{"id":"https://openalex.org/W4297099551","doi":"https://doi.org/10.1109/dsc54232.2022.9888796","title":"LAEG: Leak-based AEG using Dynamic Binary Analysis to Defeat ASLR","display_name":"LAEG: Leak-based AEG using Dynamic Binary Analysis to Defeat ASLR","publication_year":2022,"publication_date":"2022-06-22","ids":{"openalex":"https://openalex.org/W4297099551","doi":"https://doi.org/10.1109/dsc54232.2022.9888796"},"language":"en","primary_location":{"id":"doi:10.1109/dsc54232.2022.9888796","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dsc54232.2022.9888796","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037230872","display_name":"Wei-Loon Mow","orcid":null},"institutions":[{"id":"https://openalex.org/I16733864","display_name":"National Taiwan University","ror":"https://ror.org/05bqach95","country_code":"TW","type":"education","lineage":["https://openalex.org/I16733864"]}],"countries":["TW"],"is_corresponding":true,"raw_author_name":"Wei-Loon Mow","raw_affiliation_strings":["National Taiwan University,Taipei,Taiwan","National Taiwan University, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"National Taiwan University,Taipei,Taiwan","institution_ids":["https://openalex.org/I16733864"]},{"raw_affiliation_string":"National Taiwan University, Taipei, Taiwan","institution_ids":["https://openalex.org/I16733864"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016345761","display_name":"Shih-Kun Huang","orcid":"https://orcid.org/0000-0002-6766-4683"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Shih-Kun Huang","raw_affiliation_strings":["National Yang Ming Chiao Tung University,Hsinchu,Taiwan","National Yang Ming Chiao Tung University, Hsinchu, Taiwan"],"affiliations":[{"raw_affiliation_string":"National Yang Ming Chiao Tung University,Hsinchu,Taiwan","institution_ids":["https://openalex.org/I148366613"]},{"raw_affiliation_string":"National Yang Ming Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5031599880","display_name":"Hsu\u2010Chun Hsiao","orcid":"https://orcid.org/0000-0001-9592-6911"},"institutions":[{"id":"https://openalex.org/I16733864","display_name":"National Taiwan University","ror":"https://ror.org/05bqach95","country_code":"TW","type":"education","lineage":["https://openalex.org/I16733864"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Hsu-Chun Hsiao","raw_affiliation_strings":["National Taiwan University,Taipei,Taiwan","National Taiwan University, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"National Taiwan University,Taipei,Taiwan","institution_ids":["https://openalex.org/I16733864"]},{"raw_affiliation_string":"National Taiwan University, Taipei, Taiwan","institution_ids":["https://openalex.org/I16733864"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5037230872"],"corresponding_institution_ids":["https://openalex.org/I16733864"],"apc_list":null,"apc_paid":null,"fwci":1.3262,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.83627656,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9099694490432739},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8446649312973022},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5442606806755066},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5128193497657776},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3397457003593445},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3127429485321045},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2696720361709595}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9099694490432739},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8446649312973022},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5442606806755066},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5128193497657776},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3397457003593445},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3127429485321045},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2696720361709595}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/dsc54232.2022.9888796","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dsc54232.2022.9888796","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G229289081","display_name":null,"funder_award_id":"110-2628-E-002-002,111-2628-E-002-012","funder_id":"https://openalex.org/F4320322795","funder_display_name":"Ministry of Science and Technology, Taiwan"}],"funders":[{"id":"https://openalex.org/F4320322795","display_name":"Ministry of Science and Technology, Taiwan","ror":"https://ror.org/02kv4zf79"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1496222301","https://openalex.org/W1878544538","https://openalex.org/W2051990174","https://openalex.org/W2057698738","https://openalex.org/W2089448621","https://openalex.org/W2113864883","https://openalex.org/W2123436168","https://openalex.org/W2138788987","https://openalex.org/W2150990339","https://openalex.org/W2221660756","https://openalex.org/W2293825325","https://openalex.org/W2765363641","https://openalex.org/W2897668282","https://openalex.org/W2910090628","https://openalex.org/W2991598641","https://openalex.org/W3048197573","https://openalex.org/W3049735680","https://openalex.org/W3102754236","https://openalex.org/W3189644315","https://openalex.org/W4206122585","https://openalex.org/W6629841029","https://openalex.org/W6639560864","https://openalex.org/W6678302136","https://openalex.org/W6688892606","https://openalex.org/W6782130387","https://openalex.org/W6799764708"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W3048799479","https://openalex.org/W3006507989","https://openalex.org/W2779961139","https://openalex.org/W2763500028","https://openalex.org/W4240288358","https://openalex.org/W4240241597"],"abstract_inverted_index":{"Address":[0],"space":[1],"layout":[2],"randomization":[3],"(ASLR)":[4],"is":[5,183],"a":[6,12,121,137],"binary":[7,202],"protection":[8],"technique":[9],"that":[10,123,182,191,197],"randomizes":[11],"binary's":[13],"loaded":[14],"base":[15,127,160,170],"addresses":[16,128,171],"in":[17,43],"every":[18],"execution.":[19],"It":[20],"hardens":[21],"binaries":[22,95],"against":[23],"exploitation":[24],"by":[25,55,108,129],"preventing":[26],"attackers":[27],"from":[28,172],"reusing":[29],"identified":[30],"resources":[31],"(e.g.,":[32],"code":[33],"gadgets":[34],"or":[35,83],"stack":[36,212],"buffers":[37,174],"found":[38],"at":[39,133,233],"specific":[40],"memory":[41],"locations)":[42],"subsequent":[44],"executions.":[45],"As":[46],"most":[47],"modern":[48,98],"compilers":[49],"and":[50,90,116,150,154,175,211,226,230],"operating":[51,99],"systems":[52,76],"enable":[53],"ASLR":[54,68,82,207],"default,":[56],"an":[57,110,180,221],"effective":[58],"automated":[59],"exploit":[60,94,181,234],"generation":[61,235],"(AEG)":[62],"system":[63,122],"should":[64],"be":[65],"resilient":[66,184],"to":[67,145,158,178,185],"when":[69],"constructing":[70],"exploits.":[71],"However,":[72],"previ-ously":[73],"proposed":[74],"AEG":[75,112,119,223],"either":[77],"assume":[78],"the":[79,102,147,152,159],"absence":[80],"of":[81,104,201],"only":[84,206],"bypass":[85,198],"it":[86],"under":[87],"limited":[88],"circumstances,":[89],"thus":[91],"cannot":[92],"reliably":[93],"running":[96],"on":[97],"systems.":[100],"With":[101],"aim":[103],"improving":[105],"AEG's":[106],"practicality":[107],"developing":[109],"ASLR-resilient":[111],"system,":[113],"we":[114],"designed":[115],"implemented":[117],"leak-based":[118],"(LAEG),":[120],"can":[124,167],"recover":[125,169],"randomized":[126],"leaking":[130],"additional":[131],"information":[132],"runtime.":[134],"Specifically,":[135],"given":[136],"proof-of-crash":[138],"input,":[139],"LAEG":[140,166,192,216],"uses":[141],"dynamic":[142],"taint":[143],"analysis":[144],"analyze":[146],"black-box":[148],"binary,":[149],"identifies":[151],"input":[153],"output":[155],"states":[156],"relevant":[157],"address":[161],"information.":[162],"By":[163],"doing":[164],"so,":[165],"efficiently":[168],"uninitialized":[173],"use":[176],"them":[177],"construct":[179,195],"ASLR.":[186],"Moreover,":[187],"our":[188],"tests":[189],"established":[190],"could":[193],"successfully":[194],"exploits":[196],"state-of-the-art":[199],"types":[200],"protection,":[203],"including":[204],"not":[205],"but":[208],"PIE,":[209],"NX,":[210],"canary.":[213],"Besides":[214],"that,":[215],"exhibited":[217],"better":[218],"performance":[219],"than":[220,236],"open-source":[222],"solution,":[224],"Zeratool;":[225],"was":[227],"between":[228],"6.46x":[229],"45.15x":[231],"faster":[232],"human":[237],"experts":[238],"were.":[239]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}