{"id":"https://openalex.org/W3214111992","doi":"https://doi.org/10.1145/3460120.3484798","title":"Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels","display_name":"Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3214111992","doi":"https://doi.org/10.1145/3460120.3484798","mag":"3214111992"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3484798","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3484798","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3484798","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3484798","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100438460","display_name":"Hang Zhang","orcid":"https://orcid.org/0000-0002-6797-4948"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hang Zhang","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018334224","display_name":"Weiteng Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Weiteng Chen","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100337968","display_name":"Hao Yu","orcid":"https://orcid.org/0000-0002-3944-3162"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yu Hao","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001973865","display_name":"Guoren Li","orcid":null},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Guoren Li","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019222426","display_name":"Yizhuo Zhai","orcid":"https://orcid.org/0009-0005-8243-3495"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yizhuo Zhai","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051502370","display_name":"Xiaochen Zou","orcid":null},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaochen Zou","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022038961","display_name":"Zhiyun Qian","orcid":"https://orcid.org/0000-0003-1506-2522"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhiyun Qian","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5100438460"],"corresponding_institution_ids":["https://openalex.org/I103635307"],"apc_list":null,"apc_paid":null,"fwci":2.3144,"has_fulltext":true,"cited_by_count":23,"citation_normalized_percentile":{"value":0.89420183,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"811","last_page":"824"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7974907159805298},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.7651396989822388},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5185328125953674},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5163020491600037},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.47536247968673706},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.4580792784690857},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.4231516718864441},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.32886171340942383},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.31589382886886597},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.23223650455474854},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.11879026889801025}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7974907159805298},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.7651396989822388},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5185328125953674},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5163020491600037},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.47536247968673706},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.4580792784690857},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.4231516718864441},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.32886171340942383},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.31589382886886597},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.23223650455474854},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.11879026889801025},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3460120.3484798","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3484798","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3484798","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3460120.3484798","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3484798","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3484798","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1743687345","display_name":null,"funder_award_id":"#1652954","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5124561427","display_name":null,"funder_award_id":"1652954","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3214111992.pdf","grobid_xml":"https://content.openalex.org/works/W3214111992.grobid-xml"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W145782308","https://openalex.org/W1429964360","https://openalex.org/W1563577331","https://openalex.org/W1727650458","https://openalex.org/W1904404804","https://openalex.org/W1972429847","https://openalex.org/W2010452422","https://openalex.org/W2067877212","https://openalex.org/W2085925880","https://openalex.org/W2094716892","https://openalex.org/W2103714221","https://openalex.org/W2124377830","https://openalex.org/W2127723417","https://openalex.org/W2134646643","https://openalex.org/W2140809377","https://openalex.org/W2148001343","https://openalex.org/W2148755014","https://openalex.org/W2152225177","https://openalex.org/W2166743230","https://openalex.org/W2297774820","https://openalex.org/W2534511085","https://openalex.org/W2538805569","https://openalex.org/W2619331983","https://openalex.org/W2620797757","https://openalex.org/W2753478887","https://openalex.org/W2763994238","https://openalex.org/W2799226481","https://openalex.org/W2882992559","https://openalex.org/W2884017574","https://openalex.org/W2946864865","https://openalex.org/W2968152713","https://openalex.org/W3015326774","https://openalex.org/W3109904794","https://openalex.org/W3110223888","https://openalex.org/W3154138117","https://openalex.org/W3173766797","https://openalex.org/W4240951837","https://openalex.org/W4299301436"],"related_works":["https://openalex.org/W2907724967","https://openalex.org/W23987500","https://openalex.org/W17989877","https://openalex.org/W2761428514","https://openalex.org/W2301530215","https://openalex.org/W3035018584","https://openalex.org/W3161914019","https://openalex.org/W3135800105","https://openalex.org/W3196426613","https://openalex.org/W3214111992"],"abstract_inverted_index":{"Static":[0],"analysis":[1,92,125],"is":[2,33],"known":[3,176],"to":[4,49,65,76,112,152],"yield":[5],"numerous":[6],"false":[7,214],"alarms":[8],"when":[9],"used":[10],"in":[11,18,99,130,134,157],"bug":[12],"finding,":[13],"especially":[14],"for":[15],"complex":[16,31],"vulnerabilities":[17,32,98,156,178],"large":[19,67],"code":[20],"bases":[21],"like":[22],"the":[23,42,46,50,54,66,78,115,168,199],"Linux":[24],"kernel.":[25],"One":[26],"important":[27],"class":[28],"of":[29,56,95,192,221],"such":[30],"what":[34],"we":[35,83],"call":[36],"\"high-order":[37],"taint":[38,43,108,117,147,155],"style":[39],"vulnerability\",":[40],"where":[41],"flow":[44,109],"from":[45,161],"user":[47],"input":[48],"vulnerable":[51],"site":[52],"crosses":[53],"boundary":[55],"a":[57,86,104,135,202,212],"single":[58],"entry":[59],"function":[60],"invocation":[61],"(i.e.,":[62],"syscall).":[63],"Due":[64],"scope":[68],"and":[69,89,143,179],"high":[70,203],"precision":[71,126],"requirement,":[72],"few":[73],"have":[74,195],"attempted":[75],"solve":[77],"problem.":[79],"In":[80],"this":[81],"paper,":[82],"present":[84],"SUTURE,":[85],"highly":[87,136],"precise":[88,137],"scalable":[90],"static":[91,146],"tool":[93],"capable":[94],"discovering":[96],"high-order":[97,107,154,177],"OS":[100],"kernels.":[101],"SUTURE":[102,151,172,185,209],"employs":[103],"novel":[105],"summary-based":[106],"construction":[110],"approach":[111],"efficiently":[113],"enumerate":[114],"cross-entry":[116],"flows,":[118],"while":[119],"incorporating":[120],"multiple":[121,158],"innovative":[122],"enhancements":[123],"on":[124],"that":[127,171],"are":[128],"unseen":[129],"existing":[131],"tools,":[132],"resulting":[133],"inter-procedural":[138],"flow-,":[139],"context-,":[140],"field-,":[141],"index-,":[142],"opportunistically":[144],"path-sensitive":[145],"analysis.":[148],"We":[149],"apply":[150],"discover":[153],"Android":[159],"kernels":[160],"mainstream":[162],"vendors":[163],"(e.g.,":[164],"Google,":[165],"Samsung,":[166],"Huawei),":[167],"results":[169],"show":[170],"can":[173],"both":[174],"confirm":[175],"uncover":[180],"new":[181],"ones.":[182],"So":[183],"far,":[184],"generates":[186],"79":[187],"true":[188],"positive":[189,215],"warning":[190],"groups,":[191],"which":[193],"19":[194],"been":[196],"confirmed":[197],"by":[198,207,219],"vendors,":[200],"including":[201],"severity":[204],"vulnerability":[205],"rated":[206],"Google.":[208],"also":[210],"achieves":[211],"reasonable":[213],"rate":[216],"(51.23%)":[217],"perceived":[218],"users":[220],"our":[222],"tool.":[223]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}