{"id":"https://openalex.org/W1632845499","doi":"https://doi.org/10.3233/jcs-2009-0322","title":"Address-space layout randomization using code islands","display_name":"Address-space layout randomization using code islands","publication_year":2009,"publication_date":"2009-04-15","ids":{"openalex":"https://openalex.org/W1632845499","doi":"https://doi.org/10.3233/jcs-2009-0322","mag":"1632845499"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-2009-0322","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-2009-0322","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103337390","display_name":"Haizhi Xu","orcid":null},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Haizhi Xu","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY, USA. E-mails: hxu02@syr.edu, chapin@syr.edu"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY, USA. E-mails: hxu02@syr.edu, chapin@syr.edu","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013358324","display_name":"Steve J. Chapin","orcid":null},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steve J. Chapin","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY, USA. E-mails: hxu02@syr.edu, chapin@syr.edu"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY, USA. E-mails: hxu02@syr.edu, chapin@syr.edu","institution_ids":["https://openalex.org/I70983195"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5103337390"],"corresponding_institution_ids":["https://openalex.org/I70983195"],"apc_list":null,"apc_paid":null,"fwci":3.4895,"has_fulltext":false,"cited_by_count":22,"citation_normalized_percentile":{"value":0.92525544,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"17","issue":"3","first_page":"331","last_page":"362"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7962449789047241},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5730821490287781},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.43049055337905884},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.4180067777633667},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.258444607257843},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.24302732944488525},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.12145167589187622},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.08902573585510254}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7962449789047241},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5730821490287781},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.43049055337905884},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.4180067777633667},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.258444607257843},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.24302732944488525},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.12145167589187622},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08902573585510254},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-2009-0322","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-2009-0322","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Life below water","score":0.5199999809265137,"id":"https://metadata.un.org/sdg/14"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1545927878","https://openalex.org/W1593678010","https://openalex.org/W1601102718","https://openalex.org/W2090181646","https://openalex.org/W2098010707","https://openalex.org/W2101699859","https://openalex.org/W2102902405","https://openalex.org/W2108860402","https://openalex.org/W2128217000","https://openalex.org/W2135143063","https://openalex.org/W2140073981","https://openalex.org/W2151829269","https://openalex.org/W2151996777","https://openalex.org/W2171264329","https://openalex.org/W2978757628"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W4391913857","https://openalex.org/W2350741829","https://openalex.org/W2530322880"],"abstract_inverted_index":{"Address-Space":[0],"Layout":[1],"Randomization":[2],"(ASLR)":[3],"techniques":[4,18,40],"prevent":[5],"intruders":[6],"from":[7,88],"locating":[8,28],"target":[9,174],"functions":[10,175,235],"by":[11,27,248],"randomizing":[12],"the":[13,63,85,97,107,115,123,129,199,230],"process":[14,200,228],"layout.":[15],"Prior":[16],"ASLR":[17,149,163],"defended":[19],"against":[20,46,167],"single-target":[21],"brute":[22],"force":[23],"attacks,":[24],"which":[25],"work":[26],"a":[29,52,77,177,186,227,243],"single,":[30],"omnipotent":[31],"system":[32,55,233],"library":[33,56,234],"function":[34,110,121],"such":[35],"as":[36,127],"execve().":[37],"Th":[38],"ese":[39],"are":[41],"not":[42,94],"sufficient":[43],"to":[44,128,204,225],"defend":[45],"chained":[47,70,181],"return-into-lib(c)":[48,71,182],"attacks":[49],"that":[50,68,81,154,190,218,255],"call":[51],"sequence":[53],"of":[54,79,119,132,141,147,172,180,196],"functions.":[57],"In":[58],"this":[59],"paper,":[60],"we":[61],"describe":[62],"Island":[64,92],"Code":[65],"Transformation":[66],"(ICT)":[67],"addresses":[69,171],"attacks.":[72,183],"A":[73],"code":[74,80,90,93,237],"island":[75],"is":[76,82,156,202,257],"block":[78],"isolated":[83],"in":[84,101,109,165,236],"address":[86],"space":[87],"other":[89,133],"blocks.":[91],"only":[95],"randomizes":[96],"base":[98],"pointers":[99],"used":[100],"memory":[102,130],"mapping,":[103],"but":[104],"also":[105,136],"maximizes":[106],"entropy":[108],"layout":[111,201],"(that":[112],"is,":[113],"knowing":[114],"location":[116,131],"and":[117,207,239],"extent":[118],"one":[120],"gains":[122],"attacker":[124],"little":[125],"knowledge":[126],"functions).":[134],"We":[135],"provide":[137],"an":[138],"efficacy":[139],"analysis":[140,152],"randomization":[142],"schemes":[143],"based":[144],"on":[145,212],"combinations":[146],"available":[148],"techniques.":[150],"Our":[151,209],"shows":[153,217],"ICT":[155,184,256],"exponentially":[157],"more":[158],"effective":[159],"than":[160,222],"any":[161],"prior":[162],"technique":[164,241],"defending":[166],"brute-force":[168],"searches":[169],"for":[170,259],"multiple":[173],"\u2013":[176],"key":[178],"component":[179],"uses":[185],"predefined":[187],"rerandomization":[188],"threshold,":[189],"determines":[191],"how":[192],"frequently":[193],"(in":[194],"terms":[195],"failed":[197],"attacks)":[198],"re-randomized":[203],"balance":[205],"security":[206],"availability.":[208],"overhead":[210,246],"measurement":[211],"some":[213],"well-known":[214],"GNU":[215],"applications":[216],"it":[219],"takes":[220],"less":[221],"0.05":[223],"second":[224],"load/rerandomize":[226],"with":[229],"necessary":[231],"C":[232],"islands,":[238],"our":[240],"introduces":[242],"3\u201310%":[244],"run-time":[245],"caused":[247],"inter-island":[249],"control":[250],"transfers.":[251],"We,":[252],"therefore,":[253],"conclude":[254],"well-suited":[258],"dedicated":[260],"servers.":[261]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":3},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":2},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}