{"id":"https://openalex.org/W4414693497","doi":"https://doi.org/10.1109/tdsc.2025.3616496","title":"Minoris: Practical Out-of-Emulator Kernel Module Fuzzing","display_name":"Minoris: Practical Out-of-Emulator Kernel Module Fuzzing","publication_year":2025,"publication_date":"2025-10-01","ids":{"openalex":"https://openalex.org/W4414693497","doi":"https://doi.org/10.1109/tdsc.2025.3616496"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2025.3616496","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3616496","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119792363","display_name":"Yangxi Xiang","orcid":null},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yangxi Xiang","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100431183","display_name":"Feng Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Feng Wang","raw_affiliation_strings":["Ant Group, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Ant Group, Hangzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101435511","display_name":"Yuan Chen","orcid":"https://orcid.org/0009-0009-2321-4910"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuan Chen","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100409481","display_name":"Qiang Liu","orcid":"https://orcid.org/0000-0002-5865-6227"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qiang Liu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115695530","display_name":"Haoyu Wang","orcid":"https://orcid.org/0000-0003-1100-8633"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059024183","display_name":"Jiashui Wang","orcid":"https://orcid.org/0000-0002-3608-888X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jiashui Wang","raw_affiliation_strings":["Ant Group, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Ant Group, Hangzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065178474","display_name":"Lei Wu","orcid":"https://orcid.org/0000-0003-1675-5283"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Wu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070410883","display_name":"Cixiang Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chaoyuan Chen","raw_affiliation_strings":["Ant Group, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Ant Group, Hangzhou, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088790914","display_name":"Yajin Zhou","orcid":"https://orcid.org/0000-0001-7610-4736"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yajin Zhou","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5119792363"],"corresponding_institution_ids":["https://openalex.org/I168879160"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.27100326,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"1","first_page":"1360","last_page":"1372"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9696000218391418,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9696000218391418,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10904","display_name":"Embedded Systems Design Techniques","score":0.9598000049591064,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9491000175476074,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.992900013923645},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.6146000027656555},{"id":"https://openalex.org/keywords/initialization","display_name":"Initialization","score":0.4948999881744385},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.49410000443458557},{"id":"https://openalex.org/keywords/linux-kernel","display_name":"Linux kernel","score":0.48339998722076416},{"id":"https://openalex.org/keywords/context-switch","display_name":"Context switch","score":0.40560001134872437},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.3840000033378601}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.992900013923645},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8720999956130981},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.6146000027656555},{"id":"https://openalex.org/C114466953","wikidata":"https://www.wikidata.org/wiki/Q6034165","display_name":"Initialization","level":2,"score":0.4948999881744385},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.49410000443458557},{"id":"https://openalex.org/C553261973","wikidata":"https://www.wikidata.org/wiki/Q14579","display_name":"Linux kernel","level":2,"score":0.48339998722076416},{"id":"https://openalex.org/C53833338","wikidata":"https://www.wikidata.org/wiki/Q1061424","display_name":"Context switch","level":2,"score":0.40560001134872437},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3846000134944916},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.3840000033378601},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.3531000018119812},{"id":"https://openalex.org/C90307666","wikidata":"https://www.wikidata.org/wiki/Q1932562","display_name":"sysfs","level":3,"score":0.3391999900341034},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3357999920845032},{"id":"https://openalex.org/C53942775","wikidata":"https://www.wikidata.org/wiki/Q1211721","display_name":"Code coverage","level":3,"score":0.3301999866962433},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.31529998779296875},{"id":"https://openalex.org/C68339613","wikidata":"https://www.wikidata.org/wiki/Q1549489","display_name":"Speedup","level":2,"score":0.30970001220703125},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3052000105381012},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.30230000615119934},{"id":"https://openalex.org/C157764524","wikidata":"https://www.wikidata.org/wiki/Q1383412","display_name":"Throughput","level":3,"score":0.28290000557899475},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.266400009393692},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.2574999928474426}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3616496","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3616496","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3848079773","display_name":null,"funder_award_id":"U21A20464","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W2025819261","https://openalex.org/W2137530017","https://openalex.org/W2162023704","https://openalex.org/W2613274303","https://openalex.org/W2766711930","https://openalex.org/W2927543040","https://openalex.org/W2933883078","https://openalex.org/W2947814692","https://openalex.org/W2981689050","https://openalex.org/W2985831349","https://openalex.org/W3007127028","https://openalex.org/W3016185124","https://openalex.org/W3046265170","https://openalex.org/W4210660460","https://openalex.org/W4225985207","https://openalex.org/W4226163636","https://openalex.org/W4285490479","https://openalex.org/W4294811443"],"related_works":[],"abstract_inverted_index":{"Vulnerabilities":[0],"in":[1],"the":[2,15,28,40,59,78,103,124,143,170,187],"Linux":[3,24],"kernel":[4,25,33,68,79,88,113],"can":[5,148],"be":[6],"exploited":[7],"to":[8,22,49,122,133,183],"perform":[9],"privilege":[10],"escalation":[11],"and":[12,53,89,117,201],"take":[13],"over":[14],"whole":[16],"system.":[17],"Fuzzing":[18],"has":[19],"been":[20],"leveraged":[21],"detect":[23],"vulnerabilities":[26],"during":[27],"last":[29],"decade.":[30],"However,":[31,96],"existing":[32],"fuzzing":[34,60,70,144,152,188],"techniques":[35],"highly":[36],"use":[37],"QEMU/KVM":[38],"as":[39,155],"underlying":[41,135],"infrastructure,":[42],"thus":[43,91],"suffering":[44],"from":[45,181],"unnecessary":[46,93],"costs":[47],"due":[48],"user-kernel":[50],"context":[51,55,94],"switch":[52],"kernel-emulator":[54],"switch.":[56],"This":[57],"degrades":[58],"performance.":[61],"In":[62],"this":[63],"paper,":[64],"we":[65],"propose":[66],"a":[67,99,128],"module":[69,80,114],"framework":[71],"named":[72],"<sc":[73,161,173],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[74,162,174,196],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">Minoris</small>.":[75],"It":[76,185],"moves":[77],"under":[81],"testing":[82],"(KMUT)":[83],"out":[84],"of":[85],"both":[86],"real":[87],"emulator,":[90],"eliminating":[92],"switches.":[95],"implementing":[97],"such":[98,154],"system":[100,139],"requires":[101],"solving":[102],"dependency":[104],"challenges.":[105],"We":[106,159],"solve":[107],"these":[108],"challenges":[109],"by":[110],"automatically":[111],"linking":[112],"with":[115,169],"LKL,":[116],"performing":[118],"initialization":[119],"functions":[120],"on-demand":[121],"prepare":[123],"required":[125],"status.":[126],"Besides,":[127],"hardware-emulation":[129],"library":[130],"is":[131],"proposed":[132],"provide":[134],"hardware":[136],"support.":[137],"Our":[138],"not":[140],"only":[141],"improves":[142,186],"speed":[145],"but":[146],"also":[147],"easily":[149],"integrate":[150],"mature":[151],"techniques,":[153],"user-space":[156],"memory":[157],"sanitizer.":[158],"evaluate":[160],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">Minoris</small>":[163,175],"on":[164],"five":[165],"different":[166],"KMUTs.":[167],"Compared":[168],"state-of-the-art":[171],"solution,":[172],"achieves":[176],"an":[177],"average":[178],"execution":[179],"speedup":[180],"\u00d73.31":[182],"\u00d77.38.":[184],"throughput":[189],"(\u00d7102.58),":[190],"explores":[191],"more":[192,199],"code":[193],"coverage":[194],"(<inline-formula":[195],"xmlns:xlink=\"http://www.w3.org/1999/xlink\"><tex-math":[197],"notation=\"LaTeX\">$89.51\\%$</tex-math></inline-formula>":[198],"branches),":[200],"detects":[202],"6":[203],"new":[204],"bugs.":[205]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}