{"id":"https://openalex.org/W4411403434","doi":"https://doi.org/10.1145/3744901","title":"<scp>FAVDisco</scp> : Modeling and Discovering File Access Vulnerabilities","display_name":"<scp>FAVDisco</scp> : Modeling and Discovering File Access Vulnerabilities","publication_year":2025,"publication_date":"2025-06-18","ids":{"openalex":"https://openalex.org/W4411403434","doi":"https://doi.org/10.1145/3744901"},"language":"en","primary_location":{"id":"doi:10.1145/3744901","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3744901","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109699074","display_name":"Beibei Zhao","orcid":"https://orcid.org/0009-0007-6066-8044"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Beibei Zhao","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":"https://orcid.org/0009-0007-6066-8044","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052227670","display_name":"Wenjie Feng","orcid":"https://orcid.org/0000-0003-3636-0035"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenjie Feng","raw_affiliation_strings":["School of Artificial Intelligence and Data Science, University of Science and Technology of China, Hefei, China","University of Science and Technology of China, China"],"raw_orcid":"https://orcid.org/0000-0003-3636-0035","affiliations":[{"raw_affiliation_string":"School of Artificial Intelligence and Data Science, University of Science and Technology of China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]},{"raw_affiliation_string":"University of Science and Technology of China, China","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102754423","display_name":"Qingli Guo","orcid":"https://orcid.org/0000-0002-3587-634X"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingli Guo","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":"https://orcid.org/0000-0002-3587-634X","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100526033","display_name":"Yingli Sun","orcid":"https://orcid.org/0009-0009-7313-0256"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yingli Sun","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":"https://orcid.org/0009-0009-7313-0256","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090345297","display_name":"Fangming Gu","orcid":"https://orcid.org/0000-0002-2531-4642"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fangming Gu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":"https://orcid.org/0000-0002-2531-4642","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016907684","display_name":"Bolun Zhang","orcid":"https://orcid.org/0009-0003-1287-096X"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bolun Zhang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":"https://orcid.org/0009-0003-1287-096X","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101070277","display_name":"Xiaorui Gong","orcid":"https://orcid.org/0009-0005-8203-1496"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaorui Gong","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":"https://orcid.org/0009-0005-8203-1496","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100339431","display_name":"Hong Li","orcid":"https://orcid.org/0000-0003-1353-7838"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hong Li","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":"https://orcid.org/0000-0003-1353-7838","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5109699074"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.15123125,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"35","issue":"4","first_page":"1","last_page":"33"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8795181512832642},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6934845447540283},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42910927534103394}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8795181512832642},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6934845447540283},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42910927534103394}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3744901","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3744901","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7599999904632568}],"awards":[{"id":"https://openalex.org/G578837657","display_name":null,"funder_award_id":"62202465","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320325599","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2051990174","https://openalex.org/W2078186835","https://openalex.org/W2095881341","https://openalex.org/W2104577574","https://openalex.org/W2139550682","https://openalex.org/W2300491161","https://openalex.org/W2963894653","https://openalex.org/W3109124773","https://openalex.org/W4248234759","https://openalex.org/W4289038676","https://openalex.org/W4308391493","https://openalex.org/W4388483438","https://openalex.org/W4408750175"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W4388150944","https://openalex.org/W4242235492","https://openalex.org/W2390279801","https://openalex.org/W4387985143","https://openalex.org/W4362599004","https://openalex.org/W2808242528","https://openalex.org/W1567638270"],"abstract_inverted_index":{"File":[0,126],"access":[1,16],"vulnerabilities":[2],"(FAVs)":[3],"are":[4],"one":[5],"type":[6],"of":[7,14,71,102,193],"security":[8],"weakness":[9],"arising":[10],"from":[11,195],"adversary":[12,91,141],"manipulations":[13],"file":[15,103,121],"inputs,":[17],"posing":[18],"significant":[19],"threats":[20],"to":[21,31,128,148],"system":[22],"integrity.":[23],"Despite":[24],"their":[25],"prevalence,":[26],"FAVs":[27,115,178],"remain":[28],"underexplored":[29],"due":[30],"limited":[32],"understanding,":[33],"complex":[34],"triggering":[35],"scenarios,":[36],"and":[37,39,49,68,83,92,100,119,133,161,189],"stealthy":[38],"diverse":[40,130],"manifestations;":[41],"these":[42,75],"challenges":[43],"render":[44],"current":[45],"detection":[46,146,168],"approaches":[47],"incomplete":[48],"inaccurate.":[50],"To":[51],"this":[52],"end,":[53],"we":[54,77,106],"conducted":[55],"an":[56,79,134],"in-depth":[57],"empirical":[58],"study":[59],"across":[60],"204":[61],"file-related":[62],"CVEs,":[63],"uncovering":[64],"the":[65,90,165],"root":[66],"cause":[67],"trigger":[69],"mechanisms":[70],"FAVs.":[72,150],"Based":[73],"on":[74,152,164],"findings,":[76],"propose":[78,107],"exhaustive":[80],"accessing":[81],"model":[82,87],"a":[84,110,125,139,191],"specialized":[85],"threat":[86],"that":[88,137],"define":[89],"attack":[93],"surface":[94],"for":[95,113],"FAVs,":[96],"enabling":[97],"systematic":[98],"attribution":[99],"analysis":[101],"operations.":[104,122],"Furthermore,":[105],"FAVDisco":[108,154],",":[109],"novel":[111],"framework":[112],"discovering":[114],"by":[116],"mutating,":[117],"triggering,":[118],"analyzing":[120],"It":[123],"employs":[124],"Mutator":[127],"simulate":[129],"execution":[131],"scenarios":[132],"FAV":[135,167],"Checker":[136],"integrates":[138],"model-based":[140],"controllable":[142],"checker":[143],"with":[144,158,184],"pattern-based":[145],"rules":[147],"identify":[149],"Implemented":[151],"Windows,":[153],"achieves":[155],"remarkable":[156],"performance":[157],"92.1%":[159],"precision":[160],"83.3%":[162],"recall":[163],"disclosed":[166],"task,":[169],"outperforming":[170],"state-of-the-art":[171],"methods.":[172],"Moreover,":[173],"it":[174],"uncovers":[175],"13":[176],"zero-day":[177],"in":[179],"10":[180],"widely":[181],"used":[182],"services,":[183],"six":[185],"assigned":[186],"new":[187],"CVEs":[188],"earning":[190],"reward":[192],"$29,000":[194],"Microsoft":[196],"Security":[197],"Response":[198],"Center.":[199]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}