{"id":"https://openalex.org/W2001978806","doi":"https://doi.org/10.1145/2810103.2813671","title":"Losing Control","display_name":"Losing Control","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W2001978806","doi":"https://doi.org/10.1145/2810103.2813671","mag":"2001978806"},"language":"en","primary_location":{"id":"doi:10.1145/2810103.2813671","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063847107","display_name":"Mauro Conti","orcid":"https://orcid.org/0000-0002-3612-1934"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["University of Padua, Padua, Italy","University of Padua, Padua -- Italy"],"affiliations":[{"raw_affiliation_string":"University of Padua, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]},{"raw_affiliation_string":"University of Padua, Padua -- Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111972854","display_name":"Stephen Crane","orcid":null},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Stephen Crane","raw_affiliation_strings":["University of California, Irvine, Irvine, USA","[University of California, Irvine, Irvine, USA]"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, USA","institution_ids":["https://openalex.org/I204250578"]},{"raw_affiliation_string":"[University of California, Irvine, Irvine, USA]","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089242868","display_name":"Lucas Davi","orcid":"https://orcid.org/0000-0002-7322-2777"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lucas Davi","raw_affiliation_strings":["Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103069673","display_name":"Michael Franz","orcid":"https://orcid.org/0000-0001-5911-2275"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Franz","raw_affiliation_strings":["University of California, Irvine, Irvine, USA","[University of California, Irvine, Irvine, USA]"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, USA","institution_ids":["https://openalex.org/I204250578"]},{"raw_affiliation_string":"[University of California, Irvine, Irvine, USA]","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029451644","display_name":"Per Larsen","orcid":"https://orcid.org/0009-0000-2928-4121"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Per Larsen","raw_affiliation_strings":["University of California, Irvine, Irvine, USA","[University of California, Irvine, Irvine, USA]"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, USA","institution_ids":["https://openalex.org/I204250578"]},{"raw_affiliation_string":"[University of California, Irvine, Irvine, USA]","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065013046","display_name":"Marco Negro","orcid":null},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marco Negro","raw_affiliation_strings":["Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076563200","display_name":"Christopher Liebchen","orcid":null},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christopher Liebchen","raw_affiliation_strings":["Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065498993","display_name":"Mohaned Qunaibit","orcid":null},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mohaned Qunaibit","raw_affiliation_strings":["University of California, Irvine, Irvine, USA","[University of California, Irvine, Irvine, USA]"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, USA","institution_ids":["https://openalex.org/I204250578"]},{"raw_affiliation_string":"[University of California, Irvine, Irvine, USA]","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079497016","display_name":"Ahmad\u2010Reza Sadeghi","orcid":"https://orcid.org/0000-0001-6833-3598"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ahmad-Reza Sadeghi","raw_affiliation_strings":["Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5063847107"],"corresponding_institution_ids":["https://openalex.org/I138689650"],"apc_list":null,"apc_paid":null,"fwci":24.6637,"has_fulltext":false,"cited_by_count":122,"citation_normalized_percentile":{"value":0.99538813,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"952","last_page":"963"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9876000285148621,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9399999976158142,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8203315734863281},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8197821974754333},{"id":"https://openalex.org/keywords/call-stack","display_name":"Call stack","score":0.6366366147994995},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.5937334895133972},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.5648960471153259},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.5097600817680359},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5091747641563416},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.4388725757598877},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4344444274902344},{"id":"https://openalex.org/keywords/x86","display_name":"x86","score":0.41678136587142944},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3732221722602844},{"id":"https://openalex.org/keywords/stack","display_name":"Stack (abstract data type)","score":0.22707390785217285},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.18802985548973083},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.15545359253883362}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8203315734863281},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8197821974754333},{"id":"https://openalex.org/C119024030","wikidata":"https://www.wikidata.org/wiki/Q759899","display_name":"Call stack","level":3,"score":0.6366366147994995},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.5937334895133972},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.5648960471153259},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.5097600817680359},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5091747641563416},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.4388725757598877},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4344444274902344},{"id":"https://openalex.org/C170723468","wikidata":"https://www.wikidata.org/wiki/Q182933","display_name":"x86","level":3,"score":0.41678136587142944},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3732221722602844},{"id":"https://openalex.org/C9395851","wikidata":"https://www.wikidata.org/wiki/Q177929","display_name":"Stack (abstract data type)","level":2,"score":0.22707390785217285},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.18802985548973083},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.15545359253883362}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2810103.2813671","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:www.research.unipd.it:11577/3169211","is_oa":false,"landing_page_url":"http://hdl.handle.net/11577/3169211","pdf_url":null,"source":{"id":"https://openalex.org/S4377196283","display_name":"Research Padua  Archive (University of Padua)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I138689650","host_organization_name":"University of Padua","host_organization_lineage":["https://openalex.org/I138689650"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.8199999928474426,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":51,"referenced_works":["https://openalex.org/W2363194","https://openalex.org/W70478248","https://openalex.org/W1429241971","https://openalex.org/W1477563924","https://openalex.org/W1538332098","https://openalex.org/W1544471297","https://openalex.org/W1545927878","https://openalex.org/W1590050693","https://openalex.org/W1591211019","https://openalex.org/W1605557845","https://openalex.org/W1631846088","https://openalex.org/W1655226010","https://openalex.org/W1691322864","https://openalex.org/W1816718056","https://openalex.org/W1823377586","https://openalex.org/W1963947298","https://openalex.org/W1964281299","https://openalex.org/W1968002620","https://openalex.org/W1969338270","https://openalex.org/W1982778414","https://openalex.org/W1992221070","https://openalex.org/W2003619630","https://openalex.org/W2004877887","https://openalex.org/W2009801020","https://openalex.org/W2012559808","https://openalex.org/W2022292029","https://openalex.org/W2022413220","https://openalex.org/W2033593513","https://openalex.org/W2048229966","https://openalex.org/W2065540707","https://openalex.org/W2072102701","https://openalex.org/W2079029390","https://openalex.org/W2081105932","https://openalex.org/W2109219878","https://openalex.org/W2111927651","https://openalex.org/W2124360577","https://openalex.org/W2131821445","https://openalex.org/W2132806808","https://openalex.org/W2138517425","https://openalex.org/W2154555738","https://openalex.org/W2155810272","https://openalex.org/W2158389625","https://openalex.org/W2159059513","https://openalex.org/W2159216827","https://openalex.org/W2162800072","https://openalex.org/W2168843528","https://openalex.org/W2171143790","https://openalex.org/W2293825325","https://openalex.org/W2978757628","https://openalex.org/W6638559843","https://openalex.org/W7057006497"],"related_works":["https://openalex.org/W2135849267","https://openalex.org/W62105794","https://openalex.org/W2066874231","https://openalex.org/W2809457911","https://openalex.org/W1956783456","https://openalex.org/W2375324011","https://openalex.org/W2053636330","https://openalex.org/W2017304482","https://openalex.org/W2136651729","https://openalex.org/W1991206705"],"abstract_inverted_index":{"Adversaries":[0],"exploit":[1,82,177],"memory":[2,112],"corruption":[3,113],"vulnerabilities":[4,84],"to":[5,69,81,85,94,170],"hijack":[6],"a":[7],"program's":[8],"control":[9,53,86],"flow":[10],"and":[11,105,142,149,163],"gain":[12],"arbitrary":[13],"code":[14],"execution.":[15],"One":[16,33],"promising":[17],"mitigation,":[18],"control-flow":[19,96],"integrity":[20],"(CFI),":[21],"has":[22],"been":[23],"the":[24,30,35,60,66,87,119,152,180],"subject":[25],"of":[26,34,59],"extensive":[27],"research":[28,67],"in":[29,151],"past":[31],"decade.":[32],"core":[36],"findings":[37],"is":[38],"that":[39,55,101],"adversaries":[40],"can":[41],"construct":[42],"Turing-complete":[43],"code-reuse":[44],"attacks":[45,126],"against":[46,127,179],"coarse-grained":[47],"CFI":[48,73,129,132,146,166],"policies":[49],"because":[50],"they":[51],"admit":[52],"flows":[54],"are":[56,168],"not":[57],"part":[58],"original":[61],"program.":[62],"This":[63],"insight":[64],"led":[65],"community":[68],"focus":[70],"on":[71],"fine-grained":[72,145],"implementations.":[74],"In":[75],"this":[76],"paper":[77],"we":[78,123,174],"show":[79],"how":[80],"heap-based":[83],"stack":[88,171,183],"contents":[89],"including":[90],"security-critical":[91],"values":[92],"used":[93],"validate":[95],"transfers.":[97],"Our":[98],"investigation":[99],"shows":[100],"although":[102],"program":[103],"analysis":[104],"compiler-based":[106],"mitigations":[107],"reduce":[108],"stack-based":[109,111],"vulnerabilities,":[110],"remains":[114],"an":[115,176],"open":[116],"problem.":[117],"Using":[118],"Chromium":[120],"web":[121],"browser":[122],"demonstrate":[124],"real-world":[125],"various":[128],"implementations:":[130],"1)~against":[131],"implementations":[133,147],"under":[134,157],"Windows":[135],"32-bit":[136],"by":[137],"exploiting":[138],"unprotected":[139],"context":[140],"switches,":[141],"2)~against":[143],"state-of-the-art":[144],"(IFCC":[148],"VTV)":[150],"two":[153],"premier":[154],"open-source":[155],"compilers":[156],"Unix-like":[158],"operating":[159],"systems.":[160],"Both":[161],"32":[162],"64-bit":[164],"x86":[165],"checks":[167],"vulnerable":[169],"manipulation.":[172],"Finally,":[173],"provide":[175],"technique":[178],"latest":[181],"shadow":[182],"implementation.":[184]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":12},{"year":2020,"cited_by_count":17},{"year":2019,"cited_by_count":17},{"year":2018,"cited_by_count":18},{"year":2017,"cited_by_count":20},{"year":2016,"cited_by_count":14},{"year":2015,"cited_by_count":3}],"updated_date":"2026-04-04T08:04:53.788161","created_date":"2016-06-24T00:00:00"}