{"id":"https://openalex.org/W4384948609","doi":"https://doi.org/10.1109/sp46215.2023.10179433","title":"WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches","display_name":"WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4384948609","doi":"https://doi.org/10.1109/sp46215.2023.10179433"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179433","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179433","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5114348167","display_name":"Jianhao Xu","orcid":"https://orcid.org/0000-0002-7093-367X"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianhao Xu","raw_affiliation_strings":["Nanjing University,State Key Laboratory for Novel Software Technology","State Key Laboratory for Novel Software Technology, Nanjing University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University,State Key Laboratory for Novel Software Technology","institution_ids":["https://openalex.org/I881766915"]},{"raw_affiliation_string":"State Key Laboratory for Novel Software Technology, Nanjing University","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063308345","display_name":"Luca Di Bartolomeo","orcid":"https://orcid.org/0000-0002-5457-6246"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Luca Di Bartolomeo","raw_affiliation_strings":["EPFL"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EPFL","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029770311","display_name":"Flavio Toffalini","orcid":"https://orcid.org/0000-0002-7114-5640"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Flavio Toffalini","raw_affiliation_strings":["EPFL"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EPFL","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089309949","display_name":"Bing Mao","orcid":"https://orcid.org/0000-0001-9943-1473"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bing Mao","raw_affiliation_strings":["Nanjing University,State Key Laboratory for Novel Software Technology","State Key Laboratory for Novel Software Technology, Nanjing University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University,State Key Laboratory for Novel Software Technology","institution_ids":["https://openalex.org/I881766915"]},{"raw_affiliation_string":"State Key Laboratory for Novel Software Technology, Nanjing University","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065116578","display_name":"Mathias Payer","orcid":"https://orcid.org/0000-0001-5054-7547"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mathias Payer","raw_affiliation_strings":["EPFL"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EPFL","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.979,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.8031877,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1271","last_page":"1288"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9711999893188477,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8607655167579651},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.7604647874832153},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.7277264595031738},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7139844298362732},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.5174306035041809},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5092209577560425},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.4895687997341156},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.4760701060295105},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4548502564430237},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.36660921573638916},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3236115574836731},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.15967512130737305}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8607655167579651},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.7604647874832153},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.7277264595031738},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7139844298362732},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.5174306035041809},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5092209577560425},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.4895687997341156},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.4760701060295105},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4548502564430237},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.36660921573638916},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3236115574836731},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.15967512130737305},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179433","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179433","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6299999952316284,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W23255398","https://openalex.org/W1495630617","https://openalex.org/W1538332098","https://openalex.org/W1591211019","https://openalex.org/W1593280365","https://openalex.org/W1680927362","https://openalex.org/W1968412195","https://openalex.org/W1969338270","https://openalex.org/W1969501726","https://openalex.org/W1984471991","https://openalex.org/W1993736952","https://openalex.org/W1996931407","https://openalex.org/W2001978806","https://openalex.org/W2006790656","https://openalex.org/W2033029512","https://openalex.org/W2050469558","https://openalex.org/W2088383546","https://openalex.org/W2109219878","https://openalex.org/W2111760587","https://openalex.org/W2117798902","https://openalex.org/W2159059513","https://openalex.org/W2162800072","https://openalex.org/W2258876169","https://openalex.org/W2512784977","https://openalex.org/W2760025382","https://openalex.org/W2763131031","https://openalex.org/W2793456994","https://openalex.org/W2793974819","https://openalex.org/W2891196279","https://openalex.org/W2899759798","https://openalex.org/W2912312736","https://openalex.org/W2963237187","https://openalex.org/W2987375469","https://openalex.org/W2997653900","https://openalex.org/W3005193866","https://openalex.org/W3029114445","https://openalex.org/W3036557299","https://openalex.org/W3096372727","https://openalex.org/W3101740510","https://openalex.org/W3138733102","https://openalex.org/W4226087707","https://openalex.org/W4238083723","https://openalex.org/W4299301436","https://openalex.org/W4302784197","https://openalex.org/W6600946200","https://openalex.org/W6628339169","https://openalex.org/W6628351959","https://openalex.org/W6636574085","https://openalex.org/W6636991409","https://openalex.org/W6638487575","https://openalex.org/W6638559843","https://openalex.org/W6743382269","https://openalex.org/W6743843626","https://openalex.org/W6767084022","https://openalex.org/W6803794045","https://openalex.org/W6805175422"],"related_works":["https://openalex.org/W2182697532","https://openalex.org/W1517387344","https://openalex.org/W1544062218","https://openalex.org/W1964111631","https://openalex.org/W185550498","https://openalex.org/W2348203156","https://openalex.org/W2402565116","https://openalex.org/W2226868092","https://openalex.org/W2295077932","https://openalex.org/W2164928043"],"abstract_inverted_index":{"Code-reuse":[0],"attacks":[1,16,119],"are":[2,56],"dangerous":[3],"threats":[4],"that":[5,61,89,111],"attracted":[6],"the":[7,10,33,126,138,177,185],"attention":[8],"of":[9,26,35,141,179,187],"security":[11,54,80],"community":[12],"for":[13,23,200],"years.":[14],"These":[15],"aim":[17],"at":[18],"corrupting":[19],"important":[20],"control-flow":[21],"transfers":[22],"taking":[24],"control":[25],"a":[27,105,133,146],"process":[28],"without":[29],"injecting":[30],"code.":[31,69],"Nowadays,":[32],"combinations":[34],"multiple":[36],"mitigations":[37,55,76],"(e.g.,":[38],"ASLR,":[39],"DEP,":[40],"and":[41,67,120,131,158,168,172,204],"CFI)":[42],"drastically":[43],"reduced":[44],"this":[45,101,129,180,202],"attack":[46,107,130,189],"surface,":[47],"making":[48],"running":[49],"code-reuse":[50,75,122],"exploits":[51,112],"more":[52],"challenging.Unfortunately,":[53],"combined":[57],"with":[58],"compiler":[59],"optimizations,":[60],"do":[62],"not":[63],"distinguish":[64],"between":[65],"security-related":[66],"application":[68],"Blindly":[70],"deploying":[71],"code":[72,153],"optimizations":[73,115],"over":[74,161],"may":[77,85],"undermine":[78],"their":[79],"guarantees.":[81],"For":[82],"instance,":[83],"compilers":[84],"introduce":[86],"double-fetch":[87,114,152],"vulnerabilities":[88],"lead":[90],"to":[91,97,116,149,175,208],"concurrency":[92],"issues":[93],"such":[94],"as":[95],"Time-Of-Check":[96],"Time-Of-Use":[98],"(TOCTTOU)":[99],"attacks.In":[100],"work,":[102],"we":[103,144,183,195],"propose":[104,145,205],"new":[106],"vector,":[108],"called":[109],"WarpAttack,":[110],"compiler-introduced":[113],"mount":[117],"TOCTTOU":[118],"bypass":[121],"mitigations.":[123],"We":[124],"study":[125,176,184],"mechanism":[127],"underlying":[128],"present":[132],"practical":[134,206],"proof-of-concept":[135],"exploit":[136],"against":[137,190],"last":[139],"version":[140],"Firefox.":[142],"Additionally,":[143],"lightweight":[147],"analysis":[148],"locate":[150],"vulnerable":[151],"(with":[154],"3%":[155],"false":[156],"positives)":[157],"conduct":[159],"research":[160,198],"six":[162,191],"popular":[163],"applications,":[164],"five":[165],"operating":[166],"systems,":[167],"four":[169],"architectures":[170],"(32":[171],"64":[173],"bits)":[174],"diffusion":[178],"threat.":[181],"Moreover,":[182],"implication":[186],"our":[188],"CFI":[192],"implementations.":[193],"Finally,":[194],"investigate":[196],"possible":[197],"lines":[199],"addressing":[201],"threat":[203],"solutions":[207],"be":[209],"deployed":[210],"in":[211],"existing":[212],"projects.":[213]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}