ROPocop — Dynamic mitigation of code-reuse attacks

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques; but nevertheless, new exploits that successfully bypass these technolog...

Full description

Saved in:
Bibliographic Details
Published in:Journal of information security and applications Vol. 29; pp. 16 - 26
Main Authors: Follner, Andreas, Bodden, Eric
Format: Journal Article
Language:English
Published: Elsevier Ltd 01.08.2016
Subjects:
Buffer overflow
Code-reuse attack
Dynamic binary instrumentation
Exploit mitigation
Return-oriented programming
System security
Code-reuse attack
Return-oriented programming
Exploit mitigation
System security
Buffer overflow
Dynamic binary instrumentation
ISSN:2214-2126
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques; but nevertheless, new exploits that successfully bypass these technologies still appear on a regular basis. In this paper, we propose ROPocop, a novel approach for detecting and preventing the execution of injected code and for mitigating code-reuse attacks such as return-oriented programming (RoP). ROPocop uses dynamic binary instrumentation, requiring neither access to source code nor debug symbols or changes to the operating system. It mitigates attacks both by monitoring the program counter at potentially dangerous points and by detecting suspicious program flows. We have implemented ROPocop for Windows x86 using PIN, a dynamic program instrumentation framework from Intel. Benchmarks using the SPEC CPU2006 suite show an average overhead of 2.4×, which is comparable to similar approaches, which give weaker guarantees. Real-world applications show only an initially noticeable input lag and no stutter. In our evaluation our tool successfully detected all 11 of the latest real-world code-reuse exploits, with no false alarms. Therefore, despite the overhead, it is a viable, temporary solution to secure critical systems against exploits if a vendor patch is not yet available.
AbstractList Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques; but nevertheless, new exploits that successfully bypass these technologies still appear on a regular basis. In this paper, we propose ROPocop, a novel approach for detecting and preventing the execution of injected code and for mitigating code-reuse attacks such as return-oriented programming (RoP). ROPocop uses dynamic binary instrumentation, requiring neither access to source code nor debug symbols or changes to the operating system. It mitigates attacks both by monitoring the program counter at potentially dangerous points and by detecting suspicious program flows. We have implemented ROPocop for Windows x86 using PIN, a dynamic program instrumentation framework from Intel. Benchmarks using the SPEC CPU2006 suite show an average overhead of 2.4×, which is comparable to similar approaches, which give weaker guarantees. Real-world applications show only an initially noticeable input lag and no stutter. In our evaluation our tool successfully detected all 11 of the latest real-world code-reuse exploits, with no false alarms. Therefore, despite the overhead, it is a viable, temporary solution to secure critical systems against exploits if a vendor patch is not yet available.
Author Follner, Andreas
Bodden, Eric
Author_xml – sequence: 1
  givenname: Andreas
  surname: Follner
  fullname: Follner, Andreas
  email: andreas.follner@cased.de
– sequence: 2
  givenname: Eric
  surname: Bodden
  fullname: Bodden, Eric
BookMark eNp9j0tOwzAURT0oEqV0A4yygQQ_x_lJTFD5FKlSEerc8ucFObRxZRukzlgEK2QlJJQRg-oN7pucq3suyKR3PRJyBTQDCuV1l3U2yIwNf0Yho5RNyJQx4CkDVp6TeQgdpRQYNAXLp4S_rJ-ddvvk-_MruTv0cmd1srPRvspoXZ-4NtHOYOrxPWAiY5T6LVySs1ZuA87_ckY2D_ebxTJdrR-fFrerVOecx7QsCjTAVFs1JleszRGwUVXBS8mh1lQx2RjGh1O0xkq3gGAoV6rm3OQ6n5H6WKu9C8FjK7SNv7Oil3YrgIrRWXRidBajs6AgBucBZf_Qvbc76Q-noZsjhIPTh0UvgrbYazTWo47COHsK_wFa_3Rq
CitedBy_id crossref_primary_10_1016_j_cose_2020_101832
Cites_doi 10.1145/5666.5673
10.1145/2133375.2133377
10.1145/1609956.1609960
ContentType Journal Article
Copyright 2016 Elsevier Ltd
Copyright_xml – notice: 2016 Elsevier Ltd
DBID AAYXX
CITATION
DOI 10.1016/j.jisa.2016.01.002
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EndPage 26
ExternalDocumentID 10_1016_j_jisa_2016_01_002
S221421261600017X
GroupedDBID --M
.~1
1~.
4.4
457
4G.
5VS
7-5
8P~
AACTN
AAEDT
AAEDW
AAFJI
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAXUO
AAYFN
ABBOA
ABMAC
ABXDB
ABYKQ
ACDAQ
ACGFS
ACRLP
ACZNC
ADBBV
ADEZE
AEBSH
AEKER
AFKWA
AFTJW
AGHFR
AGUBO
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
AKYCK
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOMHK
AOUOD
AVARZ
AXJTR
BKOJK
BLXMC
EBS
EFJIC
EFLBG
EJD
FDB
FIRID
FNPLU
FYGXN
GBLVA
GBOLZ
KOM
M41
MO0
OAUVE
P-8
P-9
PC.
PRBVW
RIG
ROL
SPC
SPCBC
SSB
SSO
SSV
SSZ
T5K
~G-
AATTM
AAXKI
AAYWO
AAYXX
ACLOT
ACVFH
ADCNI
AEIPS
AEUPX
AFJKZ
AFPUW
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
CITATION
EFKBS
ID FETCH-LOGICAL-c344t-655ed12bf79d3b2f3e1e9b7546a418c0b2a9d24242b08e7cf1e1d04bb844d3c3
ISICitedReferencesCount 1
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000379020800002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 2214-2126
IngestDate Sat Nov 29 04:06:22 EST 2025
Tue Nov 18 22:00:30 EST 2025
Fri Feb 23 02:18:25 EST 2024
IsDoiOpenAccess false
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Keywords Code-reuse attack
Return-oriented programming
Exploit mitigation
System security
Buffer overflow
Dynamic binary instrumentation
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c344t-655ed12bf79d3b2f3e1e9b7546a418c0b2a9d24242b08e7cf1e1d04bb844d3c3
OpenAccessLink https://inria.hal.science/hal-01140685v1/file/paper.pdf
PageCount 11
ParticipantIDs crossref_citationtrail_10_1016_j_jisa_2016_01_002
crossref_primary_10_1016_j_jisa_2016_01_002
elsevier_sciencedirect_doi_10_1016_j_jisa_2016_01_002
PublicationCentury 2000
PublicationDate August 2016
2016-08-00
PublicationDateYYYYMMDD 2016-08-01
PublicationDate_xml – month: 08
  year: 2016
  text: August 2016
PublicationDecade 2010
PublicationTitle Journal of information security and applications
PublicationYear 2016
Publisher Elsevier Ltd
Publisher_xml – name: Elsevier Ltd
References Bletsch, Jiang, Freeh, Liang (bib0020) 2011
Bubinas (bib0025) 2013
Zhang, Wei, Chen, Duan, Szekeres, McCamant (bib0155) 2013
Chen, Xu, Sezer, Gauriar, Iyer (bib0040) 2005
Gunn (bib0075) 2014
One (bib0115) 1996; 7
Cheng, Zhou, Yu, Ding, Deng (bib0045) 2014
Fleming, Wallace (bib0065) 1986; 29
Min, Jung, Lee, Chung (bib0110) 2012
Checkoway, Davi, Dmitrienko, Sadeghi, Shacham, Winandy (bib0035) 2010
Slowinska, Stancescu, Bos (bib0145) 2011
Slowinska, Stancescu, Bos (bib0150) 2012
Abadi, Budiu, Erlingsson, Ligatti (bib0010) 2009; 13
Butler (bib0030) 2004; 11
Shacham, Page, Pfaff, Goh, Modadugu, Boneh (bib0135) 2004
Göktaş, Athanasopoulos, Polychronakis, Bos, Portokalidis (bib0070) 2014
Hund, Willems, Holz (bib0085) 2013
Howard, Miller, Lambert, Thomlinson (bib0080) 2010
Microsoft (bib0100)
Sinnadurai, Zhao, Wong (bib0140) 2008
Li, Szor (bib0090) 2013
Durden (bib0060) 2002; 11
Zhang, Sekar (bib0160) 2013
Luk, Cohn, Muth, Patil, Klauser, Lowney (bib0095) 2005
Pappas, Polychronakis, Keromytis (bib0120) 2013
Roemer, Buchanan, Shacham, Savage (bib0125) 2012; 15
Andersen, Abella (bib0015) 2004
Davi, Sadeghi, Winandy (bib0050) 2011
Davi, Sadeghi, Lehmann, Monrose (bib0055) 2014
Microsoft (bib0105) 2015
Shacham (bib0130) 2007
Cheng (10.1016/j.jisa.2016.01.002_bib0045) 2014
Luk (10.1016/j.jisa.2016.01.002_bib0095) 2005
Fleming (10.1016/j.jisa.2016.01.002_bib0065) 1986; 29
Hund (10.1016/j.jisa.2016.01.002_bib0085) 2013
Göktaş (10.1016/j.jisa.2016.01.002_bib0070) 2014
Microsoft (10.1016/j.jisa.2016.01.002_bib0100)
Roemer (10.1016/j.jisa.2016.01.002_bib0125) 2012; 15
Durden (10.1016/j.jisa.2016.01.002_bib0060) 2002; 11
Checkoway (10.1016/j.jisa.2016.01.002_bib0035) 2010
Zhang (10.1016/j.jisa.2016.01.002_bib0160) 2013
Bletsch (10.1016/j.jisa.2016.01.002_bib0020) 2011
Shacham (10.1016/j.jisa.2016.01.002_bib0130) 2007
Sinnadurai (10.1016/j.jisa.2016.01.002_bib0140) 2008
Zhang (10.1016/j.jisa.2016.01.002_bib0155) 2013
Shacham (10.1016/j.jisa.2016.01.002_bib0135) 2004
Andersen (10.1016/j.jisa.2016.01.002_bib0015)
Li (10.1016/j.jisa.2016.01.002_bib0090)
Butler (10.1016/j.jisa.2016.01.002_bib0030) 2004; 11
Min (10.1016/j.jisa.2016.01.002_bib0110) 2012
Pappas (10.1016/j.jisa.2016.01.002_bib0120) 2013
Microsoft (10.1016/j.jisa.2016.01.002_bib0105)
Slowinska (10.1016/j.jisa.2016.01.002_bib0145) 2011
Davi (10.1016/j.jisa.2016.01.002_bib0050) 2011
One (10.1016/j.jisa.2016.01.002_bib0115) 1996; 7
Chen (10.1016/j.jisa.2016.01.002_bib0040) 2005
Gunn (10.1016/j.jisa.2016.01.002_bib0075)
Bubinas (10.1016/j.jisa.2016.01.002_bib0025)
Slowinska (10.1016/j.jisa.2016.01.002_bib0150) 2012
Davi (10.1016/j.jisa.2016.01.002_bib0055) 2014
Howard (10.1016/j.jisa.2016.01.002_bib0080)
Abadi (10.1016/j.jisa.2016.01.002_bib0010) 2009; 13
References_xml – volume: 29
  start-page: 218
  year: 1986
  end-page: 221
  ident: bib0065
  article-title: How not to lie with statistics: the correct way to summarize benchmark results
  publication-title: Commun ACM
– start-page: 40
  year: 2011
  end-page: 51
  ident: bib0050
  article-title: Ropdefender: a detection tool to defend against return-oriented programming attacks
  publication-title: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11
– volume: 7
  year: 1996
  ident: bib0115
  article-title: Smashing the stack for fun and profit
  publication-title: Phrack
– volume: 11
  year: 2002
  ident: bib0060
  article-title: Bypassing pax aslr protection
  publication-title: Phrack
– start-page: 376
  year: 2012
  end-page: 390
  ident: bib0110
  article-title: Jump oriented programming on windows platform (on the x86)
  publication-title: ICCSA (3), Vol. 7335 of Lecture Notes in Computer Science
– year: 2011
  ident: bib0145
  article-title: Howard: a dynamic excavator for reverse engineering data structures
  publication-title: Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6 February–9 February 2011
– year: 2015
  ident: bib0105
  article-title: Enhanced mitigation experience toolkit 5.5 beta user guide
– year: 2008
  ident: bib0140
  article-title: Transparent runtime shadow stack: protection against malicious return address modifications
– start-page: 12
  year: 2005
  ident: bib0040
  article-title: Non-control-data attacks are realistic threats
  publication-title: Proceedings of the 14th Conference on USENIX Security Symposium — Volume 14, SSYM'05
– volume: 15
  start-page: 2:1
  year: 2012
  end-page: 34
  ident: bib0125
  article-title: Return-oriented programming: systems, languages, and applications
  publication-title: ACM Trans Inform Syst Secur
– start-page: 559
  year: 2010
  end-page: 572
  ident: bib0035
  article-title: Return-oriented programming without returns, CCS '10
– start-page: 190
  year: 2005
  end-page: 200
  ident: bib0095
  article-title: Pin: building customized program analysis tools with dynamic instrumentation
  publication-title: Proceedings of the 2005 ACM SIGPLAN Conference on Programming language design and implementation, PLDI '05
– start-page: 559
  year: 2013
  end-page: 573
  ident: bib0155
  article-title: Practical control flow integrity and randomization for binary executables
  publication-title: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP '13
– start-page: 447
  year: 2013
  end-page: 462
  ident: bib0120
  article-title: Transparent rop exploit mitigation using indirect branch tracing
  publication-title: Proceedings of the 22nd USENIX Conference on Security, SEC '13
– start-page: 401
  year: 2014
  end-page: 416
  ident: bib0055
  article-title: Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection
  publication-title: Proceedings of the 23rd USENIX Conference on Security, SEC'14
– start-page: 11
  year: 2012
  ident: bib0150
  article-title: Body armor for binaries: preventing buffer overflows without recompilation
  publication-title: Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC '12
– year: 2013
  ident: bib0090
  article-title: Emerging stack pivoting exploits bypass common security
– year: 2010
  ident: bib0080
  article-title: Windows isv software security defenses
– start-page: 552
  year: 2007
  end-page: 561
  ident: bib0130
  article-title: The geometry of innocent flesh on the bone: return-into libc without function calls (on the x86)
  publication-title: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07
– start-page: 30
  year: 2011
  end-page: 40
  ident: bib0020
  article-title: Jump-oriented programming: a new class of code-reuse attack
  publication-title: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11
– year: 2013
  ident: bib0025
  article-title: Buffer overflows are the top software security vulnerability of the past 25 years
– ident: bib0100
  article-title: Data execution prevention
– start-page: 417
  year: 2014
  end-page: 432
  ident: bib0070
  article-title: Size does matter: why using gadget-chain length to prevent code-reuse attacks is hard
  publication-title: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC '14
– year: 2014
  ident: bib0045
  article-title: Ropecker: a generic and practical approach for defending against ROP attacks
  publication-title: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23–26, 2014
– volume: 13
  start-page: 4:1
  year: 2009
  end-page: 40
  ident: bib0010
  article-title: Control-flow integrity principles, implementations, and applications
  publication-title: ACM Trans Inform Syst Secur
– year: 2004
  ident: bib0015
  article-title: Changes to functionality in Windows XP service pack 2 — part 3: memory protection technologies
– volume: 11
  year: 2004
  ident: bib0030
  article-title: Anonymous, Bypassing 3rd party windows buffer overflow protection
  publication-title: Phrack
– year: 2014
  ident: bib0075
  article-title: Pwn2own 2014: a recap
– start-page: 337
  year: 2013
  end-page: 352
  ident: bib0160
  article-title: Control flow integrity for cots binaries
  publication-title: Proceedings of the 22nd USENIX Conference on Security, SEC '13
– start-page: 191
  year: 2013
  end-page: 205
  ident: bib0085
  article-title: Practical timing side channel attacks against kernel space aslr
  publication-title: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP '13
– start-page: 298
  year: 2004
  end-page: 307
  ident: bib0135
  article-title: On the effectiveness of address-space randomization
  publication-title: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS '04
– start-page: 447
  year: 2013
  ident: 10.1016/j.jisa.2016.01.002_bib0120
  article-title: Transparent rop exploit mitigation using indirect branch tracing
– start-page: 30
  year: 2011
  ident: 10.1016/j.jisa.2016.01.002_bib0020
  article-title: Jump-oriented programming: a new class of code-reuse attack
– start-page: 11
  year: 2012
  ident: 10.1016/j.jisa.2016.01.002_bib0150
  article-title: Body armor for binaries: preventing buffer overflows without recompilation
– volume: 11
  year: 2004
  ident: 10.1016/j.jisa.2016.01.002_bib0030
  article-title: Anonymous, Bypassing 3rd party windows buffer overflow protection
  publication-title: Phrack
– ident: 10.1016/j.jisa.2016.01.002_bib0090
– ident: 10.1016/j.jisa.2016.01.002_bib0100
– start-page: 191
  year: 2013
  ident: 10.1016/j.jisa.2016.01.002_bib0085
  article-title: Practical timing side channel attacks against kernel space aslr
– year: 2011
  ident: 10.1016/j.jisa.2016.01.002_bib0145
  article-title: Howard: a dynamic excavator for reverse engineering data structures
– start-page: 298
  year: 2004
  ident: 10.1016/j.jisa.2016.01.002_bib0135
  article-title: On the effectiveness of address-space randomization
– ident: 10.1016/j.jisa.2016.01.002_bib0025
– start-page: 552
  year: 2007
  ident: 10.1016/j.jisa.2016.01.002_bib0130
  article-title: The geometry of innocent flesh on the bone: return-into libc without function calls (on the x86)
– year: 2008
  ident: 10.1016/j.jisa.2016.01.002_bib0140
– year: 2014
  ident: 10.1016/j.jisa.2016.01.002_bib0045
  article-title: Ropecker: a generic and practical approach for defending against ROP attacks
– start-page: 190
  year: 2005
  ident: 10.1016/j.jisa.2016.01.002_bib0095
  article-title: Pin: building customized program analysis tools with dynamic instrumentation
– volume: 11
  year: 2002
  ident: 10.1016/j.jisa.2016.01.002_bib0060
  article-title: Bypassing pax aslr protection
  publication-title: Phrack
– start-page: 401
  year: 2014
  ident: 10.1016/j.jisa.2016.01.002_bib0055
  article-title: Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection
– volume: 7
  year: 1996
  ident: 10.1016/j.jisa.2016.01.002_bib0115
  article-title: Smashing the stack for fun and profit
  publication-title: Phrack
– ident: 10.1016/j.jisa.2016.01.002_bib0015
– start-page: 559
  year: 2013
  ident: 10.1016/j.jisa.2016.01.002_bib0155
  article-title: Practical control flow integrity and randomization for binary executables
– ident: 10.1016/j.jisa.2016.01.002_bib0075
– start-page: 376
  year: 2012
  ident: 10.1016/j.jisa.2016.01.002_bib0110
  article-title: Jump oriented programming on windows platform (on the x86)
– start-page: 12
  year: 2005
  ident: 10.1016/j.jisa.2016.01.002_bib0040
  article-title: Non-control-data attacks are realistic threats
– start-page: 559
  year: 2010
  ident: 10.1016/j.jisa.2016.01.002_bib0035
– ident: 10.1016/j.jisa.2016.01.002_bib0080
– start-page: 417
  year: 2014
  ident: 10.1016/j.jisa.2016.01.002_bib0070
  article-title: Size does matter: why using gadget-chain length to prevent code-reuse attacks is hard
– start-page: 337
  year: 2013
  ident: 10.1016/j.jisa.2016.01.002_bib0160
  article-title: Control flow integrity for cots binaries
– volume: 29
  start-page: 218
  issue: 3
  year: 1986
  ident: 10.1016/j.jisa.2016.01.002_bib0065
  article-title: How not to lie with statistics: the correct way to summarize benchmark results
  publication-title: Commun ACM
  doi: 10.1145/5666.5673
– volume: 15
  start-page: 2:1
  issue: 1
  year: 2012
  ident: 10.1016/j.jisa.2016.01.002_bib0125
  article-title: Return-oriented programming: systems, languages, and applications
  publication-title: ACM Trans Inform Syst Secur
  doi: 10.1145/2133375.2133377
– volume: 13
  start-page: 4:1
  issue: 1
  year: 2009
  ident: 10.1016/j.jisa.2016.01.002_bib0010
  article-title: Control-flow integrity principles, implementations, and applications
  publication-title: ACM Trans Inform Syst Secur
  doi: 10.1145/1609956.1609960
– start-page: 40
  year: 2011
  ident: 10.1016/j.jisa.2016.01.002_bib0050
  article-title: Ropdefender: a detection tool to defend against return-oriented programming attacks
– ident: 10.1016/j.jisa.2016.01.002_bib0105
SSID ssj0001219523
Score 2.0639172
Snippet Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years....
SourceID crossref
elsevier
SourceType Enrichment Source
Index Database
Publisher
StartPage 16
SubjectTerms Buffer overflow
Code-reuse attack
Dynamic binary instrumentation
Exploit mitigation
Return-oriented programming
System security
Title ROPocop — Dynamic mitigation of code-reuse attacks
URI https://dx.doi.org/10.1016/j.jisa.2016.01.002
Volume 29
WOSCitedRecordID wos000379020800002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  issn: 2214-2126
  databaseCode: AIEXJ
  dateStart: 20130701
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: false
  ssIdentifier: ssj0001219523
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1La9wwEBabTQ-5JG3TkkdbdMjNOFiybFmnENKUtpQ0tEvZm7FkGbJs7GXXCTnmR-QX5pdkZMkPmja0hV6EERrLzCePRqN5IHQgZSgLncD_zZXwWU6En3HN4KiiYq0zSorGdPHjCz87S6ZTcT4aHbWxMNdzXpbJzY1Y_FeooQ_ANqGzfwF391LogGcAHVqAHdo_Av7b1_NKVQuvdWNg3ntbdd67vLAJNayKaILZ_aW-Wmkvq2sTav8bRdXlVm3oVq7cnc3xOrj87nez-dzF0DS-kllvhq9aGWdk79DaQOLO182ZwNowmN7nCCQVpYT5sAfGQ7HqDBlWLpJ4sMPacY9ktzUjzA5n5hbfzN3kUw1ov1N1_oPfzYxmQhI3GX-ma2id8kgkY7R-_Ol0-nlgZiMiaor8dR_pQqesl9_Pk_1aPRmoHJPnaNNBgI8txi_QSJcv0VZbhwM7sbyNmIMc39_eYQc27sHGVYF7sLED-xWafDidnHz0XTUMX4WM1X4cRTonVBZc5KGkRaiJFpJHLM4YSVQgaSZyE-xDZZBorgqiSR4wKRPG8lCFr9G4rEq9g3Au4MwrtTCp6JiGEwJIfRnmCZdUFZwFu4i0PEiVyxRvCpbM09YlcJYavqWGb2lAUuDbLvI6moXNk_Lk6Khlbeo0PavBpbAYnqDb-0e6fbTRL-Y3aFwvr_Rb9Exd1xer5Tu3Zh4AHQh22g
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=ROPocop+%E2%80%94+Dynamic+mitigation+of+code-reuse+attacks&rft.jtitle=Journal+of+information+security+and+applications&rft.au=Follner%2C+Andreas&rft.au=Bodden%2C+Eric&rft.date=2016-08-01&rft.pub=Elsevier+Ltd&rft.issn=2214-2126&rft.volume=29&rft.spage=16&rft.epage=26&rft_id=info:doi/10.1016%2Fj.jisa.2016.01.002&rft.externalDocID=S221421261600017X
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2214-2126&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2214-2126&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2214-2126&client=summon