{"id":"https://openalex.org/W2984993098","doi":"https://doi.org/10.1145/3319535.3354224","title":"Gollum","display_name":"Gollum","publication_year":2019,"publication_date":"2019-11-06","ids":{"openalex":"https://openalex.org/W2984993098","doi":"https://doi.org/10.1145/3319535.3354224","mag":"2984993098"},"language":"en","primary_location":{"id":"doi:10.1145/3319535.3354224","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3319535.3354224","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5031054895","display_name":"Sean Heelan","orcid":null},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Sean Heelan","raw_affiliation_strings":["University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015518667","display_name":"Tom Melham","orcid":null},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Tom Melham","raw_affiliation_strings":["University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5086206346","display_name":"Daniel Kroening","orcid":"https://orcid.org/0000-0002-6681-5283"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Daniel Kroening","raw_affiliation_strings":["University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5031054895"],"corresponding_institution_ids":["https://openalex.org/I40120149"],"apc_list":null,"apc_paid":null,"fwci":2.5203,"has_fulltext":false,"cited_by_count":34,"citation_normalized_percentile":{"value":0.91983257,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1689","last_page":"1706"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9698906540870667},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8511727452278137},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.7219492197036743},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.4471495449542999},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.44174614548683167},{"id":"https://openalex.org/keywords/data-structure","display_name":"Data structure","score":0.4365472197532654},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.43178611993789673},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.32910823822021484},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1680150032043457}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9698906540870667},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8511727452278137},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.7219492197036743},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.4471495449542999},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.44174614548683167},{"id":"https://openalex.org/C162319229","wikidata":"https://www.wikidata.org/wiki/Q175263","display_name":"Data structure","level":2,"score":0.4365472197532654},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.43178611993789673},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.32910823822021484},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1680150032043457}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3319535.3354224","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3319535.3354224","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.800000011920929,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W748373178","https://openalex.org/W1515790419","https://openalex.org/W2113864883","https://openalex.org/W2765857833","https://openalex.org/W2889334792","https://openalex.org/W2897668282","https://openalex.org/W2902040535","https://openalex.org/W3023540311","https://openalex.org/W3106149149","https://openalex.org/W4302784197"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2019530272","https://openalex.org/W1578255156","https://openalex.org/W2479720249","https://openalex.org/W4299986738","https://openalex.org/W1552130108"],"abstract_inverted_index":{"We":[0],"present":[1],"the":[2,17,38,41,52,103,106,109,114,125,158],"first":[3,18],"approach":[4,19,42],"to":[5,20,51,85,91,102],"automatic":[6,33],"exploit":[7,21,49,76],"generation":[8,22],"for":[9,32,47],"heap":[10,34,80],"overflows":[11],"in":[12,23,57,120,133,157],"interpreters.":[13],"It":[14],"is":[15,43,100,118,142],"also":[16],"any":[24],"class":[25],"of":[26,40,96,105,164],"program":[27,54],"that":[28,55,97,113],"integrates":[29],"a":[30,44,58,63,67,79,87,121],"solution":[31],"layout":[35],"manipulation.":[36],"At":[37],"core":[39],"novel":[45],"method":[46],"discovering":[48],"primitives---inputs":[50],"target":[53,88],"result":[56],"sensitive":[59],"operation,":[60],"such":[61],"as":[62],"function":[64],"call":[65],"or":[66],"memory":[68],"write,":[69],"utilizing":[70],"attacker-injected":[71],"data.":[72],"To":[73],"produce":[74],"an":[75,94,134],"primitive":[77],"from":[78,153],"overflow":[81,107],"vulnerability,":[82],"one":[83],"has":[84],"discover":[86],"data":[89,98,117],"structure":[90,99],"corrupt,":[92],"ensure":[93,112],"instance":[95],"adjacent":[101],"source":[104],"on":[108],"heap,":[110],"and":[111,137,145,160],"post-overflow":[115],"corrupted":[116],"used":[119],"manner":[122],"desired":[123],"by":[124,150],"attacker.":[126],"Our":[127,140],"system":[128],"addresses":[129],"all":[130],"three":[131],"tasks":[132],"automatic,":[135],"greybox,":[136],"modular":[138],"manner.":[139],"implementation":[141],"called":[143],"GOLLUM,":[144],"we":[146],"demonstrate":[147],"its":[148],"capabilities":[149],"producing":[151],"exploits":[152],"10":[154],"unique":[155],"vulnerabilities":[156],"PHP":[159],"Python":[161],"interpreters,":[162],"5":[163],"which":[165],"do":[166],"not":[167],"have":[168],"existing":[169],"public":[170],"exploits.":[171]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":10},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2019-11-22T00:00:00"}