{"id":"https://openalex.org/W2980673442","doi":"https://doi.org/10.1109/tdsc.2019.2947913","title":"On the Analysis of Byte-Granularity Heap Randomization","display_name":"On the Analysis of Byte-Granularity Heap Randomization","publication_year":2019,"publication_date":"2019-10-16","ids":{"openalex":"https://openalex.org/W2980673442","doi":"https://doi.org/10.1109/tdsc.2019.2947913","mag":"2980673442"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2019.2947913","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2019.2947913","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102026401","display_name":"Daehee Jang","orcid":"https://orcid.org/0000-0002-9670-2351"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Daehee Jang","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA","Georgia Institute of Technology, Atlanta, GA (USA)"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA (USA)","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100767723","display_name":"Jonghwan Kim","orcid":"https://orcid.org/0000-0002-9919-9843"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jonghwan Kim","raw_affiliation_strings":["Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea","[Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea]"],"affiliations":[{"raw_affiliation_string":"Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]},{"raw_affiliation_string":"[Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea]","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101660662","display_name":"Hojoon Lee","orcid":"https://orcid.org/0000-0001-5344-6266"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Hojoon Lee","raw_affiliation_strings":["Sungkyunkwan University, Jongno-gu, Seoul, South Korea","[Sungkyunkwan University, Jongno-gu, Seoul, South Korea]"],"affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Jongno-gu, Seoul, South Korea","institution_ids":["https://openalex.org/I848706"]},{"raw_affiliation_string":"[Sungkyunkwan University, Jongno-gu, Seoul, South Korea]","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019775045","display_name":"Minjoon Park","orcid":"https://orcid.org/0000-0002-3526-6293"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Minjoon Park","raw_affiliation_strings":["Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea","[Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea]"],"affiliations":[{"raw_affiliation_string":"Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]},{"raw_affiliation_string":"[Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea]","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082193160","display_name":"Yunjong Jung","orcid":null},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Yunjong Jung","raw_affiliation_strings":["Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea","[Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea]"],"affiliations":[{"raw_affiliation_string":"Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]},{"raw_affiliation_string":"[Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea]","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100343644","display_name":"Minsu Kim","orcid":"https://orcid.org/0000-0003-4939-2829"},"institutions":[{"id":"https://openalex.org/I4387156240","display_name":"National Security Research Institute","ror":"https://ror.org/01rg5mm74","country_code":null,"type":"government","lineage":["https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098","https://openalex.org/I4387156240"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Minsu Kim","raw_affiliation_strings":["National Security Research Institute, Yuseong-gu, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"National Security Research Institute, Yuseong-gu, Daejeon, South Korea","institution_ids":["https://openalex.org/I4387156240"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5046066368","display_name":"Brent Byunghoon Kang","orcid":"https://orcid.org/0000-0001-8984-1006"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Brent Byunghoon Kang","raw_affiliation_strings":["Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea","[Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea]"],"affiliations":[{"raw_affiliation_string":"Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]},{"raw_affiliation_string":"[Korea Advanced Institute of Science and Technology, Yuseong-gu, Daejeon, South Korea]","institution_ids":["https://openalex.org/I157485424"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5102026401"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":0.14,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.576928,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"18","issue":"5","first_page":"2237","last_page":"2252"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9810000061988831,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8187350034713745},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.7933909296989441},{"id":"https://openalex.org/keywords/granularity","display_name":"Granularity","score":0.7322112321853638},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.6947237253189087},{"id":"https://openalex.org/keywords/allocator","display_name":"Allocator","score":0.5941585302352905},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.40319985151290894},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.23987653851509094}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8187350034713745},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.7933909296989441},{"id":"https://openalex.org/C177774035","wikidata":"https://www.wikidata.org/wiki/Q1246948","display_name":"Granularity","level":2,"score":0.7322112321853638},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.6947237253189087},{"id":"https://openalex.org/C162262903","wikidata":"https://www.wikidata.org/wiki/Q343527","display_name":"Allocator","level":2,"score":0.5941585302352905},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.40319985151290894},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.23987653851509094}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2019.2947913","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2019.2947913","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1641113564","display_name":null,"funder_award_id":"NRF-2017R1A2B3006360","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"},{"id":"https://openalex.org/G3820715746","display_name":null,"funder_award_id":"N00014-18-1-2661","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G8055764252","display_name":null,"funder_award_id":"IITP-2017-0-01853-003","funder_id":"https://openalex.org/F4320335489","funder_display_name":"Institute for Information and Communications Technology Promotion"}],"funders":[{"id":"https://openalex.org/F4320322120","display_name":"National Research Foundation of Korea","ror":"https://ror.org/013aysd81"},{"id":"https://openalex.org/F4320335489","display_name":"Institute for Information and Communications Technology Promotion","ror":"https://ror.org/01g0hqq23"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W416021074","https://openalex.org/W1545927878","https://openalex.org/W1558430956","https://openalex.org/W1591211019","https://openalex.org/W1593678010","https://openalex.org/W1826158585","https://openalex.org/W1963947298","https://openalex.org/W1964281299","https://openalex.org/W2062553811","https://openalex.org/W2110137598","https://openalex.org/W2111927651","https://openalex.org/W2114604089","https://openalex.org/W2136938453","https://openalex.org/W2154555738","https://openalex.org/W2154795299","https://openalex.org/W2155810272","https://openalex.org/W2156399316","https://openalex.org/W2293825325","https://openalex.org/W2317430245","https://openalex.org/W2560817611","https://openalex.org/W2572561587","https://openalex.org/W2612687770","https://openalex.org/W2750978957","https://openalex.org/W3006595492","https://openalex.org/W6635629245","https://openalex.org/W6638472749","https://openalex.org/W6676817380","https://openalex.org/W6743279888"],"related_works":["https://openalex.org/W2920417665","https://openalex.org/W4379518516","https://openalex.org/W3033802101","https://openalex.org/W2766468145","https://openalex.org/W92825922","https://openalex.org/W3104774169","https://openalex.org/W2486766535","https://openalex.org/W2953153984","https://openalex.org/W2944895246","https://openalex.org/W2515904313"],"abstract_inverted_index":{"Heap":[0],"randomization,":[1],"in":[2,32,63],"general,":[3],"has":[4,15,140],"been":[5,17],"a":[6],"well-trodden":[7],"area;":[8],"however,":[9],"the":[10,30,57,100,111,130,151],"efficacy":[11,58],"of":[12,55,59],"byte-granularity":[13,60,126,137],"randomization":[14,62,139],"never":[16],"fully":[18],"explored":[19],"as":[20],"misalignment":[21],"raises":[22],"various":[23,146],"concerns.":[24],"Modern":[25],"heap":[26,61,127,138],"exploits":[27],"often":[28],"abuse":[29],"determinism":[31],"word":[33],"alignment,":[34],"and":[35,72,97,120,158],"modern":[36],"CPU":[37],"architecture":[38],"better":[39],"supports":[40],"unaligned":[41],"access":[42],"(since":[43],"Nehalem).":[44],"Based":[45,114],"on":[46,84,110,115],"such":[47,116],"new":[48],"developments,":[49],"we":[50,93,118],"conduct":[51,94],"an":[52,122],"in-depth":[53],"analysis":[54,75,134],"evaluating":[56],"three":[64],"folds:":[65],"(i)":[66],"security":[67],"effectiveness,":[68],"(ii)":[69],"performance":[70,91,101],"impact,":[71],"(iii)":[73],"compatibility":[74,153],"to":[76,106,145],"measure":[77,90],"deployment":[78,142],"cost.":[79],"Security":[80],"discussion":[81],"is":[82,103],"based":[83],"20":[85],"CVE":[86],"case":[87],"studies.":[88],"To":[89],"details,":[92],"cycle-level":[95],"microbenchmarks":[96],"report":[98],"that":[99,136],"cost":[102,143],"highly":[104],"concentrated":[105],"edge":[107],"cases":[108],"depending":[109],"L1-cache":[112],"line.":[113],"analysis,":[117],"design":[119],"implement":[121],"allocator":[123],"suited":[124],"for":[125],"randomization.":[128],"On":[129],"negative":[131],"side,":[132],"our":[133],"suggests":[135],"high":[141],"due":[144],"implementation":[147],"conflicts.":[148],"We":[149],"enumerate":[150],"problematic":[152],"issues":[154],"using":[155],"Coreutils,":[156],"Nginx,":[157],"ChakraCore":[159],"benchmarks.":[160]},"counts_by_year":[{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}