{"id":"https://openalex.org/W2054660290","doi":"https://doi.org/10.1145/2808475.2808488","title":"From Fine Grained Code Diversity to JIT-ROP to Execute-Only Memory","display_name":"From Fine Grained Code Diversity to JIT-ROP to Execute-Only Memory","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W2054660290","doi":"https://doi.org/10.1145/2808475.2808488","mag":"2054660290"},"language":"en","primary_location":{"id":"doi:10.1145/2808475.2808488","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2808475.2808488","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Second ACM Workshop on Moving Target Defense","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103069673","display_name":"Michael Franz","orcid":"https://orcid.org/0000-0001-5911-2275"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Michael Franz","raw_affiliation_strings":["University of California, Irvine, Irvine, CA, USA","University of California Irvine, IRVINE, CA, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, CA, USA","institution_ids":["https://openalex.org/I204250578"]},{"raw_affiliation_string":"University of California Irvine, IRVINE, CA, USA#TAB#","institution_ids":["https://openalex.org/I204250578"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5103069673"],"corresponding_institution_ids":["https://openalex.org/I204250578"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.04532568,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":93},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"1"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10054","display_name":"Parallel Computing and Optimization Techniques","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9894999861717224,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7966631650924683},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.7142478227615356},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.6175991296768188},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.5938485264778137},{"id":"https://openalex.org/keywords/guard","display_name":"Guard (computer science)","score":0.5663926005363464},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5268370509147644},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.476990282535553},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.4528657793998718},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.43462464213371277},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.42254769802093506},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.3864545226097107},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.334848552942276},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.23779815435409546}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7966631650924683},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.7142478227615356},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.6175991296768188},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.5938485264778137},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.5663926005363464},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5268370509147644},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.476990282535553},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.4528657793998718},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.43462464213371277},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.42254769802093506},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.3864545226097107},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.334848552942276},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.23779815435409546},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2808475.2808488","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2808475.2808488","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Second ACM Workshop on Moving Target Defense","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7237768865","display_name":null,"funder_award_id":"CCF-1117162","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8875022862","display_name":null,"funder_award_id":"D11PC20024 and N660001-1-2-4014","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W3030873103","https://openalex.org/W2182697532","https://openalex.org/W1517387344","https://openalex.org/W1544062218","https://openalex.org/W2154435823","https://openalex.org/W185550498","https://openalex.org/W1997450527","https://openalex.org/W2348203156","https://openalex.org/W2226868092","https://openalex.org/W2164928043"],"abstract_inverted_index":{"Today's":[0],"software":[1,50,239,261],"monoculture":[2],"creates":[3],"asymmetric":[4],"threats.":[5],"An":[6],"attacker":[7,139],"needs":[8],"to":[9,18,56,129,186,191,275,374],"find":[10],"only":[11,112],"one":[12,74],"way":[13,87,142],"in,":[14],"while":[15],"defenders":[16],"need":[17,190],"guard":[19],"a":[20,63,104,106,113,119,132,145,206,235,302,333,362],"lot":[21],"of":[22,66,69,91,116,122,135,143,164,223,237,258,305,317,338],"ground.":[23],"Adversaries":[24],"can":[25,243],"fully":[26],"debug":[27],"and":[28,118,252,289,295,326,366],"perfect":[29],"their":[30,33,97,176],"attacks":[31,165,177,228,249,376],"on":[32,111,152,178,196,234,377],"own":[34],"computers,":[35],"exactly":[36,84],"replicating":[37],"the":[38,54,70,85,89,92,162,179,197,202,216,220,255,339,347],"environment":[39],"that":[40,208,242],"they":[41,95],"will":[42,109,150,231],"later":[43],"be":[44,127],"targeting.":[45],"One":[46],"possible":[47],"defense":[48],"is":[49],"diversity,":[51],"which":[52,147,153],"raises":[53],"bar":[55],"attackers.":[57],"A":[58],"diversification":[59],"engine":[60],"automatically":[61,311],"generates":[62],"large":[64,120,303],"number":[65,121,304],"different":[67,101,123],"versions":[68],"same":[71,86,340,348],"program,":[72],"potentially":[73],"unique":[75,306],"version":[76],"for":[77,315],"every":[78],"computer.":[79],"These":[80],"all":[81,193],"behave":[82],"in":[83,99],"from":[88,215],"perspective":[90],"end-user,":[93],"but":[94],"implement":[96],"functionality":[98],"subtly":[100],"ways.":[102],"As":[103,332],"result,":[105],"specific":[107,148,154,168],"attack":[108,124,149],"succeed":[110,151],"small":[114],"fraction":[115],"targets":[117],"vectors":[125],"would":[126],"needed":[128],"take":[130],"over":[131],"significant":[133],"percentage":[134],"them.":[136],"Because":[137],"an":[138,318],"has":[140,361],"no":[141,335,355],"knowing":[144],"priori":[146],"target,":[155],"this":[156],"method":[157,353],"also":[158,232,245],"very":[159],"significantly":[160,371],"increases":[161],"cost":[163],"directed":[166],"at":[167],"targets.":[169],"Unfortunately,":[170],"attackers":[171],"have":[172],"now":[173],"started":[174],"assembling":[175],"target":[180,198],"itself,":[181],"circumventing":[182],"diversity.":[183],"In":[184,298],"order":[185],"prevent":[187],"this,":[188],"we":[189,300,323],"make":[192,276],"executable":[194,211],"code":[195,212,226],"platform":[199],"unreadable":[200],"by":[201,250,310],"attacker.":[203],"We":[204,230],"present":[205],"solution":[207],"keeps":[209],"randomized":[210],"completely":[213],"hidden":[214],"attacker,":[217],"preventing":[218],"even":[219,345],"latest":[221],"class":[222],"dynamically":[224,251],"assembled":[225],"reuse":[227],"('JIT-ROP').":[229],"report":[233],"set":[236],"new":[238,270],"diversity":[240,262],"techniques":[241,263],"additionally":[244],"defend":[246],"against":[247,286],"side-channel":[248,291,368],"systematically":[253],"randomizing":[254],"control":[256],"flow":[257],"programs.":[259],"Previous":[260],"transform":[264],"each":[265,277],"program":[266,278,307,341],"trace":[267,279],"identically.":[268],"Our":[269,352],"technique":[271],"instead":[272],"transforms":[273],"programs":[274],"unique.":[280],"This":[281],"approach":[282],"offers":[283],"probabilistic":[284],"protection":[285],"both":[287],"online":[288],"off-line":[290],"attacks,":[292],"including":[293],"timing":[294],"cache-based":[296],"attacks.":[297],"particular,":[299],"create":[301],"execution":[308],"paths":[309],"generating":[312],"diversified":[313],"replicas":[314],"parts":[316],"input":[319],"program.":[320],"At":[321],"runtime":[322],"then":[324],"randomly":[325],"frequently":[327],"switch":[328],"between":[329],"these":[330],"replicas.":[331],"consequence,":[334],"two":[336],"executions":[337],"are":[342,350],"ever":[343],"alike,":[344],"when":[346,372],"inputs":[349],"used.":[351],"requires":[354],"manual":[356],"effort":[357],"or":[358],"hardware":[359],"changes,":[360],"reasonable":[363],"performance":[364],"impact,":[365],"reduces":[367],"information":[369],"leakage":[370],"applied":[373],"known":[375],"AES.":[378]},"counts_by_year":[{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}