{"id":"https://openalex.org/W4388857323","doi":"https://doi.org/10.1145/3576915.3623213","title":"SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution","display_name":"SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388857323","doi":"https://doi.org/10.1145/3576915.3623213"},"language":"en","primary_location":{"id":"doi:10.1145/3576915.3623213","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3576915.3623213","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://vtechworks.lib.vt.edu/bitstreams/4fb7d5ad-254d-4b31-9a52-640bd5c5956a/download","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039746071","display_name":"Yuanpeng Wang","orcid":"https://orcid.org/0009-0003-4610-3427"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yuanpeng Wang","raw_affiliation_strings":["Peking University, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0003-4610-3427","affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020717851","display_name":"Ziqi Zhang","orcid":"https://orcid.org/0000-0001-8493-0261"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ziqi Zhang","raw_affiliation_strings":["Peking University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-8493-0261","affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091926865","display_name":"Ningyu He","orcid":"https://orcid.org/0000-0002-9980-7298"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ningyu He","raw_affiliation_strings":["Peking University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-9980-7298","affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103097140","display_name":"Zhineng Zhong","orcid":"https://orcid.org/0009-0007-2490-5671"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhineng Zhong","raw_affiliation_strings":["Peking University, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0007-2490-5671","affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015125413","display_name":"Shengjian Guo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shengjian Guo","raw_affiliation_strings":["Independent Researcher, Sunnyvale, CA, USA"],"raw_orcid":"https://orcid.org/0000-0001-9145-9279","affiliations":[{"raw_affiliation_string":"Independent Researcher, Sunnyvale, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004021004","display_name":"Qinkun Bao","orcid":"https://orcid.org/0000-0003-1837-6439"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Qinkun Bao","raw_affiliation_strings":["Independent Researcher, Sunnyvale, CA, USA"],"raw_orcid":"https://orcid.org/0000-0003-1837-6439","affiliations":[{"raw_affiliation_string":"Independent Researcher, Sunnyvale, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039182822","display_name":"Ding Li","orcid":"https://orcid.org/0000-0001-7558-9137"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ding Li","raw_affiliation_strings":["Peking University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-7558-9137","affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021450973","display_name":"Yao Guo","orcid":"https://orcid.org/0000-0001-5064-5286"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yao Guo","raw_affiliation_strings":["Peking University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-5064-5286","affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101636662","display_name":"Xiangqun Chen","orcid":"https://orcid.org/0000-0002-7366-5906"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiangqun Chen","raw_affiliation_strings":["Peking University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-7366-5906","affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5039746071"],"corresponding_institution_ids":["https://openalex.org/I20231570"],"apc_list":null,"apc_paid":null,"fwci":1.3633,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.85149752,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"2710","last_page":"2724"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9907000064849854,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9772999882698059,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8796656131744385},{"id":"https://openalex.org/keywords/pointer","display_name":"Pointer (user interface)","score":0.7624654769897461},{"id":"https://openalex.org/keywords/symbolic-execution","display_name":"Symbolic execution","score":0.7441909313201904},{"id":"https://openalex.org/keywords/guard","display_name":"Guard (computer science)","score":0.6679005026817322},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4845096468925476},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.4607715308666229},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45626330375671387},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4356034994125366},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4136228561401367},{"id":"https://openalex.org/keywords/memory-safety","display_name":"Memory safety","score":0.4112895727157593},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3257277011871338},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.1489466428756714},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.11667215824127197}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8796656131744385},{"id":"https://openalex.org/C150202949","wikidata":"https://www.wikidata.org/wiki/Q107602","display_name":"Pointer (user interface)","level":2,"score":0.7624654769897461},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.7441909313201904},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.6679005026817322},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4845096468925476},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.4607715308666229},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45626330375671387},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4356034994125366},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4136228561401367},{"id":"https://openalex.org/C28180684","wikidata":"https://www.wikidata.org/wiki/Q4080983","display_name":"Memory safety","level":3,"score":0.4112895727157593},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3257277011871338},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.1489466428756714},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.11667215824127197},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3576915.3623213","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3576915.3623213","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/116732","is_oa":true,"landing_page_url":"https://hdl.handle.net/10919/116732","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/4fb7d5ad-254d-4b31-9a52-640bd5c5956a/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"}],"best_oa_location":{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/116732","is_oa":true,"landing_page_url":"https://hdl.handle.net/10919/116732","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/4fb7d5ad-254d-4b31-9a52-640bd5c5956a/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.8199999928474426}],"awards":[{"id":"https://openalex.org/G2916954678","display_name":null,"funder_award_id":"62141208","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5196063757","display_name":null,"funder_award_id":"62172009","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388857323.pdf","grobid_xml":"https://content.openalex.org/works/W4388857323.grobid-xml"},"referenced_works_count":42,"referenced_works":["https://openalex.org/W2514974017","https://openalex.org/W2519006453","https://openalex.org/W2550236071","https://openalex.org/W2563739042","https://openalex.org/W2567666263","https://openalex.org/W2601206855","https://openalex.org/W2742953865","https://openalex.org/W2752929869","https://openalex.org/W2765825046","https://openalex.org/W2769061097","https://openalex.org/W2784053951","https://openalex.org/W2788385473","https://openalex.org/W2886209944","https://openalex.org/W2909585706","https://openalex.org/W2914237411","https://openalex.org/W2914630606","https://openalex.org/W2922166054","https://openalex.org/W2922433691","https://openalex.org/W2926084389","https://openalex.org/W2960488297","https://openalex.org/W2964177714","https://openalex.org/W2969876635","https://openalex.org/W2982827547","https://openalex.org/W2988897519","https://openalex.org/W3011832042","https://openalex.org/W3015806656","https://openalex.org/W3022774462","https://openalex.org/W3046333872","https://openalex.org/W3090475639","https://openalex.org/W3106953047","https://openalex.org/W3140873655","https://openalex.org/W3175439315","https://openalex.org/W3190095029","https://openalex.org/W3206102476","https://openalex.org/W3206552155","https://openalex.org/W3210838307","https://openalex.org/W4206109607","https://openalex.org/W4252033442","https://openalex.org/W4288057693","https://openalex.org/W4295974633","https://openalex.org/W4311165943","https://openalex.org/W4384154469"],"related_works":["https://openalex.org/W4213243744","https://openalex.org/W2141365240","https://openalex.org/W2005010039","https://openalex.org/W2295023886","https://openalex.org/W4245736681","https://openalex.org/W4285586714","https://openalex.org/W4239042909","https://openalex.org/W2751940653","https://openalex.org/W3121955897","https://openalex.org/W1486481742"],"abstract_inverted_index":{"Intel":[0],"Security":[1],"Guard":[2],"Extensions":[3],"(SGX)":[4],"have":[5,182],"shown":[6],"effectiveness":[7],"in":[8,34,175,196],"critical":[9,54],"data":[10,65],"protection.":[11],"Recent":[12],"symbolic":[13,77,142,154],"execution-based":[14,155],"techniques":[15],"reveal":[16],"that":[17,95,132],"SGX":[18,37,45,56,102,138],"applications":[19,57,139],"are":[20],"susceptible":[21],"to":[22,63,87,160,166],"memory":[23,32],"corruption":[24,33],"vulnerabilities.":[25,50,164],"While":[26],"existing":[27,76],"approaches":[28,79],"focus":[29],"on":[30,148],"conventional":[31],"ECalls":[35],"of":[36,44,74,90,101,180,198],"applications,":[38],"they":[39,59],"overlook":[40],"an":[41,91],"important":[42],"type":[43],"dedicated":[46],"vulnerability:":[47],"cross-boundary":[48,83,162],"pointer":[49,84,163],"This":[51],"vulnerability":[52,145,156],"is":[53],"for":[55,137,144],"since":[58],"heavily":[60],"utilize":[61],"pointers":[62],"exchange":[64],"between":[66],"secure":[67],"enclaves":[68],"and":[69,109,140,194,201],"untrusted":[70],"environments.":[71],"Unfortunately,":[72],"none":[73],"the":[75,88],"execution":[78,135,143],"can":[80,170],"effectively":[81],"detect":[82,161],"vulnerabilities":[85,174],"due":[86],"lack":[89],"SGX-specific":[92],"analysis":[93,120],"model":[94,121],"properly":[96],"handles":[97],"three":[98,179],"unique":[99],"features":[100],"applications:":[103],"Multi-entry":[104],"Arbitrary-order":[105],"Execution,":[106,108],"Stateful":[107],"Context-aware":[110],"Pointers.":[111],"To":[112],"address":[113],"such":[114],"problems,":[115],"we":[116,150],"propose":[117],"a":[118,152],"new":[119],"named":[122,158],"Global":[123],"State":[124],"Transition":[125],"Graph":[126],"with":[127],"Context":[128],"Aware":[129],"Pointers":[130],"(GSTG-CAP)":[131],"simulates":[133],"properties-preserving":[134],"behaviors":[136],"drives":[141],"detection.":[146],"Based":[147],"GSTG-CAP,":[149],"build":[151],"novel":[153],"detector":[157],"SYMGX":[159,169,187],"According":[165],"our":[167],"evaluation,":[168],"find":[171],"30":[172],"0-DAY":[173],"14":[176],"open-source":[177],"projects,":[178],"which":[181],"been":[183],"confirmed":[184],"by":[185],"developers.":[186],"also":[188],"outperforms":[189],"two":[190],"state-of-the-art":[191],"tools,":[192],"COIN":[193],"TeeRex,":[195],"terms":[197],"effectiveness,":[199],"efficiency,":[200],"accuracy.":[202]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}