{"id":"https://openalex.org/W2991598641","doi":"https://doi.org/10.1145/3359789.3359820","title":"Sleak","display_name":"Sleak","publication_year":2019,"publication_date":"2019-11-22","ids":{"openalex":"https://openalex.org/W2991598641","doi":"https://doi.org/10.1145/3359789.3359820","mag":"2991598641"},"language":"en","primary_location":{"id":"doi:10.1145/3359789.3359820","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3359789.3359820","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3359789.3359820","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3359789.3359820","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028735030","display_name":"Christophe Hauser","orcid":"https://orcid.org/0000-0001-7698-8041"},"institutions":[{"id":"https://openalex.org/I2800817003","display_name":"Southern California University for Professional Studies","ror":"https://ror.org/058zz0t50","country_code":"US","type":"education","lineage":["https://openalex.org/I2800817003"]},{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Christophe Hauser","raw_affiliation_strings":["University of Southern California"],"affiliations":[{"raw_affiliation_string":"University of Southern California","institution_ids":["https://openalex.org/I2800817003","https://openalex.org/I1174212"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070895767","display_name":"Jayakrishna Menon","orcid":null},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jayakrishna Menon","raw_affiliation_strings":["Arizona State University"],"affiliations":[{"raw_affiliation_string":"Arizona State University","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026842092","display_name":"Yan Shoshitaishvili","orcid":"https://orcid.org/0000-0001-8832-1789"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Shoshitaishvili","raw_affiliation_strings":["Arizona State University"],"affiliations":[{"raw_affiliation_string":"Arizona State University","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100653715","display_name":"Ruoyu Wang","orcid":"https://orcid.org/0000-0003-4623-6724"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ruoyu Wang","raw_affiliation_strings":["Arizona State University"],"affiliations":[{"raw_affiliation_string":"Arizona State University","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075685499","display_name":"Giovanni Vigna","orcid":"https://orcid.org/0000-0002-3422-5369"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Giovanni Vigna","raw_affiliation_strings":["University of California, Santa Barbara"],"affiliations":[{"raw_affiliation_string":"University of California, Santa Barbara","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022177364","display_name":"Christopher Kruegel","orcid":"https://orcid.org/0000-0001-5140-3414"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christopher Kruegel","raw_affiliation_strings":["University of California, Santa Barbara"],"affiliations":[{"raw_affiliation_string":"University of California, Santa Barbara","institution_ids":["https://openalex.org/I154570441"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5028735030"],"corresponding_institution_ids":["https://openalex.org/I1174212","https://openalex.org/I2800817003"],"apc_list":null,"apc_paid":null,"fwci":0.28,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.66968659,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"190","last_page":"202"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9842000007629395,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.8988914489746094},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8679252862930298},{"id":"https://openalex.org/keywords/address-space","display_name":"Address space","score":0.7261120080947876},{"id":"https://openalex.org/keywords/symbolic-execution","display_name":"Symbolic execution","score":0.7114216685295105},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.6254897117614746},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.5696628093719482},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.45494580268859863},{"id":"https://openalex.org/keywords/binary-number","display_name":"Binary number","score":0.44206956028938293},{"id":"https://openalex.org/keywords/object","display_name":"Object (grammar)","score":0.4292725920677185},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.38706886768341064},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3776041269302368},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.32145750522613525},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.22520437836647034},{"id":"https://openalex.org/keywords/arithmetic","display_name":"Arithmetic","score":0.09853062033653259}],"concepts":[{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.8988914489746094},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8679252862930298},{"id":"https://openalex.org/C144240696","wikidata":"https://www.wikidata.org/wiki/Q367204","display_name":"Address space","level":2,"score":0.7261120080947876},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.7114216685295105},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.6254897117614746},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5696628093719482},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.45494580268859863},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.44206956028938293},{"id":"https://openalex.org/C2781238097","wikidata":"https://www.wikidata.org/wiki/Q175026","display_name":"Object (grammar)","level":2,"score":0.4292725920677185},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.38706886768341064},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3776041269302368},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.32145750522613525},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.22520437836647034},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.09853062033653259},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3359789.3359820","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3359789.3359820","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3359789.3359820","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3359789.3359820","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3359789.3359820","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3359789.3359820","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6800000071525574,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2021999675","display_name":null,"funder_award_id":"HR001118C0060, FA8750-19-C-000","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G7226114609","display_name":null,"funder_award_id":"CNS-1704253","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2991598641.pdf","grobid_xml":"https://content.openalex.org/works/W2991598641.grobid-xml"},"referenced_works_count":44,"referenced_works":["https://openalex.org/W83545226","https://openalex.org/W145782308","https://openalex.org/W646354405","https://openalex.org/W1431078357","https://openalex.org/W1457363419","https://openalex.org/W1495630617","https://openalex.org/W1496222301","https://openalex.org/W1655226010","https://openalex.org/W1710734607","https://openalex.org/W1721908487","https://openalex.org/W1878544538","https://openalex.org/W1882297107","https://openalex.org/W1891117775","https://openalex.org/W1970005004","https://openalex.org/W1982778414","https://openalex.org/W2027718224","https://openalex.org/W2042033151","https://openalex.org/W2043118292","https://openalex.org/W2059048359","https://openalex.org/W2091939272","https://openalex.org/W2097151854","https://openalex.org/W2098010707","https://openalex.org/W2098202130","https://openalex.org/W2107558499","https://openalex.org/W2108104925","https://openalex.org/W2112736324","https://openalex.org/W2113864883","https://openalex.org/W2119251836","https://openalex.org/W2155810272","https://openalex.org/W2162800072","https://openalex.org/W2172863216","https://openalex.org/W2221660756","https://openalex.org/W2293825325","https://openalex.org/W2752929869","https://openalex.org/W2753332081","https://openalex.org/W2767161562","https://openalex.org/W2767180444","https://openalex.org/W2910090628","https://openalex.org/W3103543923","https://openalex.org/W4253722282","https://openalex.org/W4256609717","https://openalex.org/W4299301436","https://openalex.org/W6629841029","https://openalex.org/W6744145243"],"related_works":["https://openalex.org/W3158777280","https://openalex.org/W2350278424","https://openalex.org/W340065115","https://openalex.org/W2284359849","https://openalex.org/W4388107720","https://openalex.org/W1989218486","https://openalex.org/W2357280991","https://openalex.org/W4313547540","https://openalex.org/W4285104766","https://openalex.org/W2576819912"],"abstract_inverted_index":{"We":[0],"present":[1],"a":[2,52,85,118,134,152],"novel":[3],"approach":[4],"to":[5,48,131,137,162,179],"automatically":[6],"recover":[7,132],"information":[8,61,94],"about":[9,95],"the":[10,18,58,70,79,96,114,122,143,149,156,164,170],"address":[11,150,171],"space":[12],"layout":[13,165],"of":[14,20,36,66,69,98,117,140,142,151,166,169],"remote":[15,119],"processes":[16],"in":[17,155],"presence":[19],"Address":[21],"Space":[22],"Layout":[23],"Randomization":[24],"(ASLR).":[25],"Our":[26],"system,":[27],"dubbed":[28],"Sleak,":[29],"performs":[30],"static":[31],"analysis":[32],"and":[33,40,44,83],"symbolic":[34,86],"execution":[35],"binary":[37,80,124],"executable":[38,81],"programs,":[39],"identifies":[41],"program":[42,90,125],"paths":[43],"input":[45],"parameters":[46],"leading":[47],"partial":[49],"(i.e.,":[50,57],"only":[51],"few":[53,135],"bits)":[54],"or":[55,73,106,146],"complete":[56],"whole":[59,138],"address)":[60],"disclosure":[62],"vulnerabilities,":[63],"revealing":[64],"addresses":[65,97,139],"known":[67],"objects":[68,141],"target":[71,144,157],"service":[72],"application.":[74],"Sleak":[75],"takes,":[76],"as":[77,101],"input,":[78],"program,":[82],"generates":[84],"expression":[87],"for":[88],"each":[89],"output":[91,116],"that":[92],"leaks":[93],"objects,":[99],"such":[100],"stack":[102],"variables,":[103],"heap":[104],"structures,":[105],"function":[107],"pointers.":[108],"By":[109],"comparing":[110],"these":[111],"expressions":[112],"with":[113],"concrete":[115],"process":[120],"executing":[121],"same":[123],"image,":[126],"our":[127],"system":[128],"is":[129,159],"able":[130],"from":[133],"bits":[136],"application":[145,158],"service.":[147],"Discovering":[148],"single":[153],"object":[154],"often":[160],"enough":[161],"guess":[163],"entire":[167],"sections":[168],"space,":[172],"which":[173],"can":[174],"be":[175],"leveraged":[176],"by":[177],"attackers":[178],"bypass":[180],"ASLR.":[181]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2019-12-05T00:00:00"}