{"id":"https://openalex.org/W2967326240","doi":"https://doi.org/10.1145/3343737.3343753","title":"Understanding Security Vulnerabilities in File Systems","display_name":"Understanding Security Vulnerabilities in File Systems","publication_year":2019,"publication_date":"2019-08-13","ids":{"openalex":"https://openalex.org/W2967326240","doi":"https://doi.org/10.1145/3343737.3343753","mag":"2967326240"},"language":"en","primary_location":{"id":"doi:10.1145/3343737.3343753","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3343737.3343753","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM SIGOPS Asia-Pacific Workshop on Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102967271","display_name":"Miao Cai","orcid":"https://orcid.org/0000-0003-1707-4025"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Miao Cai","raw_affiliation_strings":["Nanjing University"],"affiliations":[{"raw_affiliation_string":"Nanjing University","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101567031","display_name":"Hao Huang","orcid":"https://orcid.org/0009-0007-7160-0483"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hao Huang","raw_affiliation_strings":["Nanjing University"],"affiliations":[{"raw_affiliation_string":"Nanjing University","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5005380910","display_name":"Jian Huang","orcid":"https://orcid.org/0000-0002-1125-671X"},"institutions":[{"id":"https://openalex.org/I308392441","display_name":"International University of the Caribbean","ror":"https://ror.org/02rv57d03","country_code":"JM","type":"education","lineage":["https://openalex.org/I308392441"]}],"countries":["JM"],"is_corresponding":false,"raw_author_name":"Jian Huang","raw_affiliation_strings":["UIUC"],"affiliations":[{"raw_affiliation_string":"UIUC","institution_ids":["https://openalex.org/I308392441"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5102967271"],"corresponding_institution_ids":["https://openalex.org/I881766915"],"apc_list":null,"apc_paid":null,"fwci":1.4147,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.83471254,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"8","last_page":"15"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.7852293252944946},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7481743097305298},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7239871025085449},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7230950593948364},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7180874943733215},{"id":"https://openalex.org/keywords/file-system","display_name":"File system","score":0.6705461144447327},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6691470146179199},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5104941129684448},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.49504509568214417},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.4928140938282013},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.4597594439983368},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3488028347492218},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.32096388936042786},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2691923677921295},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2663770318031311},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.21123051643371582},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1614168882369995},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.09491962194442749}],"concepts":[{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.7852293252944946},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7481743097305298},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7239871025085449},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7230950593948364},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7180874943733215},{"id":"https://openalex.org/C2780940931","wikidata":"https://www.wikidata.org/wiki/Q174989","display_name":"File system","level":2,"score":0.6705461144447327},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6691470146179199},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5104941129684448},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.49504509568214417},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.4928140938282013},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.4597594439983368},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3488028347492218},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.32096388936042786},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2691923677921295},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2663770318031311},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.21123051643371582},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1614168882369995},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.09491962194442749},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3343737.3343753","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3343737.3343753","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM SIGOPS Asia-Pacific Workshop on Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7300000190734863,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320316505","display_name":"NetApp","ror":"https://ror.org/05c4cm338"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W1172733195","https://openalex.org/W1412006679","https://openalex.org/W1459126247","https://openalex.org/W1467040741","https://openalex.org/W1530504482","https://openalex.org/W1572593068","https://openalex.org/W1593410499","https://openalex.org/W1916929620","https://openalex.org/W1976721395","https://openalex.org/W1995202031","https://openalex.org/W1995626000","https://openalex.org/W2006307164","https://openalex.org/W2073742357","https://openalex.org/W2078186835","https://openalex.org/W2088512344","https://openalex.org/W2100100130","https://openalex.org/W2101161997","https://openalex.org/W2104136059","https://openalex.org/W2108183412","https://openalex.org/W2124877509","https://openalex.org/W2127766933","https://openalex.org/W2140816416","https://openalex.org/W2157378459","https://openalex.org/W2158437127","https://openalex.org/W2195119025","https://openalex.org/W2205436351","https://openalex.org/W2327265941","https://openalex.org/W2332661323","https://openalex.org/W2409421406","https://openalex.org/W2495962902","https://openalex.org/W2576393274","https://openalex.org/W2578546025","https://openalex.org/W2584388001","https://openalex.org/W2584459836","https://openalex.org/W2604441257","https://openalex.org/W2761718075","https://openalex.org/W2765713146","https://openalex.org/W2794801050","https://openalex.org/W2933883078"],"related_works":["https://openalex.org/W2392503306","https://openalex.org/W2560421591","https://openalex.org/W3041665175","https://openalex.org/W4384518368","https://openalex.org/W2406043920","https://openalex.org/W2499489413","https://openalex.org/W658105165","https://openalex.org/W3201294019","https://openalex.org/W2088401352","https://openalex.org/W2152250926"],"abstract_inverted_index":{"File":[0],"systems":[1],"have":[2,98],"been":[3],"developed":[4],"for":[5],"decades":[6],"with":[7],"the":[8,31,37,62,71,92,103,107,114],"security-critical":[9],"foundation":[10],"provided":[11],"by":[12,75],"operating":[13],"systems.":[14,43],"However,":[15],"they":[16],"are":[17],"still":[18],"vulnerable":[19],"to":[20,34,77,102],"malware":[21],"attacks":[22],"and":[23,57,87,113],"software":[24],"defects.":[25],"In":[26],"this":[27,96],"paper,":[28],"we":[29],"undertake":[30],"first":[32],"attempt":[33],"systematically":[35],"understand":[36],"security":[38,108],"vulnerabilities":[39,65,73],"in":[40,54,66],"various":[41],"file":[42,63,111],"We":[44,60,90],"conduct":[45],"an":[46],"empirical":[47],"study":[48,97],"of":[49,106,110],"157":[50],"real":[51],"cases":[52],"reported":[53],"Common":[55],"Vulnerabilities":[56],"Exposures":[58],"(CVE).":[59],"characterize":[61],"system":[64],"different":[67],"dimensions":[68],"that":[69],"include":[70],"common":[72],"leveraged":[74],"adversaries":[76],"initiate":[78],"their":[79,81],"attacks,":[80],"exploitation":[82],"procedures,":[83],"root":[84],"causes,":[85],"consequences,":[86],"mitigation":[88],"approaches.":[89],"believe":[91],"insights":[93],"derived":[94],"from":[95],"broad":[99],"implications":[100],"related":[101],"further":[104],"enhancement":[105],"aspect":[109],"systems,":[112],"associated":[115],"vulnerability":[116],"detection":[117],"tools.":[118]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}