{"id":"https://openalex.org/W7162486853","doi":"https://doi.org/10.48550/arxiv.2605.26665","title":"Resolving the Correct Library: A Loader-Level Defense Solution Against Shared Object Hijacking","display_name":"Resolving the Correct Library: A Loader-Level Defense Solution Against Shared Object Hijacking","publication_year":2026,"publication_date":"2026-05-26","ids":{"openalex":"https://openalex.org/W7162486853","doi":"https://doi.org/10.48550/arxiv.2605.26665"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.26665","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.26665","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.26665","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5137087952","display_name":"Can Ozkan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ozkan, Can","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5137163891","display_name":"Dave Singelee","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Singelee, Dave","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8838000297546387,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8838000297546387,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.032600000500679016,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.02539999969303608,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/loader","display_name":"Loader","score":0.6693000197410583},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5590000152587891},{"id":"https://openalex.org/keywords/object","display_name":"Object (grammar)","score":0.5514000058174133},{"id":"https://openalex.org/keywords/identity","display_name":"Identity (music)","score":0.4839000105857849},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.4706999957561493},{"id":"https://openalex.org/keywords/scheme","display_name":"Scheme (mathematics)","score":0.43810001015663147},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.4277999997138977},{"id":"https://openalex.org/keywords/mechanism","display_name":"Mechanism (biology)","score":0.39079999923706055},{"id":"https://openalex.org/keywords/interface","display_name":"Interface (matter)","score":0.3231000006198883}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8453999757766724},{"id":"https://openalex.org/C2779041774","wikidata":"https://www.wikidata.org/wiki/Q650550","display_name":"Loader","level":2,"score":0.6693000197410583},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5590000152587891},{"id":"https://openalex.org/C2781238097","wikidata":"https://www.wikidata.org/wiki/Q175026","display_name":"Object (grammar)","level":2,"score":0.5514000058174133},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5109999775886536},{"id":"https://openalex.org/C2778355321","wikidata":"https://www.wikidata.org/wiki/Q17079427","display_name":"Identity (music)","level":2,"score":0.4839000105857849},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.4706999957561493},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.43810001015663147},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.42809998989105225},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.4277999997138977},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.39079999923706055},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.3231000006198883},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.3224000036716461},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.32030001282691956},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3140000104904175},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.310699999332428},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.31049999594688416},{"id":"https://openalex.org/C2780070844","wikidata":"https://www.wikidata.org/wiki/Q857815","display_name":"Plug and play","level":2,"score":0.29660001397132874},{"id":"https://openalex.org/C169796023","wikidata":"https://www.wikidata.org/wiki/Q3708936","display_name":"Direct Anonymous Attestation","level":3,"score":0.29019999504089355},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.27959999442100525},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.27869999408721924},{"id":"https://openalex.org/C73752529","wikidata":"https://www.wikidata.org/wiki/Q79872","display_name":"Object-oriented programming","level":2,"score":0.2786000072956085},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.2685999870300293},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.2597000002861023},{"id":"https://openalex.org/C504728807","wikidata":"https://www.wikidata.org/wiki/Q180256","display_name":"Booting","level":2,"score":0.2567000091075897},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.2556000053882599}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.26665","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.26665","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.26665","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.26665","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Shared":[0],"library":[1,118,193],"hijacking":[2,48,119,194],"attacks":[3],"in":[4,51],"the":[5,18,65,97,103,106,137],"Linux":[6,172,177],"ecosystem,":[7],"including":[8],"embedded":[9,39,176],"Linux,":[10],"are":[11,72],"a":[12,91,122,128],"significant":[13],"concern.":[14],"It":[15],"fundamentally":[16,121],"exploits":[17],"dynamic":[19,43,138],"linker's":[20,139],"library-resolution":[21],"semantics":[22],"rather":[23,55],"than":[24,56],"modifying":[25],"trusted":[26,109],"libraries":[27,71],"directly.":[28],"Prior":[29],"research":[30],"has":[31],"extensively":[32],"analyzed":[33],"attack":[34],"vectors":[35],"exploiting":[36],"environment":[37],"variables,":[38],"search":[40],"paths,":[41],"and":[42,82,108,126,147,166,175],"loader":[44,53,104],"internals,":[45],"demonstrating":[46],"that":[47,116,132,186],"is":[49,105,120],"rooted":[50],"fundamental":[52],"behavior":[54],"isolated":[57],"misconfigurations.":[58],"Existing":[59],"defenses":[60],"either":[61],"harden":[62],"or":[63,74],"replace":[64],"loader,":[66],"enforce":[67],"control-flow":[68],"integrity":[69,77],"after":[70],"loaded,":[73],"apply":[75],"file-centric":[76],"mechanisms":[78],"such":[79],"as":[80],"signatures":[81],"measurement":[83],"frameworks.":[84],"However,":[85],"these":[86],"approaches":[87],"fail":[88],"to":[89],"address":[90],"critical":[92],"gap:":[93],"none":[94],"verify":[95],"whether":[96],"shared":[98,117,192],"object":[99],"actually":[100],"resolved":[101],"by":[102],"intended":[107],"one.":[110],"In":[111],"this":[112],"paper,":[113],"we":[114],"argue":[115],"loader-resolution":[123],"authenticity":[124,134],"problem":[125],"present":[127],"loader-centric":[129],"verification":[130],"framework":[131],"enforces":[133],"guarantees":[135],"for":[136],"resolution":[140],"process.":[141],"Our":[142,183],"design":[143],"supports":[144],"both":[145,170],"path-bound":[146],"location-independent":[148],"(i.e.,":[149],"Build-ID-based)":[150],"identity":[151],"models":[152],"combined":[153],"with":[154],"cryptographic":[155],"hashing.":[156],"We":[157],"implement":[158],"our":[159,187],"approach":[160],"on":[161,169],"GNU":[162],"libc":[163],"(glibc)":[164],"systems":[165],"evaluate":[167],"it":[168],"general-purpose":[171],"(e.g.,":[173,178],"Ubuntu)":[174],"Buildroot)":[179],"environments":[180],"under":[181],"emulation.":[182],"results":[184],"demonstrate":[185],"proposed":[188],"mechanism":[189],"indeed":[190],"prevents":[191],"attacks.":[195]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-05-28T00:00:00"}