{"id":"https://openalex.org/W7131213636","doi":"https://doi.org/10.1109/acsac67867.2025.00036","title":"OTABase: Enhancing Over-the-Air Testing to Detect Memory Crashes in Cellular Basebands","display_name":"OTABase: Enhancing Over-the-Air Testing to Detect Memory Crashes in Cellular Basebands","publication_year":2025,"publication_date":"2025-12-08","ids":{"openalex":"https://openalex.org/W7131213636","doi":"https://doi.org/10.1109/acsac67867.2025.00036"},"language":null,"primary_location":{"id":"doi:10.1109/acsac67867.2025.00036","is_oa":false,"landing_page_url":"https://doi.org/10.1109/acsac67867.2025.00036","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Annual Computer Security Applications Conference (ACSAC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026034763","display_name":"CheolJun Park","orcid":"https://orcid.org/0009-0009-5102-2190"},"institutions":[{"id":"https://openalex.org/I35928602","display_name":"Kyung Hee University","ror":"https://ror.org/01zqcg218","country_code":"KR","type":"education","lineage":["https://openalex.org/I35928602"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"CheolJun Park","raw_affiliation_strings":["Kyung Hee University,Korea"],"affiliations":[{"raw_affiliation_string":"Kyung Hee University,Korea","institution_ids":["https://openalex.org/I35928602"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126686624","display_name":"Marc Egli","orcid":null},"institutions":[{"id":"https://openalex.org/I5124864","display_name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne","ror":"https://ror.org/02s376052","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I5124864"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Marc Egli","raw_affiliation_strings":["EPFL,Switzerland"],"affiliations":[{"raw_affiliation_string":"EPFL,Switzerland","institution_ids":["https://openalex.org/I5124864"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109958475","display_name":"B. H. Oh","orcid":null},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"BeomSeok Oh","raw_affiliation_strings":["KAIST,Korea"],"affiliations":[{"raw_affiliation_string":"KAIST,Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035566513","display_name":"Tuan Hoang","orcid":"https://orcid.org/0009-0000-2229-6533"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Tuan Dinh Hoang","raw_affiliation_strings":["KAIST,Korea"],"affiliations":[{"raw_affiliation_string":"KAIST,Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126680540","display_name":"Suhwan Jeong","orcid":null},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Suhwan Jeong","raw_affiliation_strings":["KAIST,Korea"],"affiliations":[{"raw_affiliation_string":"KAIST,Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126670942","display_name":"Martin Crettol","orcid":null},"institutions":[{"id":"https://openalex.org/I5124864","display_name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne","ror":"https://ror.org/02s376052","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I5124864"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Martin Crettol","raw_affiliation_strings":["EPFL,Switzerland"],"affiliations":[{"raw_affiliation_string":"EPFL,Switzerland","institution_ids":["https://openalex.org/I5124864"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059899443","display_name":"Insu Yun","orcid":"https://orcid.org/0000-0001-8931-2833"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Insu Yun","raw_affiliation_strings":["KAIST,Korea"],"affiliations":[{"raw_affiliation_string":"KAIST,Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065116578","display_name":"Mathias Payer","orcid":"https://orcid.org/0000-0001-5054-7547"},"institutions":[{"id":"https://openalex.org/I5124864","display_name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne","ror":"https://ror.org/02s376052","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I5124864"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Mathias Payer","raw_affiliation_strings":["EPFL,Switzerland"],"affiliations":[{"raw_affiliation_string":"EPFL,Switzerland","institution_ids":["https://openalex.org/I5124864"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123112682","display_name":"Yongdae Kim","orcid":null},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Yongdae Kim","raw_affiliation_strings":["KAIST,Korea"],"affiliations":[{"raw_affiliation_string":"KAIST,Korea","institution_ids":["https://openalex.org/I157485424"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5026034763"],"corresponding_institution_ids":["https://openalex.org/I35928602"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.63791562,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"291","last_page":"307"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11005","display_name":"Radiation Effects in Electronics","score":0.13910000026226044,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11005","display_name":"Radiation Effects in Electronics","score":0.13910000026226044,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.09390000253915787,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10933","display_name":"Real-Time Systems Scheduling","score":0.07450000196695328,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.6456999778747559},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.49900001287460327},{"id":"https://openalex.org/keywords/downgrade","display_name":"Downgrade","score":0.4438000023365021},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.4277999997138977},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.36149999499320984},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.3596000075340271},{"id":"https://openalex.org/keywords/liveness","display_name":"Liveness","score":0.33719998598098755},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.33550000190734863}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7405999898910522},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.6456999778747559},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.527899980545044},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.49900001287460327},{"id":"https://openalex.org/C2779628075","wikidata":"https://www.wikidata.org/wiki/Q1253258","display_name":"Downgrade","level":2,"score":0.4438000023365021},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.4277999997138977},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37369999289512634},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.36149999499320984},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.3596000075340271},{"id":"https://openalex.org/C15569618","wikidata":"https://www.wikidata.org/wiki/Q3561421","display_name":"Liveness","level":2,"score":0.33719998598098755},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.33550000190734863},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.3330000042915344},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.3172999918460846},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.3066999912261963},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.30649998784065247},{"id":"https://openalex.org/C53942775","wikidata":"https://www.wikidata.org/wiki/Q1211721","display_name":"Code coverage","level":3,"score":0.30329999327659607},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.30059999227523804},{"id":"https://openalex.org/C77019957","wikidata":"https://www.wikidata.org/wiki/Q2689057","display_name":"Dependability","level":2,"score":0.2989000082015991},{"id":"https://openalex.org/C28180684","wikidata":"https://www.wikidata.org/wiki/Q4080983","display_name":"Memory safety","level":3,"score":0.28999999165534973},{"id":"https://openalex.org/C183469790","wikidata":"https://www.wikidata.org/wiki/Q333501","display_name":"Crash","level":2,"score":0.28949999809265137},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.28700000047683716},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2678000032901764},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.26570001244544983},{"id":"https://openalex.org/C38601921","wikidata":"https://www.wikidata.org/wiki/Q1757693","display_name":"Protocol stack","level":3,"score":0.2651999890804291}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/acsac67867.2025.00036","is_oa":false,"landing_page_url":"https://doi.org/10.1109/acsac67867.2025.00036","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Annual Computer Security Applications Conference (ACSAC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1262777113","display_name":null,"funder_award_id":"IITP-2025-RS-2023-00266615","funder_id":"https://openalex.org/F4320319144","funder_display_name":"Indian Institute of Technology, Patna"}],"funders":[{"id":"https://openalex.org/F4320319144","display_name":"Indian Institute of Technology, Patna","ror":"https://ror.org/01ft5vz71"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W2093972407","https://openalex.org/W2287724167","https://openalex.org/W2782780792","https://openalex.org/W2792636363","https://openalex.org/W2809727329","https://openalex.org/W2929535634","https://openalex.org/W2932741641","https://openalex.org/W2945154566","https://openalex.org/W2946045894","https://openalex.org/W2952782444","https://openalex.org/W2963061006","https://openalex.org/W2987215725","https://openalex.org/W3008993478","https://openalex.org/W3024280588","https://openalex.org/W3136586396","https://openalex.org/W3156273683","https://openalex.org/W3175832761","https://openalex.org/W3203300556","https://openalex.org/W3213858345","https://openalex.org/W3216250204","https://openalex.org/W4226344376","https://openalex.org/W4294672412","https://openalex.org/W4315629744","https://openalex.org/W4324007164","https://openalex.org/W4382396147","https://openalex.org/W4382396178","https://openalex.org/W4382396221","https://openalex.org/W4382396276","https://openalex.org/W4388857026","https://openalex.org/W4403853565","https://openalex.org/W4405181358","https://openalex.org/W4411337780","https://openalex.org/W4411337889"],"related_works":[],"abstract_inverted_index":{"Baseband":[0],"processors":[1],"(BPs)":[2],"in":[3,14,62,86,119],"cellular":[4],"devices":[5],"implement":[6],"complex":[7],"radio":[8],"protocols,":[9,123],"and":[10,50,68,109,121,124,134,182],"memory":[11,84,117,152],"corruption":[12],"vulnerabilities":[13,32],"these":[15,40],"implementations":[16],"can":[17],"lead":[18],"to":[19,29,47,174],"critical":[20],"security":[21],"breaches,":[22],"including":[23,160],"remote":[24,167],"code":[25,168],"execution.":[26,169],"Traditional":[27],"approaches":[28],"detecting":[30,66],"such":[31],"rely":[33],"on":[34,140],"reverse":[35],"engineering":[36],"or":[37],"emulation.":[38],"However,":[39],"methods":[41],"face":[42],"significant":[43],"scalability":[44],"challenges":[45,61],"due":[46],"proprietary":[48],"firmware":[49],"architectural":[51],"complexities.":[52],"Over-the-air":[53],"(OTA)":[54],"testing":[55,77],"offers":[56],"broader":[57],"applicability":[58],"but":[59],"poses":[60],"managing":[63],"UE":[64,107],"state,":[65],"crashes,":[67],"ensuring":[69],"protocol":[70,91],"coverage.":[71],"We":[72],"present":[73],"OTABase,":[74],"an":[75],"OTA":[76],"framework":[78],"that":[79,165],"enables":[80],"efficient":[81,104],"detection":[82,128],"of":[83,106],"crashes":[85,118],"LTE":[87],"base-bands":[88],"by":[89],"leveraging":[90],"specifications.":[92],"OTABase":[93,139,173],"combines":[94],"three":[95,145,156],"key":[96],"techniques:":[97],"a":[98,111,125],"network-side":[99],"state":[100],"control":[101],"mechanism":[102],"for":[103,177],"management":[105],"states":[108],"connections,":[110],"specification-guided":[112],"test":[113],"case":[114],"generation":[115],"targeting":[116],"NAS":[120],"RRC":[122],"two-phase":[126],"crash":[127],"oracle":[129],"utilizing":[130],"protocol-based":[131],"liveness":[132],"checks":[133],"manufacturer":[135],"debug":[136],"features.":[137],"Evaluating":[138],"six":[141],"commercial":[142],"BPs":[143],"from":[144],"major":[146],"manufacturers,":[147],"unearthed":[148],"seven":[149],"previously":[150],"unpatched":[151],"crashes.":[153],"Among":[154],"these,":[155],"were":[157],"assigned":[158],"CVEs,":[159],"one":[161],"out-of-bounds":[162],"write":[163],"vulnerability":[164],"allows":[166],"Additionally,":[170],"we":[171],"extend":[172],"5G":[175],"basebands":[176],"PoC,":[178],"demonstrating":[179],"its":[180],"generalizability":[181],"practical":[183],"utility.":[184]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-02-25T00:00:00"}