{"id":"https://openalex.org/W1971347811","doi":"https://doi.org/10.1109/tdsc.2014.2345384","title":"Marlin: Mitigating Code Reuse Attacks Using Code Randomization","display_name":"Marlin: Mitigating Code Reuse Attacks Using Code Randomization","publication_year":2014,"publication_date":"2014-08-05","ids":{"openalex":"https://openalex.org/W1971347811","doi":"https://doi.org/10.1109/tdsc.2014.2345384","mag":"1971347811"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2014.2345384","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2014.2345384","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101970169","display_name":"Aditi Gupta","orcid":"https://orcid.org/0000-0003-3647-8148"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aditi Gupta","raw_affiliation_strings":["Department of Computer Science, Purdue University, West Lafayette, IN","Department of Computer Science, Purdue University, West Lafayette IN#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette, IN","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette IN#TAB#","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090712023","display_name":"Javid Habibi","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Javid Habibi","raw_affiliation_strings":["Department of Computer Science, Purdue University, West Lafayette, IN","Department of Computer Science, Purdue University, West Lafayette IN#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette, IN","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette IN#TAB#","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062386207","display_name":"Michael S. Kirkpatrick","orcid":"https://orcid.org/0000-0002-7200-4102"},"institutions":[{"id":"https://openalex.org/I11883440","display_name":"James Madison University","ror":"https://ror.org/028pmsz77","country_code":"US","type":"education","lineage":["https://openalex.org/I11883440"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael S. Kirkpatrick","raw_affiliation_strings":["Department of Computer Science, James Madison University, Harrisonburg, VA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, James Madison University, Harrisonburg, VA","institution_ids":["https://openalex.org/I11883440"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5061694501","display_name":"Elisa Bertino","orcid":"https://orcid.org/0000-0002-4029-7051"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elisa Bertino","raw_affiliation_strings":["Department of Computer Science, Purdue University, West Lafayette, IN","Department of Computer Science, Purdue University, West Lafayette IN#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette, IN","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette IN#TAB#","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.8062,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.93599945,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"12","issue":"3","first_page":"326","last_page":"337"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9800000190734863,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.8810535669326782},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8551076650619507},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.6782442927360535},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6377061605453491},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.49039340019226074},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4829218089580536},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4304332733154297},{"id":"https://openalex.org/keywords/unreachable-code","display_name":"Unreachable code","score":0.4169842004776001},{"id":"https://openalex.org/keywords/redundant-code","display_name":"Redundant code","score":0.36661434173583984},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34194767475128174},{"id":"https://openalex.org/keywords/code-generation","display_name":"Code generation","score":0.2972312271595001},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.23500755429267883},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.22601598501205444}],"concepts":[{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.8810535669326782},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8551076650619507},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.6782442927360535},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6377061605453491},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.49039340019226074},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4829218089580536},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4304332733154297},{"id":"https://openalex.org/C50951305","wikidata":"https://www.wikidata.org/wiki/Q2482534","display_name":"Unreachable code","level":5,"score":0.4169842004776001},{"id":"https://openalex.org/C151578736","wikidata":"https://www.wikidata.org/wiki/Q1251793","display_name":"Redundant code","level":4,"score":0.36661434173583984},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34194767475128174},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.2972312271595001},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.23500755429267883},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.22601598501205444},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2014.2345384","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2014.2345384","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6600000262260437,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G3515894064","display_name":null,"funder_award_id":"CNS-1016722","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8702753294","display_name":null,"funder_award_id":"CNS-1111512","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320309036","display_name":"Purdue University","ror":"https://ror.org/02dqehb95"},{"id":"https://openalex.org/F4320309652","display_name":"University of Michigan","ror":"https://ror.org/00jmfr291"},{"id":"https://openalex.org/F4320310016","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993"},{"id":"https://openalex.org/F4320310375","display_name":"James Madison University","ror":"https://ror.org/028pmsz77"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":49,"referenced_works":["https://openalex.org/W173413620","https://openalex.org/W199961241","https://openalex.org/W1515653707","https://openalex.org/W1528086994","https://openalex.org/W1545927878","https://openalex.org/W1593678010","https://openalex.org/W1823377586","https://openalex.org/W1968002620","https://openalex.org/W1969501726","https://openalex.org/W1982829328","https://openalex.org/W1984187936","https://openalex.org/W1996931407","https://openalex.org/W1997450527","https://openalex.org/W2004877887","https://openalex.org/W2009801020","https://openalex.org/W2027963645","https://openalex.org/W2074943483","https://openalex.org/W2098010707","https://openalex.org/W2099382052","https://openalex.org/W2102902405","https://openalex.org/W2121468041","https://openalex.org/W2132806808","https://openalex.org/W2138517425","https://openalex.org/W2141389113","https://openalex.org/W2147625551","https://openalex.org/W2153497135","https://openalex.org/W2154435823","https://openalex.org/W2154555738","https://openalex.org/W2156858199","https://openalex.org/W2162800072","https://openalex.org/W2168843528","https://openalex.org/W2171143790","https://openalex.org/W2294009246","https://openalex.org/W2296616300","https://openalex.org/W3146301262","https://openalex.org/W6607078713","https://openalex.org/W6608020635","https://openalex.org/W6630861182","https://openalex.org/W6631531730","https://openalex.org/W6635629245","https://openalex.org/W6638559843","https://openalex.org/W6669301791","https://openalex.org/W6675010140","https://openalex.org/W6680659772","https://openalex.org/W6682526790","https://openalex.org/W6682684344","https://openalex.org/W6685238602","https://openalex.org/W6696929981","https://openalex.org/W7038687428"],"related_works":["https://openalex.org/W1555552217","https://openalex.org/W1527771852","https://openalex.org/W2091871187","https://openalex.org/W77265138","https://openalex.org/W4382795255","https://openalex.org/W3046570025","https://openalex.org/W2523221082","https://openalex.org/W2784876473","https://openalex.org/W2349553983","https://openalex.org/W3097608674"],"abstract_inverted_index":{"Code-reuse":[0],"attacks,":[1],"such":[2,167],"as":[3,38],"return-oriented":[4],"programming":[5],"(ROP),":[6],"are":[7],"a":[8,67,116,144],"class":[9],"of":[10,34,49,58,61,81,96,119,140,178],"buffer":[11],"overflow":[12],"attacks":[13,23,29,51],"that":[14,73,155,166],"repurpose":[15],"existing":[16],"executable":[17,63,83,98,159],"code":[18,27,84,99],"towards":[19],"malicious":[20],"purposes.":[21],"These":[22],"bypass":[24],"defenses":[25],"against":[26,180],"injection":[28],"by":[30,77,100],"chaining":[31],"together":[32],"sequence":[33],"instructions,":[35],"commonly":[36],"known":[37],"gadgets,":[39],"to":[40,133],"execute":[41],"the":[42,53,56,62,79,82,93,97,103,107,112,114,124,152,157,176],"desired":[43,125],"attack":[44],"logic.":[45],"A":[46],"common":[47],"feature":[48],"these":[50,75],"is":[52],"reliance":[54],"on":[55],"knowledge":[57,118],"memory":[59],"layout":[60,80],"code.":[64],"We":[65,147],"propose":[66],"fine":[68],"grained":[69],"randomization":[70],"based":[71,182],"approach":[72,129,169],"breaks":[74],"assumptions":[76],"modifying":[78],"and":[85,137,173],"hinders":[86],"code-reuse":[87,181],"attack.":[88],"Our":[89,128,163],"solution,":[90],"Marlin,":[91],"randomizes":[92,156],"internal":[94],"structure":[95],"randomly":[101],"shuffling":[102],"function":[104],"blocks":[105],"in":[106],"target":[108,158],"binary.":[109],"This":[110],"denies":[111],"attacker":[113],"necessary":[115],"priori":[117],"instruction":[120],"addresses":[121],"for":[122],"constructing":[123],"exploit":[126],"payload.":[127],"can":[130],"be":[131],"applied":[132],"any":[134],"ELF":[135],"binary":[136,142],"every":[138],"execution":[139],"this":[141],"uses":[143],"different":[145],"randomization.":[146],"have":[148],"integrated":[149],"Marlin":[150],"into":[151],"bash":[153],"shell":[154],"before":[160],"launching":[161],"it.":[162],"work":[164],"shows":[165],"an":[168],"incurs":[170],"low":[171],"overhead":[172],"significantly":[174],"increases":[175],"level":[177],"security":[179],"attacks.":[183]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}