{"id":"https://openalex.org/W2898326323","doi":"https://doi.org/10.1145/3274694.3274739","title":"On the Effectiveness of Type-based Control Flow Integrity","display_name":"On the Effectiveness of Type-based Control Flow Integrity","publication_year":2018,"publication_date":"2018-12-03","ids":{"openalex":"https://openalex.org/W2898326323","doi":"https://doi.org/10.1145/3274694.3274739","mag":"2898326323"},"language":"en","primary_location":{"id":"doi:10.1145/3274694.3274739","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3274694.3274739","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037493110","display_name":"Reza Mirzazade Farkhani","orcid":null},"institutions":[{"id":"https://openalex.org/I87182695","display_name":"Universidad del Noreste","ror":"https://ror.org/02ahky613","country_code":"MX","type":"education","lineage":["https://openalex.org/I87182695"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Reza Mirzazade Farkhani","raw_affiliation_strings":["Northeastern University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University","institution_ids":["https://openalex.org/I87182695"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075903733","display_name":"Saman Jafari","orcid":null},"institutions":[{"id":"https://openalex.org/I87182695","display_name":"Universidad del Noreste","ror":"https://ror.org/02ahky613","country_code":"MX","type":"education","lineage":["https://openalex.org/I87182695"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Saman Jafari","raw_affiliation_strings":["Northeastern University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University","institution_ids":["https://openalex.org/I87182695"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013179900","display_name":"Sajjad Arshad","orcid":"https://orcid.org/0000-0001-5311-451X"},"institutions":[{"id":"https://openalex.org/I87182695","display_name":"Universidad del Noreste","ror":"https://ror.org/02ahky613","country_code":"MX","type":"education","lineage":["https://openalex.org/I87182695"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Sajjad Arshad","raw_affiliation_strings":["Northeastern University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University","institution_ids":["https://openalex.org/I87182695"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085358980","display_name":"William Robertson","orcid":"https://orcid.org/0000-0002-6968-0273"},"institutions":[{"id":"https://openalex.org/I87182695","display_name":"Universidad del Noreste","ror":"https://ror.org/02ahky613","country_code":"MX","type":"education","lineage":["https://openalex.org/I87182695"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"William Robertson","raw_affiliation_strings":["Northeastern University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University","institution_ids":["https://openalex.org/I87182695"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077875821","display_name":"Engin Kirda","orcid":"https://orcid.org/0000-0001-9988-6873"},"institutions":[{"id":"https://openalex.org/I87182695","display_name":"Universidad del Noreste","ror":"https://ror.org/02ahky613","country_code":"MX","type":"education","lineage":["https://openalex.org/I87182695"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Engin Kirda","raw_affiliation_strings":["Northeastern University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University","institution_ids":["https://openalex.org/I87182695"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033661137","display_name":"Hamed Okhravi","orcid":"https://orcid.org/0000-0003-1450-3744"},"institutions":[{"id":"https://openalex.org/I4210122954","display_name":"MIT Lincoln Laboratory","ror":"https://ror.org/022z6jk58","country_code":"US","type":"facility","lineage":["https://openalex.org/I4210122954","https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hamed Okhravi","raw_affiliation_strings":["MIT Lincoln Laboratory"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"MIT Lincoln Laboratory","institution_ids":["https://openalex.org/I4210122954"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.8722,"has_fulltext":false,"cited_by_count":40,"citation_normalized_percentile":{"value":0.9286449,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"28","last_page":"39"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9829999804496765,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8075709342956543},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7140130400657654},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.6012149453163147},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5639559030532837},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.5381373763084412},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.477762371301651},{"id":"https://openalex.org/keywords/perspective","display_name":"Perspective (graphical)","score":0.45563405752182007},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.44094035029411316},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.43587151169776917},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.213495671749115},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.12256595492362976}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8075709342956543},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7140130400657654},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.6012149453163147},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5639559030532837},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.5381373763084412},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.477762371301651},{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.45563405752182007},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.44094035029411316},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.43587151169776917},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.213495671749115},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.12256595492362976},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3274694.3274739","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3274694.3274739","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.8100000023841858,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W951859702","https://openalex.org/W1429241971","https://openalex.org/W1477563924","https://openalex.org/W1538332098","https://openalex.org/W1605557845","https://openalex.org/W1631846088","https://openalex.org/W1823377586","https://openalex.org/W1963947298","https://openalex.org/W1982778414","https://openalex.org/W1992741024","https://openalex.org/W1993736952","https://openalex.org/W1996931407","https://openalex.org/W2001978806","https://openalex.org/W2022292029","https://openalex.org/W2022413220","https://openalex.org/W2033593513","https://openalex.org/W2035991175","https://openalex.org/W2048229966","https://openalex.org/W2055084740","https://openalex.org/W2072102701","https://openalex.org/W2074943483","https://openalex.org/W2080313875","https://openalex.org/W2080379526","https://openalex.org/W2081105932","https://openalex.org/W2109219878","https://openalex.org/W2117798902","https://openalex.org/W2121579803","https://openalex.org/W2122757982","https://openalex.org/W2133592286","https://openalex.org/W2138517425","https://openalex.org/W2155810272","https://openalex.org/W2155851497","https://openalex.org/W2162800072","https://openalex.org/W2258876169","https://openalex.org/W2293825325","https://openalex.org/W2297774820","https://openalex.org/W2510394756","https://openalex.org/W2512784977","https://openalex.org/W2516933175","https://openalex.org/W2612403404","https://openalex.org/W2752985907","https://openalex.org/W2978757628","https://openalex.org/W4299522686"],"related_works":["https://openalex.org/W2182697532","https://openalex.org/W1517387344","https://openalex.org/W1544062218","https://openalex.org/W142226328","https://openalex.org/W1964111631","https://openalex.org/W2294515590","https://openalex.org/W185550498","https://openalex.org/W2348203156","https://openalex.org/W2226868092","https://openalex.org/W2164928043"],"abstract_inverted_index":{"Control":[0],"flow":[1],"integrity":[2],"(CFI)":[3],"has":[4,30,49,70,90],"received":[5],"significant":[6],"attention":[7],"in":[8,16,25,32,52,124],"the":[9,17,33,79,95,103,108,114,175],"community":[10],"to":[11,93,132,201],"combat":[12],"control":[13],"hijacking":[14],"attacks":[15,156],"presence":[18],"of":[19,35,39,55,74,83,86,105,154,186],"memory":[20],"corruption":[21],"vulnerabilities.":[22],"The":[23],"challenges":[24,185],"creating":[26],"a":[27,36,53,72,134,152,213],"practical":[28,57,184,197],"CFI":[29,40,48,87,200],"resulted":[31],"development":[34],"new":[37],"type":[38,44,120,159],"based":[41],"on":[42],"runtime":[43],"checking":[45,160],"(RTC).":[46],"RTC-based":[47,96],"been":[50,71,91],"implemented":[51],"number":[54,73],"recent":[56],"efforts":[58,76],"such":[59],"as":[60],"GRSecurity":[61],"Reuse":[62],"Attack":[63],"Protector":[64],"(RAP)":[65],"and":[66,81,110,163,174],"LLVM-CFI.":[67],"While":[68],"there":[69],"previous":[75],"that":[77,119,157,192],"studied":[78],"strengths":[80],"limitations":[82],"other":[84,176],"types":[85],"techniques,":[88],"little":[89],"done":[92],"evaluate":[94],"CFI.":[97],"In":[98],"this":[99],"work,":[100],"we":[101,117,141],"study":[102],"effectiveness":[104],"RTC":[106,149,194],"from":[107],"security":[109,115],"practicality":[111],"aspects.":[112],"From":[113],"perspective,":[116],"observe":[118],"collisions":[121],"are":[122],"abundant":[123],"sufficiently":[125],"large":[126,202],"code":[127,203],"bases":[128],"but":[129],"exploiting":[130],"them":[131],"build":[133],"functional":[135],"attack":[136],"is":[137,195,207],"not":[138,208],"straightforward.":[139],"Then":[140],"show":[142],"how":[143],"an":[144],"attacker":[145],"can":[146],"successfully":[147],"bypass":[148],"techniques":[150],"using":[151],"variant":[153],"ROP":[155],"respect":[158],"(called":[161],"TROP)":[162],"also":[164,182],"built":[165],"two":[166],"proof-of-concept":[167],"exploits,":[168],"one":[169],"against":[170,177],"Nginx":[171],"web":[172],"server":[173],"Exim":[178],"mail":[179],"server.":[180],"We":[181],"discuss":[183],"implementing":[187],"RTC.":[188],"Our":[189],"findings":[190],"suggest":[191],"while":[193],"more":[196],"for":[198],"applying":[199],"bases,":[204],"its":[205],"policy":[206],"strong":[209],"enough":[210],"when":[211],"facing":[212],"motivated":[214],"attacker.":[215]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":5}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}