{"id":"https://openalex.org/W4405181472","doi":"https://doi.org/10.1145/3658644.3690320","title":"CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel","display_name":"CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405181472","doi":"https://doi.org/10.1145/3658644.3690320"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690320","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690320","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690320","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690320","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052766142","display_name":"Suhua Bai","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Shuangpeng Bai","raw_affiliation_strings":["The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023766341","display_name":"Zhechang Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhechang Zhang","raw_affiliation_strings":["The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102150414","display_name":"Hong Hu","orcid":"https://orcid.org/0000-0002-6261-3190"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hong Hu","raw_affiliation_strings":["The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5052766142"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":1.3627,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.85011183,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1315","last_page":"1329"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10054","display_name":"Parallel Computing and Optimization Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11005","display_name":"Radiation Effects in Electronics","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.8004521727561951},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7861248254776001},{"id":"https://openalex.org/keywords/countdown","display_name":"Countdown","score":0.6994529366493225},{"id":"https://openalex.org/keywords/linux-kernel","display_name":"Linux kernel","score":0.6167981028556824},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.5600534081459045},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.47228890657424927},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4686448276042938},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.41305142641067505},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2551301121711731},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2318238914012909},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08992049098014832}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.8004521727561951},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7861248254776001},{"id":"https://openalex.org/C2779700847","wikidata":"https://www.wikidata.org/wiki/Q775594","display_name":"Countdown","level":2,"score":0.6994529366493225},{"id":"https://openalex.org/C553261973","wikidata":"https://www.wikidata.org/wiki/Q14579","display_name":"Linux kernel","level":2,"score":0.6167981028556824},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.5600534081459045},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.47228890657424927},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4686448276042938},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.41305142641067505},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2551301121711731},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2318238914012909},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08992049098014832},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690320","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690320","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690320","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690320","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690320","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690320","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3061881048","display_name":"CAREER: Enhancing Practical Defense Mechanisms against Memory Errors and Attacks","funder_award_id":"2339848","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8976127274","display_name":null,"funder_award_id":"CNS- 2247652,CNS-2339848","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405181472.pdf","grobid_xml":"https://content.openalex.org/works/W4405181472.grobid-xml"},"referenced_works_count":24,"referenced_works":["https://openalex.org/W71566816","https://openalex.org/W1965601529","https://openalex.org/W2002934700","https://openalex.org/W2094619820","https://openalex.org/W2315953879","https://openalex.org/W2535617737","https://openalex.org/W2751343396","https://openalex.org/W2766711930","https://openalex.org/W2888922197","https://openalex.org/W2927543040","https://openalex.org/W2971648419","https://openalex.org/W3007127028","https://openalex.org/W3082117927","https://openalex.org/W3158969310","https://openalex.org/W3207016455","https://openalex.org/W3211835121","https://openalex.org/W4288057707","https://openalex.org/W4308642904","https://openalex.org/W4324007206","https://openalex.org/W4385080390","https://openalex.org/W4385899890","https://openalex.org/W4397028768","https://openalex.org/W4402263592","https://openalex.org/W7045352932"],"related_works":["https://openalex.org/W2924291353","https://openalex.org/W3113028789","https://openalex.org/W614438062","https://openalex.org/W2966992680","https://openalex.org/W4288057707","https://openalex.org/W4399336006","https://openalex.org/W3173990398","https://openalex.org/W2016562931","https://openalex.org/W3006186133","https://openalex.org/W4391769441"],"abstract_inverted_index":{"Kernel":[0],"use-after-free":[1],"(UAF)":[2],"bugs":[3,26,68,170],"are":[4,27,188],"severe":[5],"threats":[6],"to":[7,11,116,126,137],"system":[8],"security":[9],"due":[10],"their":[12],"complex":[13,128],"root":[14,59],"causes":[15],"and":[16,70,72,102,134,143,156,171,190],"high":[17],"exploitability.We":[18],"find":[19],"that":[20,119],"36.1%":[21],"of":[22,32,53,57],"recent":[23],"kernel":[24,39,93,100,183],"UAF":[25,37,67,82,169],"caused":[28],"by":[29],"improper":[30],"uses":[31],"reference":[33],"counters,":[34],"dubbed":[35],"refcount-related":[36,66,81],"bugs.Current":[38],"fuzzing":[40],"tools":[41],"based":[42,106],"on":[43,107,152],"code":[44],"coverage":[45],"can":[46,165],"detect":[47,166],"common":[48],"memory":[49,184],"errors,":[50],"but":[51],"none":[52],"them":[54],"is":[55,192],"aware":[56],"the":[58,122,140],"cause.As":[60],"a":[61,90],"consequence,":[62],"they":[63],"only":[64],"trigger":[65,80,127,144],"passively":[69],"coincidentally,":[71],"may":[73],"miss":[74],"many":[75],"deep":[76],"hidden":[77],"vulnerabilities.To":[78],"actively":[79],"bugs,":[83,185],"in":[84],"this":[85],"paper,":[86],"we":[87],"propose":[88],"CountDown,":[89],"novel":[91],"refcount-guided":[92],"fuzzer.CountDown":[94],"collects":[95],"diverse":[96],"refcount":[97,129],"operations":[98],"from":[99],"executions":[101],"reshapes":[103],"syscall":[104],"relations":[105],"commonly":[108],"accessed":[109],"refcounts.When":[110],"generating":[111],"user-space":[112],"programs,":[113],"CountDown":[114,151],"prefers":[115],"combine":[117],"syscalls":[118,136],"ever":[120],"access":[121],"same":[123],"refcounts,":[124],"aiming":[125],"behaviors.It":[130],"also":[131],"injects":[132],"refcountdecreasing":[133],"refcount-accessing":[135],"intentionally":[138],"free":[139],"refcounted":[141],"object":[142],"invalid":[145],"accesses":[146],"through":[147],"dangling":[148],"pointers.We":[149],"test":[150],"mainstream":[153],"Linux":[154],"kernels":[155],"compare":[157],"it":[158],"with":[159],"popular":[160],"fuzzers.On":[161],"average,":[162],"our":[163],"tool":[164],"66.1%":[167],"more":[168,173],"32.9%":[172],"KASAN":[174],"reports":[175],"than":[176],"stateof-the-art":[177],"tools.CountDown":[178],"has":[179],"found":[180],"nine":[181],"new":[182],"where":[186],"two":[187],"fixed":[189],"one":[191],"confirmed.":[193]},"counts_by_year":[{"year":2025,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}