{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:28:32Z","timestamp":1750220912864,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1704253"],"award-info":[{"award-number":["CNS-1704253"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["HR001118C0060, FA8750-19-C-000"],"award-info":[{"award-number":["HR001118C0060, FA8750-19-C-000"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359820","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"190-202","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Sleak"],"prefix":"10.1145","author":[{"given":"Christophe","family":"Hauser","sequence":"first","affiliation":[{"name":"University of Southern California"}]},{"given":"Jayakrishna","family":"Menon","sequence":"additional","affiliation":[{"name":"Arizona State University"}]},{"given":"Yan","family":"Shoshitaishvili","sequence":"additional","affiliation":[{"name":"Arizona State University"}]},{"given":"Ruoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Arizona State University"}]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Angr a binary analysis framework. http:\/\/angr.io.  Angr a binary analysis framework. http:\/\/angr.io."},{"key":"e_1_3_2_1_2_1","unstructured":"CQUAL A tool for adding type qualifiers to C. http:\/\/www.cs.umd.edu\/jfoster\/cqual\/.  CQUAL A tool for adding type qualifiers to C. http:\/\/www.cs.umd.edu\/jfoster\/cqual\/."},{"key":"e_1_3_2_1_3_1","unstructured":"OpenBSD's W^X. http:\/\/www.openbsd.org\/papers\/bsdcan04\/mgp00005.txt.  OpenBSD's W^X. http:\/\/www.openbsd.org\/papers\/bsdcan04\/mgp00005.txt."},{"key":"e_1_3_2_1_4_1","unstructured":"The PAX Team. https:\/\/pax.grsecurity.net.  The PAX Team. https:\/\/pax.grsecurity.net."},{"key":"e_1_3_2_1_5_1","volume-title":"Compilers: Principles, Techniques, and Tools (2Nd Edition)","author":"Aho A. V.","year":"2006","unstructured":"A. V. Aho , M. S. Lam , R. Sethi , and J. D. Ullman . Compilers: Principles, Techniques, and Tools (2Nd Edition) . Addison-Wesley Longman Publishing Co., Inc. , Boston, MA, USA , 2006 . A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools (2Nd Edition). Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2006."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/978-3-642-23082-0_8","volume-title":"Foundations of security analysis and design vi","author":"Alvim M. S.","year":"2011","unstructured":"M. S. Alvim , M. E. Andr\u00e9s , K. Chatzikokolakis , and C. Palamidessi . Foundations of security analysis and design vi . chapter Quantitative Information Flow and Applications to Differential Privacy, pages 211 -- 230 . Springer-Verlag , Berlin, Heidelberg , 2011 . M. S. Alvim, M. E. Andr\u00e9s, K. Chatzikokolakis, and C. Palamidessi. Foundations of security analysis and design vi. chapter Quantitative Information Flow and Applications to Differential Privacy, pages 211--230. Springer-Verlag, Berlin, Heidelberg, 2011."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568293"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.18"},{"key":"e_1_3_2_1_9_1","first-page":"845","volume-title":"Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14","author":"Bao T.","year":"2014","unstructured":"T. Bao , J. Burket , M. Woo , R. Turner , and D. Brumley . Byteweight: Learning to recognize functions in binary code . In Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14 , pages 845 -- 860 , Berkeley, CA, USA , 2014 . USENIX Association. T. Bao, J. Burket, M. Woo, R. Turner, and D. Brumley. Byteweight: Learning to recognize functions in binary code. In Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14, pages 845--860, Berkeley, CA, USA, 2014. USENIX Association."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.22"},{"key":"e_1_3_2_1_11_1","first-page":"209","volume-title":"OSDI","volume":"8","author":"Cadar C.","year":"2008","unstructured":"C. Cadar , D. Dunbar , D. R. Engler , : Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs . In OSDI , volume 8 , pages 209 -- 224 , 2008 . C. Cadar, D. Dunbar, D. R. Engler, et al. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In OSDI, volume 8, pages 209--224, 2008."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.66"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755932"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2248487.1950396"},{"key":"e_1_3_2_1_15_1","first-page":"5","volume-title":"Proceedings of the 7th Conference on USENIX Security Symposium -","volume":"7","author":"Cowan C.","year":"1998","unstructured":"C. Cowan , C. Pu , D. Maier , H. Hintony , J. Walpole , P. Bakke , S. Beattie , A. Grier , P. Wagle , and Q. Zhang . Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks . In Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7 , SSYM'98, pages 5 -- 5 , Berkeley, CA, USA , 1998 . USENIX Association. C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7, SSYM'98, pages 5--5, Berkeley, CA, USA, 1998. USENIX Association."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3192366.3192388"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2093548.2093564"},{"key":"e_1_3_2_1_19_1","first-page":"5","volume-title":"Proceedings of the 7th USENIX Conference on Cyber Security Experimentation and Test, CSET'14","author":"Herlands W.","year":"2014","unstructured":"W. Herlands , T. Hobson , and P. J. Donovan . Effective entropy: Security-centric metric for memory randomization techniques . In Proceedings of the 7th USENIX Conference on Cyber Security Experimentation and Test, CSET'14 , pages 5 -- 5 , Berkeley, CA, USA , 2014 . USENIX Association. W. Herlands, T. Hobson, and P. J. Donovan. Effective entropy: Security-centric metric for memory randomization techniques. In Proceedings of the 7th USENIX Conference on Cyber Security Experimentation and Test, CSET'14, pages 5--5, Berkeley, CA, USA, 2014. USENIX Association."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2024569.2024571"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134062"},{"key":"e_1_3_2_1_22_1","first-page":"9","volume-title":"Proceedings of the 13th Conference on USENIX Security Symposium -","volume":"13","author":"Johnson R.","year":"2004","unstructured":"R. Johnson and D. Wagner . Finding user\/kernel pointer bugs with type inference . In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 , SSYM'04, pages 9 -- 9 , Berkeley, CA, USA , 2004 . USENIX Association. R. Johnson and D. Wagner. Finding user\/kernel pointer bugs with type inference. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 9--9, Berkeley, CA, USA, 2004. USENIX Association."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855840.1855852"},{"key":"e_1_3_2_1_24_1","first-page":"81","volume-title":"USENIX Security Symposium","author":"Lee B.","year":"2015","unstructured":"B. Lee , C. Song , T. Kim , and W. Lee . Type casting verification: Stopping an emerging attack vector . In USENIX Security Symposium , pages 81 -- 96 , 2015 . B. Lee, C. Song, T. Kim, and W. Lee. Type casting verification: Stopping an emerging attack vector. In USENIX Security Symposium, pages 81--96, 2015."},{"key":"e_1_3_2_1_25_1","first-page":"2016","article-title":"Marco-Gisbert and smael Ripoll-Ripoll. Exploiting linux and pax aslr's weaknesses on 32- and 64-bit systems","author":"H","year":"2016","unstructured":"H . Marco-Gisbert and smael Ripoll-Ripoll. Exploiting linux and pax aslr's weaknesses on 32- and 64-bit systems . In Blakhat Asia 2016 , 2016 . H. Marco-Gisbert and smael Ripoll-Ripoll. Exploiting linux and pax aslr's weaknesses on 32- and 64-bit systems. In Blakhat Asia 2016, 2016.","journal-title":"Blakhat Asia"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699098"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-07995-0_32"},{"key":"e_1_3_2_1_28_1","first-page":"49","volume-title":"USENIX Security Symposium","author":"Ramos D. A.","year":"2015","unstructured":"D. A. Ramos and D. R. Engler . Under-constrained symbolic execution: Correctness checking for real code . In USENIX Security Symposium , pages 49 -- 64 , 2015 . D. A. Ramos and D. R. Engler. Under-constrained symbolic execution: Correctness checking for real code. In USENIX Security Symposium, pages 49--64, 2015."},{"key":"e_1_3_2_1_29_1","volume-title":"26th USENIX Security Symposium","author":"Redini N.","year":"2017","unstructured":"N. Redini , A. Machiry , D. Das , Y. Fratantonio , A. Bianchi , E. Gustafson , Y. Shoshitaishvili , C. Kruegel , and G. Vigna . Bootstomp: on the security of bootloaders in mobile devices . In 26th USENIX Security Symposium , 2017 . N. Redini, A. Machiry, D. Das, Y. Fratantonio, A. Bianchi, E. Gustafson, Y. Shoshitaishvili, C. Kruegel, and G. Vigna. Bootstomp: on the security of bootloaders in mobile devices. In 26th USENIX Security Symposium, 2017."},{"key":"e_1_3_2_1_30_1","volume-title":"Cryptography and Data Security","author":"Robling Denning D. E.","year":"1982","unstructured":"D. E. Robling Denning . Cryptography and Data Security . Addison-Wesley Longman Publishing Co., Inc. , Boston, MA, USA , 1982 . D. E. Robling Denning. Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1982."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660309"},{"key":"e_1_3_2_1_33_1","first-page":"309","volume-title":"USENIX Annual Technical Conference","author":"Serebryany K.","year":"2012","unstructured":"K. Serebryany , D. Bruening , A. Potapenko , and D. Vyukov . Addresssanitizer: A fast address sanity checker . In USENIX Annual Technical Conference , pages 309 -- 318 , 2012 . K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. Addresssanitizer: A fast address sanity checker. In USENIX Annual Technical Conference, pages 309--318, 2012."},{"key":"e_1_3_2_1_34_1","volume-title":"Black Hat USA","author":"Serna F. J.","year":"2012","unstructured":"F. J. Serna . The info leak era on software exploitation . Black Hat USA , 2012 . F. J. Serna. The info leak era on software exploitation. Black Hat USA, 2012."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_3_2_1_37_1","volume-title":"Firmalice - automatic detection of authentication bypass vulnerabilities in binary firmware","author":"Shoshitaishvili Y.","year":"2015","unstructured":"Y. Shoshitaishvili , R. Wang , C. Hauser , C. Kruegel , and G. Vigna . Firmalice - automatic detection of authentication bypass vulnerabilities in binary firmware . 2015 . Y. Shoshitaishvili, R. Wang, C. Hauser, C. Kruegel, and G. Vigna. Firmalice - automatic detection of authentication bypass vulnerabilities in binary firmware. 2015."},{"key":"e_1_3_2_1_38_1","unstructured":"G. Smith. On the foundations of quantitative information flow. In Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held As Part of the Joint European Conferences on Theory and Practice of Software ETAPS 2009 FOSSACS '09 pages 288--302 Berlin Heidelberg 2009. Springer-Verlag.  G. Smith. On the foundations of quantitative information flow. In Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held As Part of the Joint European Conferences on Theory and Practice of Software ETAPS 2009 FOSSACS '09 pages 288--302 Berlin Heidelberg 2009. Springer-Verlag."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519144.1519145"},{"key":"e_1_3_2_1_41_1","volume-title":"David Brumley. AEG: Automatic Exploit Generation. In Proceedings of the network and Distributed System Security Symposium","author":"Avgerinos Thanassis","year":"2011","unstructured":"Thanassis Avgerinos , Sang Kil Cha , Brent Lim Tze Hao , and David Brumley. AEG: Automatic Exploit Generation. In Proceedings of the network and Distributed System Security Symposium , Feb. 2011 . Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley. AEG: Automatic Exploit Generation. In Proceedings of the network and Distributed System Security Symposium, Feb. 2011."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/11688839_3"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_7"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","acronym":"ACSAC '19","location":"San Juan Puerto Rico USA"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359820","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359820","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359820","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:45:04Z","timestamp":1750203904000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359820"}},"subtitle":["automating address space layout derandomization"],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":44,"alternative-id":["10.1145\/3359789.3359820","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359820","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}