{"id":"https://openalex.org/W4280634637","doi":"https://doi.org/10.1145/3494107.3522779","title":"Detecting Secure Memory Deallocation Violations with CBMC","display_name":"Detecting Secure Memory Deallocation Violations with CBMC","publication_year":2022,"publication_date":"2022-05-17","ids":{"openalex":"https://openalex.org/W4280634637","doi":"https://doi.org/10.1145/3494107.3522779"},"language":"en","primary_location":{"id":"doi:10.1145/3494107.3522779","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3494107.3522779","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 8th ACM on Cyber-Physical System Security Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102825589","display_name":"Vinayak S. Prabhu","orcid":"https://orcid.org/0000-0002-3941-1080"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Vinayak S. Prabhu","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024539185","display_name":"Mohit Singh","orcid":"https://orcid.org/0000-0002-5097-8272"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mohit Singh","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102938076","display_name":"Indrajit Ray","orcid":"https://orcid.org/0000-0002-3612-7738"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Indrajit Ray","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008904412","display_name":"Indrakshi Ray","orcid":"https://orcid.org/0000-0002-0714-7676"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Indrakshi Ray","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056525200","display_name":"Sudipto Ghosh","orcid":"https://orcid.org/0000-0001-6000-9646"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sudipto Ghosh","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5102825589"],"corresponding_institution_ids":["https://openalex.org/I92446798"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.04340131,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"27","last_page":"38"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7834631204605103},{"id":"https://openalex.org/keywords/memory-leak","display_name":"Memory leak","score":0.6243380308151245},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.5924946069717407},{"id":"https://openalex.org/keywords/memory-address","display_name":"Memory address","score":0.44919300079345703},{"id":"https://openalex.org/keywords/test-suite","display_name":"Test suite","score":0.44801610708236694},{"id":"https://openalex.org/keywords/pointer","display_name":"Pointer (user interface)","score":0.4404497742652893},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.42059051990509033},{"id":"https://openalex.org/keywords/assertion","display_name":"Assertion","score":0.41632986068725586},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3517773747444153},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34397178888320923},{"id":"https://openalex.org/keywords/memory-management","display_name":"Memory management","score":0.31779253482818604},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.30152571201324463},{"id":"https://openalex.org/keywords/test-case","display_name":"Test case","score":0.2600076198577881},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.2072925865650177},{"id":"https://openalex.org/keywords/semiconductor-memory","display_name":"Semiconductor memory","score":0.13901126384735107},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.12577256560325623}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7834631204605103},{"id":"https://openalex.org/C156731835","wikidata":"https://www.wikidata.org/wiki/Q751740","display_name":"Memory leak","level":4,"score":0.6243380308151245},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.5924946069717407},{"id":"https://openalex.org/C153247305","wikidata":"https://www.wikidata.org/wiki/Q835713","display_name":"Memory address","level":3,"score":0.44919300079345703},{"id":"https://openalex.org/C151552104","wikidata":"https://www.wikidata.org/wiki/Q7705809","display_name":"Test suite","level":4,"score":0.44801610708236694},{"id":"https://openalex.org/C150202949","wikidata":"https://www.wikidata.org/wiki/Q107602","display_name":"Pointer (user interface)","level":2,"score":0.4404497742652893},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.42059051990509033},{"id":"https://openalex.org/C40422974","wikidata":"https://www.wikidata.org/wiki/Q741248","display_name":"Assertion","level":2,"score":0.41632986068725586},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3517773747444153},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34397178888320923},{"id":"https://openalex.org/C176649486","wikidata":"https://www.wikidata.org/wiki/Q2308807","display_name":"Memory management","level":3,"score":0.31779253482818604},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.30152571201324463},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.2600076198577881},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.2072925865650177},{"id":"https://openalex.org/C98986596","wikidata":"https://www.wikidata.org/wiki/Q1143031","display_name":"Semiconductor memory","level":2,"score":0.13901126384735107},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.12577256560325623},{"id":"https://openalex.org/C152877465","wikidata":"https://www.wikidata.org/wiki/Q208042","display_name":"Regression analysis","level":2,"score":0.0},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3494107.3522779","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3494107.3522779","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 8th ACM on Cyber-Physical System Security Workshop","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.75,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G5722133124","display_name":null,"funder_award_id":"CNS 1822118","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1582279644","https://openalex.org/W1986317988","https://openalex.org/W1994584977","https://openalex.org/W1996146601","https://openalex.org/W2012446724","https://openalex.org/W2022759867","https://openalex.org/W2036872500","https://openalex.org/W2055084740","https://openalex.org/W2138788987","https://openalex.org/W2166743230","https://openalex.org/W2500035105","https://openalex.org/W2624697062","https://openalex.org/W2875475762","https://openalex.org/W2913378146","https://openalex.org/W2980999875","https://openalex.org/W3014271897","https://openalex.org/W3015818873","https://openalex.org/W4247445868","https://openalex.org/W4251093698","https://openalex.org/W4253740569","https://openalex.org/W4299301436","https://openalex.org/W6738959025"],"related_works":["https://openalex.org/W2622138879","https://openalex.org/W1537002606","https://openalex.org/W4307888121","https://openalex.org/W4226215696","https://openalex.org/W4224692222","https://openalex.org/W2072754671","https://openalex.org/W4247959794","https://openalex.org/W2119424404","https://openalex.org/W2749562936","https://openalex.org/W3163325258"],"abstract_inverted_index":{"Scrubbing":[0],"sensitive":[1,150],"data":[2,21,47],"before":[3,106,167],"releasing":[4],"memory":[5,33,49,67,108,165,249],"is":[6,103,109,214,234],"a":[7,65,92,101,130,141,172,193,240],"widely":[8],"accepted":[9],"but":[10],"often":[11],"ignored":[12],"programming":[13],"practice":[14],"for":[15,63,164],"developing":[16],"secure":[17,248],"software.":[18],"Consequently,":[19],"confidential":[20,98],"such":[22,54],"as":[23,55,80],"cryptographic":[24],"keys,":[25],"passwords,":[26],"and":[27,57,116,161,169,201],"personal":[28],"data,":[29],"can":[30,44],"remain":[31],"in":[32,85,91,180,187,223,252],"indefinitely,":[34],"thereby":[35],"increasing":[36],"the":[37,46,95,137,154,175,188,207,212,219,224,228,235,243],"risk":[38],"of":[39,73,97,143,230,245],"exposure":[40],"to":[41,119,139,149,183,216,242],"hackers":[42],"who":[43],"retrieve":[45],"using":[48],"dumps":[50],"or":[51],"exploit":[52],"vulnerabilities":[53],"Heartbleed":[56],"Etherleak.":[58],"We":[59,123,191],"propose":[60],"an":[61],"approach":[62,112],"detecting":[64,246],"specific":[66],"safety":[68],"bug":[69,90],"called":[70],"Improper":[71],"Clearing":[72],"Heap":[74],"Memory":[75],"Before":[76],"Release,":[77],"also":[78],"known":[79],"Common":[81],"Weakness":[82],"Enumeration":[83],"244,":[84],"C":[86],"programs.":[87,253],"The":[88],"CWE-244":[89,220],"program":[93,138,155],"allows":[94],"leakage":[96],"information":[99],"when":[100],"variable":[102,159],"not":[104],"wiped":[105],"heap":[107],"freed.":[110],"Our":[111],"combines":[113],"taint":[114],"analysis":[115,135],"model":[117,173],"checking":[118],"detect":[120,184,217],"this":[121,233],"weakness.":[122],"have":[124],"three":[125],"main":[126],"phases:":[127],"(1)":[128],"perform":[129],"coarse":[131],"flow-insensitive":[132],"inter-procedural":[133],"static":[134],"on":[136,206],"construct":[140],"set":[142],"pointer":[144],"variables":[145],"that":[146],"could":[147],"point":[148],"data;":[151],"(2)":[152],"instrument":[153],"with":[156],"required":[157],"dynamic":[158],"tracking,":[160],"assertion":[162,185],"logic":[163],"wiping":[166],"deallocation;":[168],"(3)":[170],"invoke":[171],"checker,":[174],"C-Bounded":[176],"Model":[177],"Checker":[178],"(CBMC)":[179],"our":[181,197,231],"case,":[182],"violation":[186],"instrumented":[189],"program.":[190],"develop":[192],"tool,":[194],"\\toolname,":[195],"implementing":[196],"instrumentation":[198],"based":[199],"algorithm,":[200],"we":[202],"provide":[203],"experimental":[204],"validation":[205],"Juliet":[208],"Test":[209],"Suite":[210],"---":[211],"tool":[213],"able":[215],"all":[218],"instances":[221],"present":[222],"test":[225],"suite.":[226],"To":[227],"best":[229],"knowledge,":[232],"first":[236],"work":[237],"which":[238],"presents":[239],"solution":[241],"problem":[244],"unscrubbed":[247],"deallocation":[250],"violations":[251]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}