{"id":"https://openalex.org/W4387321736","doi":"https://doi.org/10.1145/3607199.3607229","title":"All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and Detectability","display_name":"All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and Detectability","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387321736","doi":"https://doi.org/10.1145/3607199.3607229"},"language":"en","primary_location":{"id":"doi:10.1145/3607199.3607229","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607229","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://vtechworks.lib.vt.edu/bitstreams/0da0f941-f8ca-4d7f-bcbb-fed10259421a/download","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102897104","display_name":"Zeyu Chen","orcid":"https://orcid.org/0009-0003-8910-0242"},"institutions":[{"id":"https://openalex.org/I86501945","display_name":"University of Delaware","ror":"https://ror.org/01sbq1a82","country_code":"US","type":"education","lineage":["https://openalex.org/I86501945"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zeyu Chen","raw_affiliation_strings":["University of Delaware, USA"],"raw_orcid":"https://orcid.org/0009-0003-8910-0242","affiliations":[{"raw_affiliation_string":"University of Delaware, USA","institution_ids":["https://openalex.org/I86501945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053996887","display_name":"Daiping Liu","orcid":"https://orcid.org/0000-0002-9660-4444"},"institutions":[{"id":"https://openalex.org/I86501945","display_name":"University of Delaware","ror":"https://ror.org/01sbq1a82","country_code":"US","type":"education","lineage":["https://openalex.org/I86501945"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daiping Liu","raw_affiliation_strings":["University of Delaware, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-9660-4444","affiliations":[{"raw_affiliation_string":"University of Delaware, United States of America","institution_ids":["https://openalex.org/I86501945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076503447","display_name":"Jidong Xiao","orcid":"https://orcid.org/0000-0001-6807-9999"},"institutions":[{"id":"https://openalex.org/I165799507","display_name":"Rensselaer Polytechnic Institute","ror":"https://ror.org/01rtyzb94","country_code":"US","type":"education","lineage":["https://openalex.org/I165799507"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jidong Xiao","raw_affiliation_strings":["Rensselaer Polytechnic Institute, USA"],"raw_orcid":"https://orcid.org/0000-0001-6807-9999","affiliations":[{"raw_affiliation_string":"Rensselaer Polytechnic Institute, USA","institution_ids":["https://openalex.org/I165799507"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059795206","display_name":"Haining Wang","orcid":"https://orcid.org/0000-0002-4174-3009"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haining Wang","raw_affiliation_strings":["Virginia Tech, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-4174-3009","affiliations":[{"raw_affiliation_string":"Virginia Tech, United States of America","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5102897104"],"corresponding_institution_ids":["https://openalex.org/I86501945"],"apc_list":null,"apc_paid":null,"fwci":1.0225,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.81427116,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"623","last_page":"638"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7085620164871216},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6750894784927368},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5918980836868286},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5090510249137878},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.4489721655845642},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.4481123387813568},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.4181225597858429},{"id":"https://openalex.org/keywords/root","display_name":"Root (linguistics)","score":0.4162941575050354},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.38378384709358215},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21070080995559692},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.18937450647354126},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.08794420957565308}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7085620164871216},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6750894784927368},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5918980836868286},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5090510249137878},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.4489721655845642},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.4481123387813568},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.4181225597858429},{"id":"https://openalex.org/C171078966","wikidata":"https://www.wikidata.org/wiki/Q111029","display_name":"Root (linguistics)","level":2,"score":0.4162941575050354},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.38378384709358215},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21070080995559692},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.18937450647354126},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08794420957565308},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3607199.3607229","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607229","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/116595","is_oa":true,"landing_page_url":"http://hdl.handle.net/10919/116595","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/0da0f941-f8ca-4d7f-bcbb-fed10259421a/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"}],"best_oa_location":{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/116595","is_oa":true,"landing_page_url":"http://hdl.handle.net/10919/116595","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/0da0f941-f8ca-4d7f-bcbb-fed10259421a/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"},"sustainable_development_goals":[{"score":0.4699999988079071,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G8876996369","display_name":null,"funder_award_id":"N00014","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387321736.pdf","grobid_xml":"https://content.openalex.org/works/W4387321736.grobid-xml"},"referenced_works_count":47,"referenced_works":["https://openalex.org/W71566816","https://openalex.org/W1546956568","https://openalex.org/W1599830632","https://openalex.org/W1984471991","https://openalex.org/W1985679169","https://openalex.org/W1997394198","https://openalex.org/W2002934700","https://openalex.org/W2028820179","https://openalex.org/W2043811931","https://openalex.org/W2059278087","https://openalex.org/W2078186835","https://openalex.org/W2089750484","https://openalex.org/W2101161997","https://openalex.org/W2127321265","https://openalex.org/W2130745898","https://openalex.org/W2134028114","https://openalex.org/W2144706305","https://openalex.org/W2145458045","https://openalex.org/W2146649139","https://openalex.org/W2146878883","https://openalex.org/W2149263382","https://openalex.org/W2152519028","https://openalex.org/W2154557525","https://openalex.org/W2156858199","https://openalex.org/W2165266180","https://openalex.org/W2243109068","https://openalex.org/W2315953879","https://openalex.org/W2327265941","https://openalex.org/W2444080706","https://openalex.org/W2508576555","https://openalex.org/W2534728012","https://openalex.org/W2606752733","https://openalex.org/W2613534458","https://openalex.org/W2766540688","https://openalex.org/W2773223713","https://openalex.org/W2777430404","https://openalex.org/W2790465281","https://openalex.org/W2794889478","https://openalex.org/W2890363035","https://openalex.org/W2902381500","https://openalex.org/W2947565728","https://openalex.org/W3024830775","https://openalex.org/W4236649450","https://openalex.org/W4251707615","https://openalex.org/W4251803824","https://openalex.org/W4254616799","https://openalex.org/W4366324995"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W4312814274","https://openalex.org/W4306406268","https://openalex.org/W2886678613","https://openalex.org/W4386541577","https://openalex.org/W2789551765","https://openalex.org/W2537809616"],"abstract_inverted_index":{"Over":[0],"the":[1,10,25,43,47,79,109,121,141,176,199,224],"past":[2],"decade,":[3],"use-after-free":[4],"(UaF)":[5],"has":[6],"become":[7],"one":[8],"of":[9,14,50,72,84,144,183,198,226],"most":[11],"exploited":[12],"types":[13],"vulnerabilities.":[15,135,236],"To":[16],"address":[17],"this":[18],"increasing":[19],"threat,":[20],"we":[21,210,231],"need":[22],"to":[23,57,107,128,193],"advance":[24],"defense":[26],"in":[27,46,63,214,245],"multiple":[28,93],"directions,":[29],"such":[30,97],"as":[31,98,252,254],"UaF":[32,35,39,51,74,85,117,134,145,165,201,235,250],"vulnerability":[33],"detection,":[34,251],"exploit":[36],"defense,":[37],"and":[38,60,102,113,132,149,247,256],"bug":[40,217,241],"fix.":[41],"Unfortunately,":[42],"intricacy":[44],"rooted":[45],"temporal":[48],"nature":[49],"vulnerabilities":[52,202],"makes":[53],"it":[54],"quite":[55],"challenging":[56],"develop":[58],"effective":[59],"efficient":[61],"defenses":[62],"these":[64],"directions.":[65],"This":[66,76,160],"calls":[67],"for":[68,249],"an":[69,170],"in-depth":[70],"understanding":[71],"real-world":[73,116],"characteristics.":[75],"paper":[77],"presents":[78],"first":[80],"comprehensive":[81],"empirical":[82,122],"study":[83],"vulnerabilities,":[86],"with":[87,203,238],"150":[88,200],"cases":[89],"randomly":[90],"sampled":[91],"from":[92,115],"representative":[94],"software":[95],"suites,":[96],"Linux":[99],"kernel,":[100],"Python,":[101],"Mozilla":[103],"Firefox.":[104],"We":[105,173],"aim":[106],"identify":[108],"commonalities,":[110],"root":[111,142,177],"causes,":[112],"patterns":[114],"bugs,":[118],"so":[119],"that":[120,140,162],"results":[123],"can":[124,185],"provide":[125],"operational":[126],"guidance":[127],"avoid,":[129],"detect,":[130],"deter,":[131],"fix":[133],"Our":[136],"main":[137],"finding":[138],"is":[139,167],"causes":[143,178],"bugs":[146],"are":[147,151],"diverse,":[148],"they":[150],"not":[152,169],"evenly":[153],"or":[154],"equally":[155],"distributed":[156],"among":[157],"different":[158],"software.":[159],"implies":[161],"a":[163,195,215],"generic":[164],"detector/fuzzer":[166],"probably":[168],"optimal":[171],"solution.":[172],"further":[174],"categorize":[175],"into":[179,188],"11":[180,212],"patterns,":[181],"several":[182],"which":[184],"be":[186],"translated":[187],"simple":[189],"static":[190,216,240],"detection":[191],"rules":[192],"cover":[194],"large":[196],"portion":[197],"high":[204],"accuracy.":[205],"Motivated":[206],"by":[207],"our":[208],"findings,":[209],"implement":[211],"checkers":[213],"detector":[218],"called":[219],"Palfrey.":[220],"Running":[221],"Palfrey":[222,243],"on":[223],"code":[225],"popular":[227],"open":[228],"source":[229],"software,":[230],"detect":[232],"9":[233],"new":[234],"Compared":[237],"state-of-the-art":[239],"detectors,":[242],"outperforms":[244],"coverage":[246],"accuracy":[248],"well":[253],"time":[255],"memory":[257],"overhead.":[258]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}