{"id":"https://openalex.org/W4405203689","doi":"https://doi.org/10.1145/3658644.3690376","title":"CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon","display_name":"CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405203689","doi":"https://doi.org/10.1145/3658644.3690376"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690376","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690376","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690376","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690376","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5115604663","display_name":"Jiaxun Zhu","orcid":"https://orcid.org/0009-0005-4288-4590"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jiaxun Zhu","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103527114","display_name":"Ming\u2010Han Lin","orcid":"https://orcid.org/0009-0004-5776-4789"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Minghao Lin","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101752838","display_name":"Tingting Yin","orcid":"https://orcid.org/0000-0003-1231-4050"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tingting Yin","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115068541","display_name":"Zechao Cai","orcid":"https://orcid.org/0009-0008-8354-9985"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zechao Cai","raw_affiliation_strings":["Columbia University, New York, USA"],"affiliations":[{"raw_affiliation_string":"Columbia University, New York, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yu Wang","orcid":"https://orcid.org/0009-0000-4289-977X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yu Wang","raw_affiliation_strings":["Cyberserval Co., Ltd., Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Cyberserval Co., Ltd., Hangzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044721876","display_name":"Rui Chang","orcid":"https://orcid.org/0000-0002-0178-0171"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rui Chang","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039734151","display_name":"Wenbo Shen","orcid":"https://orcid.org/0000-0003-2899-6121"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenbo Shen","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5115604663"],"corresponding_institution_ids":["https://openalex.org/I76130692"],"apc_list":null,"apc_paid":null,"fwci":1.0267,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.77771301,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"3749","last_page":"3762"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9619767665863037},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8460620641708374},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4902265667915344},{"id":"https://openalex.org/keywords/memory-leak","display_name":"Memory leak","score":0.4254082441329956},{"id":"https://openalex.org/keywords/memory-safety","display_name":"Memory safety","score":0.4132026731967926},{"id":"https://openalex.org/keywords/memory-management","display_name":"Memory management","score":0.38074570894241333},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.16099083423614502},{"id":"https://openalex.org/keywords/semiconductor-memory","display_name":"Semiconductor memory","score":0.15866664052009583}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9619767665863037},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8460620641708374},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4902265667915344},{"id":"https://openalex.org/C156731835","wikidata":"https://www.wikidata.org/wiki/Q751740","display_name":"Memory leak","level":4,"score":0.4254082441329956},{"id":"https://openalex.org/C28180684","wikidata":"https://www.wikidata.org/wiki/Q4080983","display_name":"Memory safety","level":3,"score":0.4132026731967926},{"id":"https://openalex.org/C176649486","wikidata":"https://www.wikidata.org/wiki/Q2308807","display_name":"Memory management","level":3,"score":0.38074570894241333},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.16099083423614502},{"id":"https://openalex.org/C98986596","wikidata":"https://www.wikidata.org/wiki/Q1143031","display_name":"Semiconductor memory","level":2,"score":0.15866664052009583}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690376","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690376","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690376","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690376","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690376","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690376","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4845974955","display_name":null,"funder_award_id":"2022YFE0113200","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405203689.pdf","grobid_xml":"https://content.openalex.org/works/W4405203689.grobid-xml"},"referenced_works_count":5,"referenced_works":["https://openalex.org/W2759550170","https://openalex.org/W2765435026","https://openalex.org/W3155065762","https://openalex.org/W3212828841","https://openalex.org/W4318541572"],"related_works":["https://openalex.org/W2572740268","https://openalex.org/W3118592480","https://openalex.org/W3093824853","https://openalex.org/W2182829270","https://openalex.org/W2939998072","https://openalex.org/W3048076421","https://openalex.org/W2102012911","https://openalex.org/W2532001921","https://openalex.org/W2390439291","https://openalex.org/W645076581"],"abstract_inverted_index":{"Modern":[0],"computing":[1],"systems":[2],"increasingly":[3],"utilize":[4],"XPUs,":[5],"such":[6],"as":[7],"GPUs":[8],"and":[9,61,83,153,177],"NPUs,":[10],"for":[11],"specialized":[12],"computation":[13],"tasks.While":[14],"these":[15,138,162],"XPUs":[16],"provide":[17],"critical":[18],"functionalities,":[19],"their":[20],"security":[21],"protections":[22],"are":[23],"generally":[24],"weaker":[25],"than":[26],"those":[27],"of":[28,134,197],"CPUs,":[29],"making":[30],"them":[31],"attractive":[32],"attack":[33,73,121],"targets.In":[34],"particular,":[35],"Apple":[36,110],"silicon":[37,111],"optimizes":[38],"memory":[39,45,51,65,81,90,128,152,175],"usage":[40],"by":[41,99,113,202],"adopting":[42],"a":[43,71,91],"unified":[44],"architecture":[46],"(UMA),":[47],"which":[48,198],"employs":[49],"shared":[50,80],"regions":[52,82,149],"(termed":[53],"cross-XPU":[54,64,89,115,127,151,174],"memory)":[55],"to":[56,117,130,145,158,172],"facilitate":[57],"communication":[58],"between":[59],"CPUs":[60],"XPUs.Although":[62],"the":[63,75,106,132,169],"enhances":[66],"performance,":[67],"it":[68,189],"also":[69],"introduces":[70,141],"new":[72,120,193],"surface.Unfortunately,":[74],"difficulty":[76],"in":[77,150],"identifying":[78],"effective":[79,147],"generating":[84],"valid":[85],"payloads":[86],"makes":[87],"fuzzing":[88,101,114,135,148],"challenging":[92],"problem":[93],"that":[94],"cannot":[95],"be":[96],"resolved":[97],"effectively":[98],"existing":[100],"techniques.Therefore,":[102],"we":[103,123,164],"propose":[104],"CrossFire,":[105],"first":[107],"fuzzer":[108],"targeting":[109],"XPU":[112],"memory,":[116],"evaluate":[118,183],"this":[119],"surface.Initially,":[122],"conduct":[124],"an":[125],"in-depth":[126],"analysis":[129],"investigate":[131],"challenges":[133],"XPU.To":[136],"address":[137],"challenges,":[139],"CrossFire":[140,166,184],"two":[142],"novel":[143],"techniques":[144],"pinpoint":[146],"trace":[154],"kernel":[155],"execution":[156],"information":[157],"extract":[159],"data":[160],"constraints.Leveraging":[161],"techniques,":[163],"develop":[165],"based":[167],"on":[168,185],"m1n1":[170],"hypervisor":[171],"monitor":[173],"accesses":[176],"perform":[178],"grey-box":[179],"hooking-based":[180],"fuzzing.We":[181],"further":[182],"macOS":[186],"Ventura,":[187],"where":[188],"has":[190],"identified":[191],"15":[192],"zero-day":[194],"bugs,":[195],"8":[196],"have":[199],"been":[200],"confirmed":[201],"Apple.":[203]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}