A Fine-Grained Control Flow Integrity Approach Against Runtime Memory Attacks for Embedded Systems
Runtime attacks on memory, such as buffer overflow based stack smashing and code reuse attacks, are common in embedded systems. Control flow integrity (CFI) has been acknowledged as one promising approach to protect against such runtime attacks. However, previous CFI implementations suffer from coar...
Uložené v:
| Vydané v: | IEEE transactions on very large scale integration (VLSI) systems Ročník 24; číslo 11; s. 3193 - 3207 |
|---|---|
| Hlavní autori: | , , |
| Médium: | Journal Article |
| Jazyk: | English |
| Vydavateľské údaje: |
New York
IEEE
01.11.2016
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Predmet: | |
| ISSN: | 1063-8210, 1557-9999 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | Runtime attacks on memory, such as buffer overflow based stack smashing and code reuse attacks, are common in embedded systems. Control flow integrity (CFI) has been acknowledged as one promising approach to protect against such runtime attacks. However, previous CFI implementations suffer from coarse granularity (which can be circumvented by an advanced attack model) and high-performance overhead. In this paper, first, we present an approach to enforce fine-grained CFI at a basic block level, named basic block CFI (BB-CFI), which aims to defend against aforesaid attacks. The key idea is to verify the target address (TA) of control flow instructions (CFINs) (e.g., call, ret, and imp), which may be modified by the adversary. BB-CFI contains two stages: 1) offline profiling of the program-to extract the control flow information and 2) runtime control flow checking-to verify the TA of CFINs using the extracted information. We also handle the exceptional cases (e.g., multithreading, C++ exception, and longjump) that are found in complex binaries. Second, we propose an architectural design of control flow checker (CFC), which monitors the program execution during runtime to enforce BB-CFI. For proof of concept, we implement the CFC in field-programmable gate array (FPGA). Our method does not require the modification of the source code or the instruction set architecture. The experimental results demonstrate that BB-CFI is effective against runtime attacks, with 100% verification accuracy. The CFC implementation on FPGA shows <;1% performance overhead and a small dynamic power consumption of 78 mW, with very small area footprint. |
|---|---|
| AbstractList | Runtime attacks on memory, such as buffer overflow based stack smashing and code reuse attacks, are common in embedded systems. Control flow integrity (CFI) has been acknowledged as one promising approach to protect against such runtime attacks. However, previous CFI implementations suffer from coarse granularity (which can be circumvented by an advanced attack model) and high-performance overhead. In this paper, first, we present an approach to enforce fine-grained CFI at a basic block level, named basic block CFI (BB-CFI), which aims to defend against aforesaid attacks. The key idea is to verify the target address (TA) of control flow instructions (CFINs) (e.g., [Formula Omitted], [Formula Omitted], and [Formula Omitted]), which may be modified by the adversary. BB-CFI contains two stages: 1) offline profiling of the progr--to extract the control flow information and 2) runtime control flow checking--to verify the TA of CFINs using the extracted information. We also handle the exceptional cases (e.g., multithreading, C++ exception, and longjump) that are found in complex binaries. Second, we propose an architectural design of control flow checker (CFC), which monitors the program execution during runtime to enforce BB-CFI. For proof of concept, we implement the CFC in field-programmable gate array (FPGA). Our method does not require the modification of the source code or the instruction set architecture. The experimental results demonstrate that BB-CFI is effective against runtime attacks, with 100% verification accuracy. The CFC implementation on FPGA shows <1% performance overhead and a small dynamic power consumption of 78 mW, with very small area footprint. Runtime attacks on memory, such as buffer overflow based stack smashing and code reuse attacks, are common in embedded systems. Control flow integrity (CFI) has been acknowledged as one promising approach to protect against such runtime attacks. However, previous CFI implementations suffer from coarse granularity (which can be circumvented by an advanced attack model) and high-performance overhead. In this paper, first, we present an approach to enforce fine-grained CFI at a basic block level, named basic block CFI (BB-CFI), which aims to defend against aforesaid attacks. The key idea is to verify the target address (TA) of control flow instructions (CFINs) (e.g., call, ret, and imp), which may be modified by the adversary. BB-CFI contains two stages: 1) offline profiling of the program-to extract the control flow information and 2) runtime control flow checking-to verify the TA of CFINs using the extracted information. We also handle the exceptional cases (e.g., multithreading, C++ exception, and longjump) that are found in complex binaries. Second, we propose an architectural design of control flow checker (CFC), which monitors the program execution during runtime to enforce BB-CFI. For proof of concept, we implement the CFC in field-programmable gate array (FPGA). Our method does not require the modification of the source code or the instruction set architecture. The experimental results demonstrate that BB-CFI is effective against runtime attacks, with 100% verification accuracy. The CFC implementation on FPGA shows <;1% performance overhead and a small dynamic power consumption of 78 mW, with very small area footprint. |
| Author | Yang Liu Wei Zhang Das, Sanjeev |
| Author_xml | – sequence: 1 givenname: Sanjeev surname: Das fullname: Das, Sanjeev email: sanjeevk001@e.ntu.edu.sg organization: Nanyang Technol. Univ., Singapore, Singapore – sequence: 2 surname: Wei Zhang fullname: Wei Zhang email: wei.zhang@ust.hk organization: Hong Kong Univ. of Sci. & Technol., Hong Kong, China – sequence: 3 surname: Yang Liu fullname: Yang Liu email: yangliu@ntu.edu.sg organization: Nanyang Technol. Univ., Singapore, Singapore |
| BookMark | eNp9kM9PwjAUxxuDiYD-A3pp4nnYdt3WHgkBJMGYCHpduu4Nh9uKbYnhv7cI8eDBd3kved_P-_EdoF5nOkDolpIRpUQ-rN-Wq8WIEZqOWMJFktIL1KdJkkUyRC_UJI0jwSi5QgPntoRQziXpo2KMZ3UH0dyqkEo8MZ23psGzxnzhRedhY2t_wOPdzhql3_F4E3TO45d95-sW8BO0xoa-90p_OFwZi6dtAWUZZq0OzkPrrtFlpRoHN-c8RK-z6XryGC2f54vJeBlpJhMfaUErmWiVViUTooACKFRMloQQDgWPIY4LyUuqSCI1L4uMcJ0ynnGiqdZZGg_R_WluOPVzD87nW7O3XViZUxFTnkgWy6ASJ5W2xjkLVa5rr3x9_FvVTU5JfnQ0_3E0Pzqanx0NKPuD7mzdKnv4H7o7QTUA_AIZT7kQafwNQ66EeQ |
| CODEN | IEVSE9 |
| CitedBy_id | crossref_primary_10_1145_3280852 crossref_primary_10_1007_s11227_020_03542_1 crossref_primary_10_1007_s11432_023_3865_0 crossref_primary_10_1016_j_cose_2023_103384 crossref_primary_10_1109_JIOT_2018_2866164 crossref_primary_10_1145_3476989 crossref_primary_10_1016_j_sysarc_2022_102644 crossref_primary_10_1051_matecconf_201821002047 crossref_primary_10_1007_s10207_018_00425_8 crossref_primary_10_3390_mi14081525 crossref_primary_10_1109_TIFS_2025_3580342 crossref_primary_10_1145_3538275 crossref_primary_10_1109_TVLSI_2020_3021533 crossref_primary_10_1145_3371151 crossref_primary_10_1007_s10796_020_10095_4 crossref_primary_10_1145_3672460 crossref_primary_10_1109_TDSC_2020_3009212 crossref_primary_10_3390_electronics11060912 crossref_primary_10_3390_electronics9071165 crossref_primary_10_1145_3458471 crossref_primary_10_1371_journal_pone_0201127 crossref_primary_10_1109_ACCESS_2022_3205426 crossref_primary_10_1007_s11265_021_01732_5 crossref_primary_10_1109_ACCESS_2023_3337043 |
| Cites_doi | 10.1145/1655108.1655117 10.1109/ISPASS.2005.1430554 10.1109/TC.1987.1676899 10.1109/ICCD.2012.6378624 10.1109/LES.2012.2218630 10.1145/1315245.1315313 10.1145/1920261.1920301 10.1109/12.54849 10.1145/2076732.2076739 10.1007/978-3-540-89862-7_1 10.1145/2593069.2596656 10.1109/HPCA.2013.6522324 10.1109/SP.2008.31 10.1109/SP.2013.45 10.1007/s10207-014-0233-1 10.1109/ISVLSI.2014.84 10.1145/378993.379237 10.1109/TIFS.2011.2166960 10.1145/1186736.1186737 10.1145/1755913.1755934 10.1109/ICCD.2004.1347961 10.1145/2366231.2337171 10.1145/1102120.1102165 10.1145/2370816.2370865 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2016 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2016 |
| DBID | 97E RIA RIE AAYXX CITATION 7SP 8FD L7M |
| DOI | 10.1109/TVLSI.2016.2548561 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Electronics & Communications Abstracts Technology Research Database Advanced Technologies Database with Aerospace |
| DatabaseTitle | CrossRef Technology Research Database Advanced Technologies Database with Aerospace Electronics & Communications Abstracts |
| DatabaseTitleList | Technology Research Database |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 1557-9999 |
| EndPage | 3207 |
| ExternalDocumentID | 4225537061 10_1109_TVLSI_2016_2548561 7464886 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Cybersecurity R&D Directorate – fundername: National Research Foundation, Prime Minister’s Office, Singapore under its National Cybersecurity R&D Program grantid: NRF2014NCRNCR001-30 funderid: 10.13039/501100001381 |
| GroupedDBID | -~X .DC 0R~ 29I 3EH 4.4 5GY 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABFSI ABQJQ ABVLG ACGFS ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AI. AIBXA AKJIK AKQYR ALLEH ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 E.L EBS EJD HZ~ H~9 ICLAB IEDLZ IFIPE IFJZH IPLJI JAVBF LAI M43 O9- OCL P2P RIA RIE RNS TN5 VH1 AAYXX CITATION 7SP 8FD L7M |
| ID | FETCH-LOGICAL-c295t-c81f95ca6fd288bebe1ef29d0004eb43e33b94d1a059c4db704c624740c1cc763 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 40 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000386979600001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1063-8210 |
| IngestDate | Sun Nov 09 07:05:36 EST 2025 Sat Nov 29 03:36:10 EST 2025 Tue Nov 18 21:32:40 EST 2025 Tue Aug 26 16:43:21 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 11 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c295t-c81f95ca6fd288bebe1ef29d0004eb43e33b94d1a059c4db704c624740c1cc763 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-9748-3827 |
| PQID | 1831459239 |
| PQPubID | 85424 |
| PageCount | 15 |
| ParticipantIDs | ieee_primary_7464886 crossref_primary_10_1109_TVLSI_2016_2548561 crossref_citationtrail_10_1109_TVLSI_2016_2548561 proquest_journals_1831459239 |
| PublicationCentury | 2000 |
| PublicationDate | 2016-Nov. 2016-11-00 20161101 |
| PublicationDateYYYYMMDD | 2016-11-01 |
| PublicationDate_xml | – month: 11 year: 2016 text: 2016-Nov. |
| PublicationDecade | 2010 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE transactions on very large scale integration (VLSI) systems |
| PublicationTitleAbbrev | TVLSI |
| PublicationYear | 2016 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref12 ref37 ref15 ref36 ref31 ref30 ref33 ref11 ref32 ref2 (ref44) 2014 arora (ref22) 2006; 2 ref19 ref18 pappas (ref26) 2013 chiueh (ref17) 2001 cowan (ref16) 1998 xia (ref27) 2012 (ref3) 2003 andersen (ref20) 2004 ref24 ref23 (ref43) 2014 ref25 oakley (ref34) 2011 guthaus (ref39) 2001 salwan (ref13) 2014 ref21 zhang (ref10) 2013 ref28 ref29 ref8 le (ref14) 2010 ref7 ref4 bletsch (ref5) 2011 li (ref1) 2011 ref6 henning (ref38) 2006; 34 ref40 skochinsky (ref35) 2012 (ref42) 2014 mccalpin (ref41) 2014 zhang (ref9) 2013 |
| References_xml | – ident: ref18 doi: 10.1145/1655108.1655117 – year: 2010 ident: ref14 publication-title: Payload Already Inside Data Reuse for ROP Exploits – year: 2014 ident: ref42 publication-title: Multi2sim A heterogeneous system simulator – start-page: 63 year: 1998 ident: ref16 article-title: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks publication-title: Proc SSYM – ident: ref40 doi: 10.1109/ISPASS.2005.1430554 – ident: ref11 doi: 10.1109/TC.1987.1676899 – start-page: 30 year: 2011 ident: ref5 article-title: Jump-oriented programming: A new class of code-reuse attack publication-title: Proc ASIACCS – ident: ref30 doi: 10.1109/ICCD.2012.6378624 – start-page: 1 year: 2012 ident: ref27 article-title: CFIMon: Detecting violation of control flow integrity using performance counters publication-title: Proc 42nd Annu IEEE/IFIP Int Conf DSN – ident: ref36 doi: 10.1109/LES.2012.2218630 – year: 2012 ident: ref35 publication-title: Compiler Internals Exceptions and RTTI – ident: ref4 doi: 10.1145/1315245.1315313 – ident: ref33 doi: 10.1145/1920261.1920301 – year: 2014 ident: ref13 publication-title: ROPgadget-Gadgets Finder and Auto-Roper – ident: ref6 doi: 10.1109/12.54849 – year: 2004 ident: ref20 publication-title: Data Execution Prevention Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 3 Memory Protection Technologies – start-page: 3 year: 2001 ident: ref39 article-title: MiBench: A free, commercially representative embedded benchmark suite publication-title: Proceedings of the 4th IEEE International Workshop on Workload Characterization (WWC-4) – year: 2014 ident: ref41 publication-title: Stream Benchmark – ident: ref12 doi: 10.1145/2076732.2076739 – ident: ref32 doi: 10.1007/978-3-540-89862-7_1 – ident: ref8 doi: 10.1145/2593069.2596656 – ident: ref25 doi: 10.1109/HPCA.2013.6522324 – ident: ref2 doi: 10.1109/SP.2008.31 – ident: ref15 doi: 10.1109/SP.2013.45 – start-page: 337 year: 2013 ident: ref10 article-title: Control flow integrity for COTS binaries publication-title: Proc Usenix Security Conf – start-page: 409 year: 2001 ident: ref17 article-title: RAD: A compile-time solution to buffer overflow attacks publication-title: Proc ICDSC – start-page: 150 year: 2011 ident: ref1 article-title: Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system publication-title: Proc Healthcom – volume: 2 start-page: 18 year: 2006 ident: ref22 article-title: Architectural enhancements for secure embedded processing publication-title: NATO Secur Through Sci D Inf Commun Secur – start-page: 91 year: 2011 ident: ref34 article-title: Exploiting the hard-working DWARF: Trojan and exploit techniques with no native executable code publication-title: Proc WOOT – start-page: 559 year: 2013 ident: ref9 article-title: Practical control flow integrity and randomization for binary executables publication-title: Proceedings of Security and Privacy – ident: ref31 doi: 10.1007/s10207-014-0233-1 – year: 2014 ident: ref44 publication-title: Processor Specification – ident: ref29 doi: 10.1109/ISVLSI.2014.84 – ident: ref21 doi: 10.1145/378993.379237 – ident: ref24 doi: 10.1109/TIFS.2011.2166960 – volume: 34 start-page: 1 year: 2006 ident: ref38 article-title: SPEC CPU2006 benchmark descriptions publication-title: ACM SIGARCH Comput Archit News doi: 10.1145/1186736.1186737 – ident: ref19 doi: 10.1145/1755913.1755934 – ident: ref23 doi: 10.1109/ICCD.2004.1347961 – year: 2003 ident: ref3 publication-title: PaX Non-executable Pages Design & Implementation – start-page: 447 year: 2013 ident: ref26 article-title: Transparent ROP exploit mitigation using indirect branch tracing publication-title: Proc USENIX Security07 – ident: ref28 doi: 10.1145/2366231.2337171 – ident: ref7 doi: 10.1145/1102120.1102165 – year: 2014 ident: ref43 publication-title: Valgrind Exp-bbv - Basic Block Vector Generation Tool – ident: ref37 doi: 10.1145/2370816.2370865 |
| SSID | ssj0014490 |
| Score | 2.346314 |
| Snippet | Runtime attacks on memory, such as buffer overflow based stack smashing and code reuse attacks, are common in embedded systems. Control flow integrity (CFI)... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 3193 |
| SubjectTerms | Buffer overflow Code reuse control flow integrity (CFI) Data mining embedded security Embedded systems Field programmable gate arrays jump-oriented programming (JOP) Libraries Pumps return-oriented programming (ROP) Runtime Security |
| Title | A Fine-Grained Control Flow Integrity Approach Against Runtime Memory Attacks for Embedded Systems |
| URI | https://ieeexplore.ieee.org/document/7464886 https://www.proquest.com/docview/1831459239 |
| Volume | 24 |
| WOSCitedRecordID | wos000386979600001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVIEE databaseName: IEEE Electronic Library (IEL) customDbUrl: eissn: 1557-9999 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0014490 issn: 1063-8210 databaseCode: RIE dateStart: 19930101 isFulltext: true titleUrlDefault: https://ieeexplore.ieee.org/ providerName: IEEE |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LS8QwEB508aAH3-L6IgdvGm23aZocl8VVQUV84a00yVQE3RW36t93knYXRRG8tXQSSr_pZCaZ-QZg1xRaoTGSG4XIhckSXlAUxgssVUlKUriaXf8su7hQ9_f6cgr2J7UwiBiSz_DAX4azfDe0b36r7DATkvRNTsN0lsm6VmtyYiCErpkHZMIVxTHjAplIH97cnV2f-iwueUDhkEpl_G0RCl1VfpjisL70F_73Zosw3_iRrFsDvwRTOFiGuS_sgitguqxPd_zYd4FAx3p1VjrrPw0_2GmgiSAXnHUbVnHWfSC5UcWufPeIZ2TnPgmXnleVr8Nn5N2yo2eDZKkca4jOV-G2f3TTO-FNSwVuOzqtuFVxqVNbyNJ1lDKEYIxlRzvv2qERCSaJ0cLFBXldVjiTRcLKjshEZGNryRatQWswHOA6MCGi0tBcTkotrElMKUUW2HR0GaU2aUM8_sa5bfjGfduLpzzEHZHOAy65xyVvcGnD3mTMS8228af0ikdiItmA0IatMZR580OOcrJcsUjJm9Ubv4_ahFk_d11muAWt6vUNt2HGvlePo9edoGufHNrRyA |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1RT9swED4Bm8T2wBgwUWDDD3sDQ9I4jv1YITqqlQqxgniLYvsyTYIW0bD9_Z0dtwKBJu0tUc5JlO9yvrPvvgP4aiqt0BjJjULkwhQZrygK4xXWqiYlqVzLrj8sRiN1c6MvluBwUQuDiCH5DI_8YdjLd1P76JfKjgshSd_kMrzxnbNitdZiz0AI3XIPyIwrimTmJTKJPh5fD38MfB6XPKKASOUyfTYNhb4qL4xxmGH6H_7v3dZhLXqSrNdC_xGWcLIB75_wC26C6bE-nfFvvg8EOnbS5qWz_u30DxsEoghywlkv8oqz3k-SmzXs0vePuEN27tNw6XrT-Ep8Rv4tO70zSLbKsUh1vgVX_dPxyRmPTRW47eq84Valtc5tJWvXVcoQhinWXe28c4dGZJhlRguXVuR3WeFMkQgru6IQiU2tJWv0CVYm0wluAxMiqQ3dy0mphTWZqaUoAp-OrpPcZh1I59-4tJFx3De-uC1D5JHoMuBSelzKiEsHDhZj7lu-jX9Kb3okFpIRhA7szaEs4y85K8l2pSInf1bvvD5qH1bPxufDcjgYfd-Fd_45bdHhHqw0D4_4Gd7a382v2cOXoHd_ATUU1RE |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Fine-Grained+Control+Flow+Integrity+Approach+Against+Runtime+Memory+Attacks+for+Embedded+Systems&rft.jtitle=IEEE+transactions+on+very+large+scale+integration+%28VLSI%29+systems&rft.au=Das%2C+Sanjeev&rft.au=Zhang%2C+Wei&rft.au=Liu%2C+Yang&rft.date=2016-11-01&rft.pub=The+Institute+of+Electrical+and+Electronics+Engineers%2C+Inc.+%28IEEE%29&rft.issn=1063-8210&rft.eissn=1557-9999&rft.volume=24&rft.issue=11&rft.spage=3193&rft_id=info:doi/10.1109%2FTVLSI.2016.2548561&rft.externalDBID=NO_FULL_TEXT&rft.externalDocID=4225537061 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1063-8210&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1063-8210&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1063-8210&client=summon |