{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,26]],"date-time":"2025-09-26T00:20:36Z","timestamp":1758846036897,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,8,25]]},"DOI":"10.1145\/3709017.3737707","type":"proceedings-article","created":{"date-parts":[[2025,7,15]],"date-time":"2025-07-15T16:18:38Z","timestamp":1752596318000},"page":"31-42","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Adaptive Code Relocation: Mitigating Remote Brute-Force Code Gadgets in Small IoT Devices"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0272-3010","authenticated-orcid":false,"given":"Phi Tuong","family":"Lau","sequence":"first","affiliation":[{"name":"Vietnam"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3608-874X","authenticated-orcid":false,"given":"Stefan","family":"Katzenbeisser","sequence":"additional","affiliation":[{"name":"Computer Science and Mathematics, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,8,25]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-021-0342-8"},{"key":"e_1_3_2_1_2_1","first-page":"227","article-title":"Hacking blind","author":"Bittau A.","year":"2014","unstructured":"A. Bittau, A. Belay, A. Mashtizadeh, D. Mazi\u00e8res, and D. Boneh, \"Hacking blind,\" IEEE Symposium on Security and Privacy, pp. 227--242, 2014.","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_3_2_1_4_1","first-page":"385","article-title":"ROP is still dangerous: Breaking modern defenses","author":"Carlini D.","year":"2014","unstructured":"N. Carlini and D. Wagner, \"ROP is still dangerous: Breaking modern defenses,\" 23rd USENIX Security Symposium, pp. 385--399, 2014.","journal-title":"23rd USENIX Security Symposium"},{"key":"e_1_3_2_1_5_1","first-page":"243","article-title":"Framing signals---a return to portable shellcode","author":"Bosman H.","year":"2014","unstructured":"E. Bosman and H. Bos, \"Framing signals---a return to portable shellcode,\" IEEE Symposium on Security and Privacy, pp. 243--258, 2014.","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"e_1_3_2_1_6_1","first-page":"26","article-title":"ASLR on the line: practical cache attacks on the MMU","author":"Gras K.","year":"2017","unstructured":"B. Gras, K. Razavi, E. Bosman, H. Bos, and C. Giuffrida, \"ASLR on the line: practical cache attacks on the MMU,\" NDSS, p. 26, 2017.","journal-title":"NDSS"},{"key":"e_1_3_2_1_7_1","first-page":"247","article-title":"Exploiting memory corruption vulnerabilities in connman for IoT devices","author":"English I.","year":"2019","unstructured":"K. V. English, I. Obaidat, and M. Sridhar, \"Exploiting memory corruption vulnerabilities in connman for IoT devices,\" IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 247--255, 2019.","journal-title":"IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297280.3297472"},{"key":"e_1_3_2_1_9_1","first-page":"377","article-title":"Execution at RISC: stealth JOP attacks on RISC-V applications","author":"Buckwell O.","year":"2023","unstructured":"L. Buckwell, O. Gilles, D. G. P\u00e9rez, and N. Kosmatov, \"Execution at RISC: stealth JOP attacks on RISC-V applications,\" European Symposium on Research in Computer Security, pp. 377--391, 2023.","journal-title":"European Symposium on Research in Computer Security"},{"key":"e_1_3_2_1_10_1","first-page":"574","article-title":"Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization","author":"Snow F.","year":"2013","unstructured":"K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A. R. Sadeghi, \"Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization,\" IEEE Symposium on Security and Privacy, pp. 574--588, 2013.","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"e_1_3_2_1_11_1","first-page":"226","volume-title":"Verification and Validation Workshops (ICSTW)","author":"Lau P.T.","year":"2025","unstructured":"Lau, P.T. and Katzenbeisser, S., \"A protocol fuzzing framework to detect remotely exploitable vulnerabilities in iot nodes,\" IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), pp. 226--234, 2025."},{"key":"e_1_3_2_1_12_1","unstructured":"J. Salwan \"ROPgadget\" https:\/\/github.com\/JonathanSalwan\/ROPgadget."},{"key":"e_1_3_2_1_13_1","first-page":"424","article-title":"From zygote to morula: fortifying weakened ASLR on android","author":"Lee L.","year":"2014","unstructured":"B. Lee, L. Lu, T. Wang, T. Kim, and W. Lee, \"From zygote to morula: fortifying weakened ASLR on android,\" IEEE Symposium on Security and Privacy (SP), pp. 424--439, 2014.","journal-title":"IEEE Symposium on Security and Privacy (SP)"},{"key":"e_1_3_2_1_14_1","first-page":"350","volume-title":"SSCC","author":"Parikh P.","year":"2017","unstructured":"V. Parikh and P. Mateti, \"ASLR and ROP attack mitigations for ARM-based Android devices,\" Security in Computing and Communications: 5th International Symposium, SSCC, pp. 350--363, 2017."},{"key":"e_1_3_2_1_15_1","first-page":"457","volume-title":"RAID","author":"Sun J. C.","year":"2016","unstructured":"M. Sun, J. C. Lui, and Y. Zhou, \"Blender: self-randomizing address space layout for android apps,\" Research in Attacks, Intrusions, and Defenses: 19th International Symposium, RAID, pp. 457--480, 2016."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507779"},{"key":"e_1_3_2_1_17_1","volume-title":"How to make ASLR win the clone wars: runtime re-randomization,\" NDSS","author":"Lu W.","year":"2016","unstructured":"K. Lu, W. Lee, S. N\u00fcrnberger, and M. Backes, \"How to make ASLR win the clone wars: runtime re-randomization,\" NDSS, 2016."},{"key":"e_1_3_2_1_18_1","first-page":"574","article-title":"Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization","author":"Snow F.","year":"2013","unstructured":"K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A. R. Sadeghi, \"Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization,\" IEEE Symposium on Security and Privacy, pp. 574--588, 2013.","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"e_1_3_2_1_19_1","volume-title":"R5Detect: Detecting control-flow attacks from standard RISC-V enclaves,\" arXiv preprint arXiv:2404.03771","author":"Bove L.","year":"2024","unstructured":"D. Bove and L. Panzer, \"R5Detect: Detecting control-flow attacks from standard RISC-V enclaves,\" arXiv preprint arXiv:2404.03771, 2024."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.3390\/app9142928"},{"issue":"8","key":"e_1_3_2_1_21_1","first-page":"1280","article-title":"ROPecker: A generic and practical approach for defending against ROP attack","volume":"9","author":"Cheng Z.","year":"2014","unstructured":"Y. Cheng, Z. Zhou, Y. Miao, X. Ding, and R. H. Deng, \"ROPecker: A generic and practical approach for defending against ROP attack,\" IEEE Transactions on Information Forensics and Security, vol. 9, no. 8, pp. 1280--1293, 2014.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507779"},{"key":"e_1_3_2_1_23_1","first-page":"461","volume-title":"Compiler-assisted code randomization,\" IEEE symposium on security and privacy (SP)","author":"Koo H.","year":"2018","unstructured":"Koo, H., Chen, Y., Lu, L., Kemerlis, V.P. and Polychronakis, M., \"Compiler-assisted code randomization,\" IEEE symposium on security and privacy (SP), pp. 461--477, 2018."},{"key":"e_1_3_2_1_24_1","first-page":"520","article-title":"HARM: Hardware-assisted continuous re-randomization for microcontrollers","author":"Shi J.","year":"2022","unstructured":"Shi, J., Guan, L., Li, W., Zhang, D., Chen, P. and Zhang, N., \"HARM: Hardware-assisted continuous re-randomization for microcontrollers,\" IEEE 7th European Symposium on Security and Privacy (EuroSP), pp. 520--536, 2022.","journal-title":"IEEE 7th European Symposium on Security and Privacy (EuroSP)"},{"key":"e_1_3_2_1_25_1","first-page":"58","volume-title":"DIMVA","author":"Pastrana J.","year":"2016","unstructured":"S. Pastrana, J. Tapiador, G. Suarez-Tangil, and P. Peris-L\u00f3pez, \"Avrand: a software-based defense against code reuse attacks for AVR embedded devices,\" Detection of Intrusions and Malware, and Vulnerability Assessment: 13th International Conference, DIMVA, pp. 58--77, 2016."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2022.3190374"},{"key":"e_1_3_2_1_27_1","first-page":"1","article-title":"Microguard: securing bare-metal microcontrollers against code-reuse attacks","author":"Salehi D.","year":"2019","unstructured":"M. Salehi, D. Hughes, and B. Crispo, \"Microguard: securing bare-metal microcontrollers against code-reuse attacks,\" IEEE Conference on Dependable and Secure Computing(DSC), pp. 1--8, 2019.","journal-title":"IEEE Conference on Dependable and Secure Computing(DSC)"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2025.104342"},{"key":"e_1_3_2_1_29_1","unstructured":"https:\/\/www.ti.com\/about-ti\/newsroom\/news-releases\/2025\/2025-03-11-ti-introduces-the-world-s-smallest-mcu-enabling-innovation-in-the-tiniest-of-applications.html"},{"key":"e_1_3_2_1_30_1","first-page":"214","article-title":"Firmware-based dos attacks in wireless sensor network","author":"Lau P.T.","year":"2023","unstructured":"Lau, P.T. and Katzenbeisser, S., \"Firmware-based dos attacks in wireless sensor network,\" 6th International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT), pp. 214--232, 2023.","journal-title":"6th International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT)"}],"event":{"name":"ASIA CCS '25: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Hanoi Vietnam","acronym":"ASIA CCS '25"},"container-title":["Proceedings of the 11th ACM Cyber-Physical System Security Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3709017.3737707","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T16:20:34Z","timestamp":1758817234000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3709017.3737707"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,25]]},"references-count":30,"alternative-id":["10.1145\/3709017.3737707","10.1145\/3709017"],"URL":"https:\/\/doi.org\/10.1145\/3709017.3737707","relation":{},"subject":[],"published":{"date-parts":[[2025,8,25]]},"assertion":[{"value":"2025-08-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}