{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:29:28Z","timestamp":1766449768587,"version":"3.41.0"},"reference-count":125,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2021,9,2]],"date-time":"2021-09-02T00:00:00Z","timestamp":1630540800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1929701"],"award-info":[{"award-number":["CNS-1929701"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2021,11,30]]},"abstract":"<jats:p>\n            Data-oriented attacks manipulate non-control data to alter a program\u2019s benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow defense mechanisms. However, these threats have not been adequately addressed. In this survey article, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and\n            <jats:bold>Block-Oriented Programming (BOP)<\/jats:bold>\n            attacks, to their assumptions\/requirements and attack capabilities. Then, we compare known defenses against these attacks, in terms of approach, detection capabilities, overhead, and compatibility. It is generally believed that control flows may not be useful for data-oriented security. However, data-oriented attacks (especially DOP attacks) may generate side effects on control-flow behaviors in multiple dimensions (i.e., incompatible branch behaviors and frequency anomalies). We also characterize control-flow anomalies caused by data-oriented attacks. In the end, we discuss challenges for building deployable data-oriented defenses and open research questions.\n          <\/jats:p>","DOI":"10.1145\/3462699","type":"journal-article","created":{"date-parts":[[2021,9,2]],"date-time":"2021-09-02T10:52:54Z","timestamp":1630579974000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Exploitation Techniques for Data-oriented Attacks with Existing and Potential Defense Approaches"],"prefix":"10.1145","volume":"24","author":[{"given":"Long","family":"Cheng","sequence":"first","affiliation":[{"name":"School of Computing, Clemson University, USA"}]},{"given":"Salman","family":"Ahmed","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Virginia Tech, USA"}]},{"given":"Hans","family":"Liljestrand","sequence":"additional","affiliation":[{"name":"David R. Cheriton School of Computer Science, University of Waterloo, Canada"}]},{"given":"Thomas","family":"Nyman","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Aalto University, Finland"}]},{"given":"Haipeng","family":"Cai","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computer Science, Washington State University, USA"}]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Pennsylvania State University, USA"}]},{"given":"N.","family":"Asokan","sequence":"additional","affiliation":[{"name":"David R. Cheriton School of Computer Science, University of Waterloo, Canada"}]},{"given":"Danfeng (Daphne)","family":"Yao","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Virginia Tech, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,9,2]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978358"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417248"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.30"},{"key":"e_1_2_1_5_1","unstructured":"Starr Andersen and Vincent Abella. 2004. Data Execution Prevention. Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 3: Memory Protection Technologies.  Starr Andersen and Vincent Abella. 2004. Data Execution Prevention. Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 3: Memory Protection Technologies."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660378"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.25"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_16"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_1"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813691"},{"key":"e_1_2_1_11_1","unstructured":"The Heartbleed Bug. 2020. Retrieved April 3 2020 from http:\/\/heartbleed.com.  The Heartbleed Bug. 2020. Retrieved April 3 2020 from http:\/\/heartbleed.com."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3054924"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831154"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/1298455.1298470"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053029"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251398.1251410"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857726"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134640"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2906161"},{"key":"e_1_2_1_22_1","volume-title":"Simplex: Repurposing Intel memory protection extensions for information hiding. arxiv:2009.06490 [cs.CR].","author":"Cole Matthew","year":"2020","unstructured":"Matthew Cole and Aravind Prakash . 2020 . Simplex: Repurposing Intel memory protection extensions for information hiding. arxiv:2009.06490 [cs.CR]. Retrieved from https:\/\/arxiv.org\/abs\/2009.06490. Matthew Cole and Aravind Prakash. 2020. Simplex: Repurposing Intel memory protection extensions for information hiding. arxiv:2009.06490 [cs.CR]. Retrieved from https:\/\/arxiv.org\/abs\/2009.06490."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2016-0050"},{"volume-title":"Introduction to Algorithms","author":"Cormen Thomas H.","key":"e_1_2_1_24_1","unstructured":"Thomas H. Cormen , Charles E. Leiserson , Ronald L. Rivest , and Clifford Stein . 2009. Introduction to Algorithms . MIT Press . Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. 2009. Introduction to Algorithms. MIT Press."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267549.1267554"},{"key":"e_1_2_1_26_1","first-page":"752","article-title":"PointGuard: Method and System for Protecting Programs Against Pointer Corruption Attacks","volume":"7","author":"Cowan Stanley Crispin","year":"2010","unstructured":"Stanley Crispin Cowan , Seth Richard Arnold , Steven Michael Beattie , and Perry Michael Wagle . 2010 . PointGuard: Method and System for Protecting Programs Against Pointer Corruption Attacks . US Patent 7 , 752 ,459. Stanley Crispin Cowan, Seth Richard Arnold, Steven Michael Beattie, and Perry Michael Wagle. 2010. PointGuard: Method and System for Protecting Programs Against Pointer Corruption Attacks. US Patent 7,752,459.","journal-title":"US Patent"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.52"},{"key":"e_1_2_1_28_1","unstructured":"Cyclone. 2002. Retrieved August 12 2019 from http:\/\/cyclone.thelanguage.org\/.  Cyclone. 2002. Retrieved August 12 2019 from http:\/\/cyclone.thelanguage.org\/."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23421"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23262"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/1792734.1792766"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1353536.1346295"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241201"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892212"},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917)","author":"Duck Gregory J.","key":"e_1_2_1_35_1","unstructured":"Gregory J. Duck , Roland H. C. Yap , and Lorenzo Cavallaro. 2017. Stack bounds protection with low fat pointers .. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917) . Gregory J. Duck, Roland H. C. Yap, and Lorenzo Cavallaro. 2017. Stack bounds protection with low fat pointers.. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917)."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/1298455.1298463"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.53"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/279361.279368"},{"key":"e_1_2_1_40_1","unstructured":"TIOBE Index for November. 2020. Retrieved November 30 2020 from https:\/\/www.tiobe.com\/tiobe-index\/.  TIOBE Index for November. 2020. Retrieved November 30 2020 from https:\/\/www.tiobe.com\/tiobe-index\/."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455775"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3093337.3037716"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345665"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/2362793.2362833"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029830"},{"key":"e_1_2_1_46_1","unstructured":"Hardware-assisted AddressSanitizer. 2017. Retrieved March 31 2019 from https:\/\/clang.llvm.org\/docs\/HardwareAssistedAddressSanitizerDesign.html.  Hardware-assisted AddressSanitizer. 2017. Retrieved March 31 2019 from https:\/\/clang.llvm.org\/docs\/HardwareAssistedAddressSanitizerDesign.html."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.39"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2013.6494997"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831155"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243797"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.62"},{"volume-title":"Retrieved","year":"2019","key":"e_1_2_1_52_1","unstructured":"Intel. 2019 . Control-flow Enforcement Technology Preview . Retrieved March 24, 2020 from https:\/\/software.intel.com\/sites\/default\/files\/ managed\/4d\/2a\/control-flow-enforcement-technology-preview.pdf. Intel. 2019. Control-flow Enforcement Technology Preview. Retrieved March 24, 2020 from https:\/\/software.intel.com\/sites\/default\/files\/ managed\/4d\/2a\/control-flow-enforcement-technology-preview.pdf."},{"key":"e_1_2_1_53_1","unstructured":"Introduction to Intel\u00ae Memory Protection Extensions. 2013. Retrieved March 24 2020 from https:\/\/software.intel.com\/content\/www\/us\/en\/dev elop\/articles\/introduction-to-intel-memory-protection-extensions.html.  Introduction to Intel\u00ae Memory Protection Extensions. 2013. Retrieved March 24 2020 from https:\/\/software.intel.com\/content\/www\/us\/en\/dev elop\/articles\/introduction-to-intel-memory-protection-extensions.html."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243739"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978414"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.9"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00029"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064192"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.5555\/2685048.2685061"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3129743.3129748"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516713"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.25"},{"key":"e_1_2_1_63_1","volume-title":"Retrieved","author":"PKT.","year":"2004","unstructured":"LBNL-FTP- PKT. 2004 . Anonymous FTP connections dataset at the Lawrence Berkeley National Laboratory . Retrieved March 25, 2020 from https:\/\/ee.lbl.gov\/anonymized-traces.html. LBNL-FTP-PKT. 2004. Anonymous FTP connections dataset at the Lawrence Berkeley National Laboratory. Retrieved March 25, 2020 from https:\/\/ee.lbl.gov\/anonymized-traces.html."},{"key":"e_1_2_1_64_1","unstructured":"Intel(R) Processor Trace Decoder Library. 2013. Retrieved April 3 2020 from https:\/\/github.com\/intel\/libipt.  Intel(R) Processor Trace Decoder Library. 2013. Retrieved April 3 2020 from https:\/\/github.com\/intel\/libipt."},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.5555\/3361338.3361352"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3203422.3203433"},{"volume-title":"Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA\u201917)","author":"Liu Y.","key":"e_1_2_1_67_1","unstructured":"Y. Liu , P. Shi , X. Wang , H. Chen , B. Zang , and H. Guan . 2017. Transparent and efficient CFI enforcement with intel processor trace . In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA\u201917) . 529\u2013540. Y. Liu, P. Shi, X. Wang, H. Chen, B. Zang, and H. Guan. 2017. Transparent and efficient CFI enforcement with intel processor trace. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA\u201917). 529\u2013540."},{"key":"e_1_2_1_68_1","volume-title":"Retrieved","author":"LLVM.","year":"2003","unstructured":"LLVM. 2003 . The LLVM Compiler Infrastructure . Retrieved April 25, 2020 http:\/\/llvm.org\/. LLVM. 2003. The LLVM Compiler Infrastructure. Retrieved April 25, 2020 http:\/\/llvm.org\/."},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813694"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453155"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043568"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.4666"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00020"},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/1543135.1542504"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/565816.503286"},{"key":"e_1_2_1_76_1","first-page":"2006","volume-title":"Retrieved","author":"National Vulnerability Database (NVD).","year":"2006","unstructured":"National Vulnerability Database (NVD). 2006 . ProFTPD Remote Exploit . Retrieved March 25, 2020 http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE- 2006 - 5815 . National Vulnerability Database (NVD). 2006. ProFTPD Remote Exploit. Retrieved March 25, 2020 http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006-5815."},{"key":"e_1_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3316781.3317836"},{"key":"e_1_2_1_78_1","first-page":"1","article-title":"Intel MPX explained: A cross-layer analysis of the intel MPX system stack","volume":"46","author":"Oleksenko Oleksii","year":"2018","unstructured":"Oleksii Oleksenko , Dmitrii Kuvaiskii , Pramod Bhatotia , Pascal Felber , and Christof Fetzer . 2018 . Intel MPX explained: A cross-layer analysis of the intel MPX system stack . SIGMETRICS Perform. Eval. Rev. 46 , 1 (Jun. 2018), 111\u2013112. Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2018. Intel MPX explained: A cross-layer analysis of the intel MPX system stack. SIGMETRICS Perform. Eval. Rev. 46, 1 (Jun. 2018), 111\u2013112.","journal-title":"SIGMETRICS Perform. Eval. Rev."},{"key":"e_1_2_1_79_1","first-page":"49","article-title":"Smashing the stack for fun and profit","volume":"7","author":"One Aleph","year":"1996","unstructured":"Aleph One . 1996 . Smashing the stack for fun and profit . Phrack 7 , 49 (Nov. 1996). Aleph One. 1996. Smashing the stack for fun and profit. Phrack 7, 49 (Nov. 1996).","journal-title":"Phrack"},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_8"},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.5555\/645529.657808"},{"key":"e_1_2_1_82_1","volume-title":"return-to-libc","author":"Peslyak Alexander","year":"1997","unstructured":"Alexander Peslyak . 1997. \u201c return-to-libc \u201d attack. Bugtraq (Aug . 1997 ). Alexander Peslyak. 1997. \u201creturn-to-libc\u201d attack. Bugtraq (Aug. 1997)."},{"volume-title":"Proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P\u201919)","author":"Pewny J.","key":"e_1_2_1_83_1","unstructured":"J. Pewny , P. Koppe , and T. Holz . 2019. STEROIDS for DOPed Applications: A compiler for automated data-oriented programming . In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P\u201919) . 111\u2013126. J. Pewny, P. Koppe, and T. Holz. 2019. STEROIDS for DOPed Applications: A compiler for automated data-oriented programming. In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P\u201919). 111\u2013126."},{"key":"e_1_2_1_84_1","unstructured":"Qualcomm Technologies Inc.2017. Pointer Authentication on ARMv8.3. Retrieved from https:\/\/www.qualcomm.com\/media\/documents\/files\/whitepaper-pointer-authentication-on-armv8-3.pdf.  Qualcomm Technologies Inc.2017. Pointer Authentication on ARMv8.3. Retrieved from https:\/\/www.qualcomm.com\/media\/documents\/files\/whitepaper-pointer-authentication-on-armv8-3.pdf."},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384757"},{"key":"e_1_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1985.232226"},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.39"},{"key":"e_1_2_1_89_1","unstructured":"SAFE Secure Computing Platform. 2019. Retrieved August 12 2019 from http:\/\/www.crash-safe.org\/.  SAFE Secure Computing Platform. 2019. Retrieved August 12 2019 from http:\/\/www.crash-safe.org\/."},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-140502"},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028092"},{"key":"e_1_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417234"},{"key":"e_1_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660309"},{"key":"e_1_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.5555\/2342821.2342849"},{"key":"e_1_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813654"},{"key":"e_1_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1145\/3105761"},{"key":"e_1_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1145\/3105761"},{"key":"e_1_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2018.00056"},{"key":"e_1_2_1_100_1","volume-title":"Retrieved","author":"SIR.","year":"2006","unstructured":"SIR. 2006 . Software-artifact Infrastructure Repository . Retrieved April 25, 2020 from http:\/\/sir.unl.edu\/. SIR. 2006. Software-artifact Infrastructure Repository. Retrieved April 25, 2020 from http:\/\/sir.unl.edu\/."},{"key":"e_1_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"e_1_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.9"},{"key":"e_1_2_1_103_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00010"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP\u201920)","author":"Sun Z.","key":"e_1_2_1_104_1","unstructured":"Z. Sun , B. Feng , L. Lu , and S. Jha . 2020. OAT: Attesting operation integrity of embedded devices . In Proceedings of the IEEE Symposium on Security and Privacy (SP\u201920) . 1433\u20131449. Z. Sun, B. Feng, L. Lu, and S. Jha. 2020. OAT: Attesting operation integrity of embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy (SP\u201920). 1433\u20131449."},{"key":"e_1_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"e_1_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813685"},{"key":"e_1_2_1_107_1","volume-title":"Retrieved","author":"Team X","year":"2003","unstructured":"Pa X Team . 2003 . PaX address space layout randomization (ASLR) . Retrieved July 27, 2021 from https:\/\/pax.grsecurity.net\/docs\/aslr.txt. PaX Team. 2003. PaX address space layout randomization (ASLR). Retrieved July 27, 2021 from https:\/\/pax.grsecurity.net\/docs\/aslr.txt."},{"key":"e_1_2_1_108_1","unstructured":"Testing Exploitable Buffer Overflows From Open Source Code. 2018. Retrieved January 8 2018 from https:\/\/samate.nist.gov\/SRD\/view.php?tsID=88.  Testing Exploitable Buffer Overflows From Open Source Code. 2018. Retrieved January 8 2018 from https:\/\/samate.nist.gov\/SRD\/view.php?tsID=88."},{"key":"e_1_2_1_109_1","unstructured":"The Rust Programming Language. 2019. Retrieved August 12 2019 from https:\/\/www.rust-lang.org\/.  The Rust Programming Language. 2019. Retrieved August 12 2019 from https:\/\/www.rust-lang.org\/."},{"key":"e_1_2_1_110_1","doi-asserted-by":"publisher","DOI":"10.1145\/2948618.2948620"},{"key":"e_1_2_1_111_1","volume-title":"Workshop on Foundations of Computer Security","author":"Tsampas Stylianos","year":"2017","unstructured":"Stylianos Tsampas , Akram El-Korashy , Marco Patrignani , Dominique Devriese , Deepak Garg , and Frank Piessens . 2017 . Towards automatic compartmentalization of C programs on capability machines . In Workshop on Foundations of Computer Security 2017. 1\u201314. Stylianos Tsampas, Akram El-Korashy, Marco Patrignani, Dominique Devriese, Deepak Garg, and Frank Piessens. 2017. Towards automatic compartmentalization of C programs on capability machines. In Workshop on Foundations of Computer Security 2017. 1\u201314."},{"key":"e_1_2_1_112_1","volume-title":"Retrieved","author":"Vanegue Julien","year":"2013","unstructured":"Julien Vanegue . 2013 . The Automated Exploitation Grand Challenge . Retrieved February 12, 2020 from https:\/\/openwall.info\/wiki\/_media\/people\/jvaneg ue\/files\/aegc_vanegue.pdf. Julien Vanegue. 2013. The Automated Exploitation Grand Challenge. Retrieved February 12, 2020 from https:\/\/openwall.info\/wiki\/_media\/people\/jvaneg ue\/files\/aegc_vanegue.pdf."},{"key":"e_1_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.5555\/2685048.2685061"},{"key":"e_1_2_1_114_1","doi-asserted-by":"publisher","DOI":"10.1145\/173668.168635"},{"key":"e_1_2_1_115_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382216"},{"key":"e_1_2_1_116_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.9"},{"key":"e_1_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.5555\/3026877.3026906"},{"key":"e_1_2_1_118_1","doi-asserted-by":"publisher","DOI":"10.1145\/2678373.2665740"},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-28865-9_8"},{"key":"e_1_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.5555\/3173114"},{"key":"e_1_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.2200\/S00800ED1V01Y201709SPT022"},{"key":"e_1_2_1_122_1","doi-asserted-by":"publisher","DOI":"10.1145\/949952.940113"},{"key":"e_1_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.44"},{"key":"e_1_2_1_124_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.01.002"},{"key":"e_1_2_1_125_1","doi-asserted-by":"publisher","DOI":"10.5555\/2534766.2534796"},{"key":"e_1_2_1_126_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2006.48"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3462699","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3462699","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3462699","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:19:03Z","timestamp":1750191543000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3462699"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,2]]},"references-count":125,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,11,30]]}},"alternative-id":["10.1145\/3462699"],"URL":"https:\/\/doi.org\/10.1145\/3462699","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2021,9,2]]},"assertion":[{"value":"2020-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-09-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}