{"id":"https://openalex.org/W3186907963","doi":"https://doi.org/10.23919/date51398.2021.9473979","title":"Towards Automated Detection of Higher-Order Memory Corruption Vulnerabilities in Embedded Devices","display_name":"Towards Automated Detection of Higher-Order Memory Corruption Vulnerabilities in Embedded Devices","publication_year":2021,"publication_date":"2021-02-01","ids":{"openalex":"https://openalex.org/W3186907963","doi":"https://doi.org/10.23919/date51398.2021.9473979","mag":"3186907963"},"language":"en","primary_location":{"id":"doi:10.23919/date51398.2021.9473979","is_oa":false,"landing_page_url":"https://doi.org/10.23919/date51398.2021.9473979","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 Design, Automation &amp; Test in Europe Conference &amp; Exhibition (DATE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100774255","display_name":"Yu Lei","orcid":"https://orcid.org/0000-0003-4321-0385"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Lei Yu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101937754","display_name":"Linyu Li","orcid":"https://orcid.org/0009-0005-8626-0608"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Linyu Li","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060400009","display_name":"Haoyu Wang","orcid":"https://orcid.org/0000-0002-2770-1953"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100357631","display_name":"Xiaoyu Wang","orcid":"https://orcid.org/0000-0003-0161-3119"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaoyu Wang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040783547","display_name":"Houhua He","orcid":"https://orcid.org/0000-0002-6043-4068"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Houhua He","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5112932908","display_name":"Xiaorui Gong","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaorui Gong","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100774255"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.136,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.53938775,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1707","last_page":"1710"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8564850091934204},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8199862837791443},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6503772735595703},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5200421810150146},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.48194384574890137},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.47645309567451477},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.4622129797935486},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.4228549003601074},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.4179842472076416},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26880478858947754}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8564850091934204},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8199862837791443},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6503772735595703},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5200421810150146},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.48194384574890137},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.47645309567451477},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.4622129797935486},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.4228549003601074},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.4179842472076416},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26880478858947754},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/date51398.2021.9473979","is_oa":false,"landing_page_url":"https://doi.org/10.23919/date51398.2021.9473979","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 Design, Automation &amp; Test in Europe Conference &amp; Exhibition (DATE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.8100000023841858}],"awards":[{"id":"https://openalex.org/G6786717514","display_name":null,"funder_award_id":"62032010","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W2782780792","https://openalex.org/W2791018263","https://openalex.org/W2965717902","https://openalex.org/W2982374693","https://openalex.org/W3015383024","https://openalex.org/W6766830175"],"related_works":["https://openalex.org/W2394695306","https://openalex.org/W2062143426","https://openalex.org/W2014320173","https://openalex.org/W4200282997","https://openalex.org/W3084204810","https://openalex.org/W2805947224","https://openalex.org/W1507845365","https://openalex.org/W3186090269","https://openalex.org/W2349564419","https://openalex.org/W2531002899"],"abstract_inverted_index":{"The":[0],"rapid":[1],"growth":[2],"and":[3,24,35,44,88,108,143,163,200,223],"limited":[4],"security":[5,27],"protection":[6],"of":[7,15,111,137,218],"the":[8,13,51,57,80,85,112,155,177,247],"networked":[9],"embedded":[10,53,58,81,212,226],"devices":[11],"put":[12],"threat":[14],"remote":[16],"code":[17,105],"execution":[18,106],"related":[19],"memory":[20,37,70,140,148,173,199,220],"corruption":[21,38,141,149,221],"attacks":[22,107,142],"front":[23],"center":[25],"among":[26],"concerns.":[28],"Current":[29],"detection":[30,232],"approaches":[31],"can":[32,153,233],"detect":[33,191],"single-step":[34],"single-process":[36],"vulnerabilities":[39,150,162,222],"well":[40],"by":[41,176],"fuzzing":[42],"tests,":[43],"often":[45],"assume":[46],"that":[47,170,194,230],"data":[48,167,182,192],"stored":[49],"in":[50,93,114,120],"current":[52],"device":[54,59,113],"or":[55],"even":[56],"connected":[60],"to":[61,78,83,103,172,190,198],"it":[62],"is":[63,188,207],"safe.":[64],"However,":[65],"an":[66,210,237],"adversary":[67],"might":[68],"corrupt":[69],"via":[71],"multi-step":[72,139,157],"exploits":[73,100],"if":[74],"she":[75],"manages":[76],"first":[77],"abuse":[79],"application":[82],"store":[84],"attack":[86],"payload":[87,92],"later":[89],"use":[90],"this":[91],"a":[94,134,180],"security-critical":[95],"operation":[96],"on":[97,209],"memory.":[98],"These":[99],"usually":[101],"lead":[102],"persistent":[104],"complete":[109],"control":[110],"practice":[115],"but":[116],"are":[117],"rarely":[118],"covered":[119],"state-of-the-art":[121],"dynamic":[122,181],"testing":[123],"techniques.":[124],"To":[125],"address":[126],"these":[127,161],"stealthy":[128],"yet":[129],"harmful":[130],"threats,":[131],"we":[132],"identify":[133,202],"large":[135],"class":[136],"such":[138],"define":[144],"them":[145],"as":[146],"higher-order":[147,219],"(HOMCVs).":[151],"We":[152,228],"abstract":[154,178],"detailed":[156],"exploit":[158],"models":[159],"for":[160],"expose":[164],"various":[165],"attacker-controllable":[166],"stores":[168,193],"(ACDS)":[169],"contribute":[171],"corruption.":[174],"Aided":[175],"models,":[179],"flow":[183],"tracking":[184],"(DDFA)":[185],"based":[186],"solution":[187],"developed":[189],"would":[195],"be":[196,234],"transferred":[197],"then":[201],"HOMCVs.":[203],"Our":[204],"proposed":[205],"method":[206],"validated":[208],"experimental":[211],"system":[213,239],"injected":[214],"with":[215,236],"different":[216],"variants":[217],"two":[224],"real-world":[225],"devices.":[227],"demonstrate":[229],"successful":[231],"accomplished":[235],"automatic":[238],"named":[240],"Higher-Order":[241],"Fuzzing":[242],"Framework":[243],"(HOFF)":[244],"which":[245],"realizes":[246],"DDFA-based":[248],"solution.":[249]},"counts_by_year":[{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}