{"id":"https://openalex.org/W3198309584","doi":"https://doi.org/10.1145/3462699","title":"Exploitation Techniques for Data-oriented Attacks with Existing and Potential Defense Approaches","display_name":"Exploitation Techniques for Data-oriented Attacks with Existing and Potential Defense Approaches","publication_year":2021,"publication_date":"2021-09-02","ids":{"openalex":"https://openalex.org/W3198309584","doi":"https://doi.org/10.1145/3462699","mag":"3198309584"},"language":"en","primary_location":{"id":"doi:10.1145/3462699","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3462699","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3462699","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3462699","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101731002","display_name":"Long Cheng","orcid":"https://orcid.org/0000-0003-1736-0873"},"institutions":[{"id":"https://openalex.org/I8078737","display_name":"Clemson University","ror":"https://ror.org/037s24f05","country_code":"US","type":"education","lineage":["https://openalex.org/I8078737"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Long Cheng","raw_affiliation_strings":["School of Computing, Clemson University, USA"],"affiliations":[{"raw_affiliation_string":"School of Computing, Clemson University, USA","institution_ids":["https://openalex.org/I8078737"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049447247","display_name":"Salman Ahmed","orcid":"https://orcid.org/0000-0003-0290-5367"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Salman Ahmed","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057063593","display_name":"Hans Liljestrand","orcid":"https://orcid.org/0000-0003-0485-679X"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Hans Liljestrand","raw_affiliation_strings":["David R. Cheriton School of Computer Science, University of Waterloo, Canada"],"affiliations":[{"raw_affiliation_string":"David R. Cheriton School of Computer Science, University of Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032600730","display_name":"Thomas Nyman","orcid":"https://orcid.org/0000-0001-7647-6230"},"institutions":[{"id":"https://openalex.org/I9927081","display_name":"Aalto University","ror":"https://ror.org/020hwjq30","country_code":"FI","type":"education","lineage":["https://openalex.org/I9927081"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Thomas Nyman","raw_affiliation_strings":["Department of Computer Science, Aalto University, Finland"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Aalto University, Finland","institution_ids":["https://openalex.org/I9927081"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076081056","display_name":"Haipeng Cai","orcid":"https://orcid.org/0000-0002-5224-9970"},"institutions":[{"id":"https://openalex.org/I72951846","display_name":"Washington State University","ror":"https://ror.org/05dk0ce17","country_code":"US","type":"education","lineage":["https://openalex.org/I72951846"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haipeng Cai","raw_affiliation_strings":["School of Electrical Engineering and Computer Science, Washington State University, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering and Computer Science, Washington State University, USA","institution_ids":["https://openalex.org/I72951846"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055045569","display_name":"Trent Jaeger","orcid":"https://orcid.org/0000-0002-4964-1170"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Trent Jaeger","raw_affiliation_strings":["Department of Computer Science and Engineering, Pennsylvania State University, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Pennsylvania State University, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016685507","display_name":"N. Asokan","orcid":"https://orcid.org/0000-0002-5093-9871"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"N. Asokan","raw_affiliation_strings":["David R. Cheriton School of Computer Science, University of Waterloo, Canada"],"affiliations":[{"raw_affiliation_string":"David R. Cheriton School of Computer Science, University of Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034366344","display_name":"Danfeng Yao","orcid":"https://orcid.org/0000-0001-8969-2792"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Danfeng (Daphne) Yao","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, USA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5101731002"],"corresponding_institution_ids":["https://openalex.org/I8078737"],"apc_list":null,"apc_paid":null,"fwci":1.7675,"has_fulltext":true,"cited_by_count":19,"citation_normalized_percentile":{"value":0.87586886,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"24","issue":"4","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9904999732971191,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7267630100250244},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7140029668807983},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.6057507395744324},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5943017601966858},{"id":"https://openalex.org/keywords/data-flow-diagram","display_name":"Data flow diagram","score":0.582834005355835},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.4562380015850067},{"id":"https://openalex.org/keywords/data-integrity","display_name":"Data integrity","score":0.45521020889282227},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.43871358036994934},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4338380992412567},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1376802623271942},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1260894238948822},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.07600745558738708}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7267630100250244},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7140029668807983},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.6057507395744324},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5943017601966858},{"id":"https://openalex.org/C489000","wikidata":"https://www.wikidata.org/wiki/Q747385","display_name":"Data flow diagram","level":2,"score":0.582834005355835},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.4562380015850067},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.45521020889282227},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.43871358036994934},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4338380992412567},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1376802623271942},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1260894238948822},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.07600745558738708},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3462699","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3462699","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3462699","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3462699","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3462699","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3462699","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.49000000953674316,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G5468682457","display_name":null,"funder_award_id":"CNS-1929701","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3198309584.pdf","grobid_xml":"https://content.openalex.org/works/W3198309584.grobid-xml"},"referenced_works_count":112,"referenced_works":["https://openalex.org/W1429241971","https://openalex.org/W1459231281","https://openalex.org/W1477563924","https://openalex.org/W1480909796","https://openalex.org/W1575709006","https://openalex.org/W1585610988","https://openalex.org/W1591211019","https://openalex.org/W1605557845","https://openalex.org/W1655226010","https://openalex.org/W1823377586","https://openalex.org/W1878544538","https://openalex.org/W1904738922","https://openalex.org/W1922844761","https://openalex.org/W1963947298","https://openalex.org/W1985551847","https://openalex.org/W1987898580","https://openalex.org/W1992221070","https://openalex.org/W1992741024","https://openalex.org/W2003619630","https://openalex.org/W2008704879","https://openalex.org/W2033593513","https://openalex.org/W2035991175","https://openalex.org/W2066852506","https://openalex.org/W2072102701","https://openalex.org/W2079029390","https://openalex.org/W2081105932","https://openalex.org/W2081768685","https://openalex.org/W2086795351","https://openalex.org/W2089448621","https://openalex.org/W2096267728","https://openalex.org/W2111927651","https://openalex.org/W2113864883","https://openalex.org/W2117798902","https://openalex.org/W2119232722","https://openalex.org/W2121579803","https://openalex.org/W2123436168","https://openalex.org/W2124360577","https://openalex.org/W2132806808","https://openalex.org/W2138517425","https://openalex.org/W2140557450","https://openalex.org/W2140611647","https://openalex.org/W2141365240","https://openalex.org/W2141389113","https://openalex.org/W2148686658","https://openalex.org/W2152507484","https://openalex.org/W2154555738","https://openalex.org/W2155810272","https://openalex.org/W2155851497","https://openalex.org/W2159059513","https://openalex.org/W2162800072","https://openalex.org/W2168440882","https://openalex.org/W2168843528","https://openalex.org/W2171482413","https://openalex.org/W2258876169","https://openalex.org/W2276979642","https://openalex.org/W2296251644","https://openalex.org/W2301548261","https://openalex.org/W2301588800","https://openalex.org/W2495657724","https://openalex.org/W2499909786","https://openalex.org/W2511463445","https://openalex.org/W2512784977","https://openalex.org/W2517176850","https://openalex.org/W2523221082","https://openalex.org/W2584029330","https://openalex.org/W2601109594","https://openalex.org/W2602748134","https://openalex.org/W2607063282","https://openalex.org/W2612168751","https://openalex.org/W2612397603","https://openalex.org/W2612611921","https://openalex.org/W2726232829","https://openalex.org/W2752493903","https://openalex.org/W2752985907","https://openalex.org/W2753693129","https://openalex.org/W2755572540","https://openalex.org/W2766542353","https://openalex.org/W2774169481","https://openalex.org/W2794691759","https://openalex.org/W2804108441","https://openalex.org/W2808492852","https://openalex.org/W2846746907","https://openalex.org/W2884076027","https://openalex.org/W2891196279","https://openalex.org/W2891457144","https://openalex.org/W2945713124","https://openalex.org/W2963163273","https://openalex.org/W2963893085","https://openalex.org/W2963934162","https://openalex.org/W2965270941","https://openalex.org/W2969364302","https://openalex.org/W2978757628","https://openalex.org/W2985879431","https://openalex.org/W3015593455","https://openalex.org/W3016326598","https://openalex.org/W3033703059","https://openalex.org/W3057353022","https://openalex.org/W3092233123","https://openalex.org/W3096291879","https://openalex.org/W3100376658","https://openalex.org/W3106149149","https://openalex.org/W3109934402","https://openalex.org/W3138733102","https://openalex.org/W3164160032","https://openalex.org/W4237907241","https://openalex.org/W4242254025","https://openalex.org/W4243885711","https://openalex.org/W4245410964","https://openalex.org/W4249886898","https://openalex.org/W4251377746","https://openalex.org/W4302784197","https://openalex.org/W6768779726"],"related_works":["https://openalex.org/W2188516702","https://openalex.org/W2095925360","https://openalex.org/W1549956274","https://openalex.org/W4246377515","https://openalex.org/W2052160877","https://openalex.org/W2040778456","https://openalex.org/W2119238100","https://openalex.org/W2148473336","https://openalex.org/W4254236578","https://openalex.org/W2144344516"],"abstract_inverted_index":{"Data-oriented":[0],"attacks":[1,22,100],"manipulate":[2],"non-control":[3],"data":[4],"to":[5,61],"alter":[6],"a":[7],"program\u2019s":[8],"benign":[9],"behavior":[10],"without":[11],"violating":[12],"its":[13],"control-flow":[14,32,109,124],"integrity.":[15],"It":[16,84],"has":[17],"been":[18,40],"shown":[19],"that":[20,88],"such":[21],"can":[23],"cause":[24],"significant":[25],"damage":[26],"even":[27],"in":[28,75,111],"the":[29,131],"presence":[30],"of":[31,77],"defense":[33],"mechanisms.":[34],"However,":[35,98],"these":[36,73],"threats":[37],"have":[38],"not":[39,92],"adequately":[41],"addressed.":[42],"In":[43,130],"this":[44],"survey":[45],"article,":[46],"we":[47,68,133],"first":[48],"map":[49],"data-oriented":[50,96,99,128,139],"exploits,":[51],"including":[52],"Data-Oriented":[53],"Programming":[54,58],"(DOP)":[55],"and":[56,64,82,118,141],"Block-Oriented":[57],"(BOP)":[59],"attacks,":[60,74],"their":[62],"assumptions/requirements":[63],"attack":[65],"capabilities.":[66],"Then,":[67],"compare":[69],"known":[70],"defenses":[71,140],"against":[72],"terms":[76],"approach,":[78],"detection":[79],"capabilities,":[80],"overhead,":[81],"compatibility.":[83],"is":[85],"generally":[86],"believed":[87],"control":[89],"flows":[90],"may":[91,104],"be":[93],"useful":[94],"for":[95,136],"security.":[97],"(especially":[101],"DOP":[102],"attacks)":[103],"generate":[105],"side":[106],"effects":[107],"on":[108],"behaviors":[110,117],"multiple":[112],"dimensions":[113],"(i.e.,":[114],"incompatible":[115],"branch":[116],"frequency":[119],"anomalies).":[120],"We":[121],"also":[122],"characterize":[123],"anomalies":[125],"caused":[126],"by":[127],"attacks.":[129],"end,":[132],"discuss":[134],"challenges":[135],"building":[137],"deployable":[138],"open":[142],"research":[143],"questions.":[144]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}