{"id":"https://openalex.org/W4416549533","doi":"https://doi.org/10.1145/3719027.3765217","title":"Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security","display_name":"Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549533","doi":"https://doi.org/10.1145/3719027.3765217"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765217","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765217","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3719027.3765217","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023491685","display_name":"D.Y. Kim","orcid":"https://orcid.org/0009-0003-8663-0731"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Dong-uk Kim","raw_affiliation_strings":["KAIST, Daejeon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"KAIST, Daejeon, Republic of Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017707432","display_name":"J.-J. Park","orcid":"https://orcid.org/0009-0001-2165-5810"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"JunYoung Park","raw_affiliation_strings":["KAIST, Daejeon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"KAIST, Daejeon, Republic of Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067902158","display_name":"Sanghak Oh","orcid":"https://orcid.org/0000-0002-5047-5683"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sanghak Oh","raw_affiliation_strings":["Sungkyunkwan University, Suwon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016563574","display_name":"Hyoungshick Kim","orcid":"https://orcid.org/0000-0002-1605-3866"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Hyoungshick Kim","raw_affiliation_strings":["Sungkyunkwan University, Suwon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059899443","display_name":"Insu Yun","orcid":"https://orcid.org/0000-0001-8931-2833"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Insu Yun","raw_affiliation_strings":["KAIST, Daejeon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"KAIST, Daejeon, Republic of Korea","institution_ids":["https://openalex.org/I157485424"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5023491685"],"corresponding_institution_ids":["https://openalex.org/I157485424"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.20144633,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"3900","last_page":"3914"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.7723000049591064,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.7723000049591064,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.06750000268220901,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.04820000007748604,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/microsoft-windows","display_name":"Microsoft Windows","score":0.6040999889373779},{"id":"https://openalex.org/keywords/windows-rally","display_name":"Windows Rally","score":0.47369998693466187},{"id":"https://openalex.org/keywords/file-system","display_name":"File system","score":0.45750001072883606},{"id":"https://openalex.org/keywords/group-policy","display_name":"Group Policy","score":0.4212000072002411},{"id":"https://openalex.org/keywords/backward-compatibility","display_name":"Backward compatibility","score":0.40049999952316284},{"id":"https://openalex.org/keywords/computer-file","display_name":"Computer file","score":0.3926999866962433},{"id":"https://openalex.org/keywords/desktop-window-manager","display_name":"Desktop Window Manager","score":0.3783999979496002},{"id":"https://openalex.org/keywords/software-versioning","display_name":"Software versioning","score":0.3781000077724457}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7218000292778015},{"id":"https://openalex.org/C508378895","wikidata":"https://www.wikidata.org/wiki/Q1406","display_name":"Microsoft Windows","level":3,"score":0.6040999889373779},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.522599995136261},{"id":"https://openalex.org/C128374937","wikidata":"https://www.wikidata.org/wiki/Q17048739","display_name":"Windows Rally","level":5,"score":0.47369998693466187},{"id":"https://openalex.org/C2780940931","wikidata":"https://www.wikidata.org/wiki/Q174989","display_name":"File system","level":2,"score":0.45750001072883606},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4219000041484833},{"id":"https://openalex.org/C84240569","wikidata":"https://www.wikidata.org/wiki/Q263678","display_name":"Group Policy","level":4,"score":0.4212000072002411},{"id":"https://openalex.org/C20574231","wikidata":"https://www.wikidata.org/wiki/Q844605","display_name":"Backward compatibility","level":2,"score":0.40049999952316284},{"id":"https://openalex.org/C95637964","wikidata":"https://www.wikidata.org/wiki/Q82753","display_name":"Computer file","level":2,"score":0.3926999866962433},{"id":"https://openalex.org/C765897","wikidata":"https://www.wikidata.org/wiki/Q1200785","display_name":"Desktop Window Manager","level":5,"score":0.3783999979496002},{"id":"https://openalex.org/C198140048","wikidata":"https://www.wikidata.org/wiki/Q10859422","display_name":"Software versioning","level":3,"score":0.3781000077724457},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.36390000581741333},{"id":"https://openalex.org/C527868296","wikidata":"https://www.wikidata.org/wiki/Q11230","display_name":"Windows Vista","level":4,"score":0.34119999408721924},{"id":"https://openalex.org/C2778648169","wikidata":"https://www.wikidata.org/wiki/Q967768","display_name":"Compatibility (geochemistry)","level":2,"score":0.33719998598098755},{"id":"https://openalex.org/C83599316","wikidata":"https://www.wikidata.org/wiki/Q1139104","display_name":"Wallpaper","level":2,"score":0.33320000767707825},{"id":"https://openalex.org/C531996449","wikidata":"https://www.wikidata.org/wiki/Q486487","display_name":"Windows NT","level":3,"score":0.29510000348091125},{"id":"https://openalex.org/C512140200","wikidata":"https://www.wikidata.org/wiki/Q488244","display_name":"Windows CE","level":4,"score":0.2858000099658966},{"id":"https://openalex.org/C82820731","wikidata":"https://www.wikidata.org/wiki/Q2640620","display_name":"Self-certifying File System","level":3,"score":0.27799999713897705},{"id":"https://openalex.org/C97250363","wikidata":"https://www.wikidata.org/wiki/Q235557","display_name":"File format","level":2,"score":0.27619999647140503},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.26010000705718994}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3765217","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765217","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3719027.3765217","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765217","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W2059507980","https://openalex.org/W2698406033","https://openalex.org/W2909986196","https://openalex.org/W2941123418","https://openalex.org/W3109124773","https://openalex.org/W4388858772","https://openalex.org/W4391725343","https://openalex.org/W4402263641"],"related_works":[],"abstract_inverted_index":{"File":[0],"systems":[1],"are":[2,80],"essential":[3],"components":[4],"of":[5,13,21,44,75,95],"modern":[6,144],"operating":[7,110],"systems,":[8],"with":[9,63,188],"Windows":[10,26,97,106,222],"being":[11],"one":[12],"the":[14,25,39,54,96,221],"most":[15,185],"dominant":[16],"platforms.":[17],"Recently,":[18],"a":[19,72,91,175],"series":[20],"attacks":[22,46],"have":[23,47],"exploited":[24,52],"file":[27,98,190,223],"system":[28,191],"to":[29,120,148],"trigger":[30],"serious":[31],"security":[32,78,121,214],"threats":[33],"such":[34,45],"as":[35],"privilege":[36],"escalation.":[37],"Over":[38],"past":[40],"several":[41],"years,":[42],"dozens":[43],"been":[48],"reported":[49],"and":[50,126,162,166,193,203,233],"even":[51],"in":[53,123,143,158,220],"wild.":[55],"However,":[56],"Microsoft":[57,229],"has":[58],"consistently":[59],"addressed":[60],"these":[61,117,150,170,235],"issues":[62],"targeted":[64],"patches":[65],"rather":[66],"than":[67],"fundamental":[68,236],"redesigns":[69],"\u2014":[70],"resembling":[71],"precarious":[73],"game":[74],"Jenga":[76],"where":[77],"measures":[79],"stacked":[81],"upon":[82],"an":[83],"unstable":[84],"foundation.":[85],"In":[86],"this":[87],"paper,":[88],"we":[89,103,114,137,154,182,199,226],"present":[90],"five-step":[92],"comprehensive":[93],"analysis":[94],"system's":[99],"design":[100,218],"weaknesses.":[101,237],"First,":[102],"analyze":[104,200],"how":[105,116],"differs":[107],"from":[108,217],"another":[109],"system,":[111],"Linux.":[112],"Second,":[113],"investigated":[115],"discrepancies":[118,151,192],"lead":[119],"vulnerabilities":[122],"real-world":[124],"applications":[125],"identified":[127],"13":[128],"high-impact":[129],"vulnerabilities,":[130],"including":[131],"11":[132],"previously":[133],"unknown":[134],"ones.":[135],"Third,":[136],"show":[138],"that":[139,184,228],"current":[140],"compatibility":[141,156],"layers":[142,157,171],"programming":[145,160],"languages":[146,161],"fail":[147],"handle":[149],"properly.":[152],"Specifically,":[153],"examined":[155],"six":[159],"found":[163,183],"27":[164],"non-compliant":[165],"9":[167],"inconsistencies,":[168],"rendering":[169],"unreliable.":[172],"Fourth,":[173],"through":[174],"user":[176],"study":[177],"involving":[178],"21":[179],"experienced":[180],"developers,":[181],"were":[186],"unfamiliar":[187],"OS-level":[189],"rarely":[194],"implemented":[195],"appropriate":[196],"mitigations.":[197],"Finally,":[198],"existing":[201],"countermeasures":[202],"discuss":[204],"their":[205],"limitations.":[206],"Our":[207],"findings":[208],"reveal":[209],"critical":[210],"yet":[211],"largely":[212],"obscured":[213],"risks":[215],"resulting":[216],"flaws":[219],"system.":[224],"Furthermore,":[225],"suggest":[227],"rethink":[230],"its":[231],"strategy":[232],"address":[234]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-23T00:00:00"}