2504                                   Journal of Software  软件学报 Vol.32, No.8,  August 2021

                 [110]    Hu H, Shinde S, Adrian S, et al. Data-oriented programming: On the expressiveness of non-control data attacks. In: Proc. of the
                      2016 IEEE Symp. on Security and Privacy (SP 2016). 2016. 969−986. [doi: 10.1109/SP.2016.62]
                 [111]    Castro M, Costa  M, Harris T.  Securing  software  by enforcing data-flow  integrity.  In:  Proc.  of  the 2006 USENIX Symp.  on
                      Operating Systems Design and Implementation (OSDI 2006). 2006. 147−160.
                 [112]    Chen P, Fang Y, Mao B, et al. JITDefender: A defense against JIT spraying attacks. In: Proc. of the Future Challenges in Security
                      and Privacy for Academia and Industry (SEC 2011). 2011. 142−153. [doi: 10.1007/978-3-642-21424-0_12]
                 [113]    Crane S, Liebchen C, Homescu A, et al. Readactor: Practical code randomization resilient to memory disclosure. In: Proc. of the
                      2015 IEEE Symp. on Security and Privacy (SP 2015). 2015. 763−780. [doi: 10.1109/SP.2015.52]
                 [114]    Mooji DJ. W^X JIT-code enabled in firefox. 2015. https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/
                 [115]    Chen P, Wu R, Mao B. JITSafe: A framework against Just-in-time spraying attacks. In: Proc. of the IET Information Security.
                      2013. 283−292. [doi: 10.1049/iet-ifs.2012.0142]
                 [116]    Frassetto T, Gens D, Liebchen C,  et  al. JITGuard: Hardening just-in-time  compilers  with  SGX. In: Proc. of the 2017 ACM
                      SIGSAC Conf. on Computer and Communications Security (CCS 2017). 2017. 2405−2419. [doi: 10.1145/3133956.3134037]
                 [117]    Maisuradze G, Backes M, Rossow C. What cannot be read, cannot be leveraged? Revisiting assumptions of JIT-ROP defenses. In:
                      Proc. of the 2016 USENIX Security Symp. (USENIX Security 2016). 2016. 139−156.
                 [118]    Niu B, Tan G. RockJIT:  Securing just-in-time compilation  using modular control-flow integrity.  In:  Proc.  of  the  2014  ACM
                      SIGSAC Conf. on Computer and Communications Security (CCS 2014). 2014. 1317−1328. [doi: 10.1145/2660267.2660281]
                 [119]    Goltzsche D, Wulf C, Muthukumaran D, et al. Trustjs: Trusted client-side execution of JavaScript. In: Proc. of the 2017 European
                      Workshop on Systems Security (EuroSec 2017). 2017. 1−6. [doi: 10.1145/3065913.3065917]
                 [120]    Eskandarian S, Cogan J, Birnbaum S, et al. Fidelius: Protecting user secrets from compromised browsers. In: Proc. of the 2019
                      IEEE Symp. on Security and Privacy (SP 2019). 2019. 264−280. [doi: 10.1109/SP.2019.00036]
                 [121]    West M. Play safely in sandboxed IFrames. 2013. https://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/

                 附中文参考文献:
                 [97]  刘剑,苏璞睿,杨珉,等.软件与网络安全研究综述.软件学报,2018,29(1):42−68. http://www.jos.org.cn/1000-9825/5320.htm  [doi:
                     10.13328/j.cnki.jos.005320]



                              罗武(1994－),男,博士,主要研究领域为操                      吴鹏飞(1994－),男,博士,主要研究领域为
                              作系统与虚拟化安全,云计算,可信计算,                          分布式系统安全,隐私保护,大数据安全.
                              浏览器安全.



                              沈晴霓(1970－),女,博士,教授,博士生导                      董春涛(1991－),男,博士生,主要研究领域
                              师,CCF 高级会员,主要研究领域为操作系                        为分布式系统安全,云计算和大数据安全,
                              统与虚拟化安全,云计算和大数据安全与                           可信计算.
                              隐私,可信计算.


                              吴中海(1968－),男,博士,教授,博士生导                      夏玉堂(1989－),男,博士生,主要研究领域
                              师,CCF 杰出会员,主要研究领域为大数据                        为云计算和大数据安全,可信计算.
                              系统与分析,云计算和大数据安全,嵌入式
                              系统.