430.1081750"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_2_59_1","volume-title":"Exploring control flow guard in windows 10. Available at \"http:\/\/ blog.trendmicro.com\/ trendlabs-security-intelligence\/ exploring-control-flow-guard-in-windows-10","author":"Tang Jack","year":"2015"},{"key":"e_1_3_2_2_60_1","unstructured":"The Chromium Projects. {n. d.}. Control Flow Integrity The Chromium Projects. \"https:\/\/www.chromium.org\/developers\/testing\/control-flow-integrity\".  The Chromium Projects. {n. d.}. Control Flow Integrity The Chromium Projects. \"https:\/\/www.chromium.org\/developers\/testing\/control-flow-integrity\"."},{"key":"e_1_3_2_2_61_1","unstructured":"Caroline Tice Tom Roeder Peter Collingbourne Stephen Checkoway \u00dalfar Erlingsson Luis Lozano and Geoff Pike. 2014. Enforcing Forward-Edge Control- Flow Integrity in GCC & LLVM.. In USENIX Security.   Caroline Tice Tom Roeder Peter Collingbourne Stephen Checkoway \u00dalfar Erlingsson Luis Lozano and Geoff Pike. 2014. Enforcing Forward-Edge Control- Flow Integrity in GCC & LLVM.. In USENIX Security."},{"key":"e_1_3_2_2_62_1","volume-title":"Algorithms for enumerating all perfect, maximum and maximal matchings in bipartite graphs. Algorithms and Computation","author":"Uno Takeaki","year":"1997"},{"key":"e_1_3_2_2_63_1","unstructured":"Arjan van de Ven and Ingo Molnar. 2004. Exec shield. https:\/\/www.redhat.com\/ f\/pdf\/rhel\/WHP0006US_Execshield.pdf.  Arjan van de Ven and Ingo Molnar. 2004. Exec shield. https:\/\/www.redhat.com\/ f\/pdf\/rhel\/WHP0006US_Execshield.pdf."},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813673"},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134026"},{"key":"e_1_3_2_2_66_1","series-title":"0x0e (2001)","volume-title":"The advanced return-into-lib (c) exploits: PaX case study. Phrack Magazine","author":"Wojtczuk RN"},{"key":"e_1_3_2_2_67_1","volume-title":"Finding the k shortest loopless paths in a network. management Science 17, 11","author":"Yen Jin Y","year":"1971"}],"event":{"name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security","location":"Toronto Canada","acronym":"CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243739","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243739","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243739","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:57:32Z","timestamp":1750208252000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243739"}},"subtitle":["Automating Data-Only Attacks"],"short-title":[],"issued":{"date-parts":[[2018,10,15]]},"references-count":66,"alternative-id":["10.1145\/3243734.3243739","10.1145\/3243734"],"URL":"https:\/\/doi.org\/10.1145\/3243734.3243739","relation":{},"subject":[],"published":{"date-parts":[[2018,10,15]]},"assertion":[{"value":"2018-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}