{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:15:35Z","timestamp":1763507735258,"version":"3.40.3"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030299613"},{"type":"electronic","value":"9783030299620"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-29962-0_1","type":"book-chapter","created":{"date-parts":[[2019,9,14]],"date-time":"2019-09-14T23:04:10Z","timestamp":1568502250000},"page":"3-25","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Automatically Identifying Security Checks for Detecting Kernel Semantic Bugs"],"prefix":"10.1007","author":[{"given":"Kangjie","family":"Lu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aditya","family":"Pakki","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qiushi","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,9,15]]},"reference":[{"issue":"4","key":"1_CR1","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1145\/2775054.2694386","volume":"50","author":"Nathan Dautenhahn","year":"2015","unstructured":"Dautenhahn, N., Kasampalis, T., Dietz, W., Criswell, J., Adve, V.: Nested kernel: an operating system architecture for intra-kernel privilege separation. In: ACM SIGPLAN Notices, vol. 50, pp. 191\u2013206. ACM (2015)","journal-title":"ACM SIGPLAN Notices"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Dillig, I., Dillig, T., Aiken, A.: Static error detection using semantic inconsistency inference. In: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007 (2007)","DOI":"10.1145\/1250734.1250784"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Gan, S., et al.: CollAFL: path sensitive fuzzing. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 679\u2013696. IEEE (2018)","DOI":"10.1109\/SP.2018.00040"},{"key":"1_CR4","unstructured":"Gunawi, H.S., Rubio-Gonz\u00e1lez, C., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H., Liblit, B.: EIO: error handling is occasionally correct. In: FAST, vol. 8, pp. 1\u201316 (2008)"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Hardekopf, B., Lin, C.: The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In: ACM SIGPLAN Notices, vol. 42, pp. 290\u2013299. ACM (2007)","DOI":"10.1145\/1273442.1250767"},{"key":"1_CR6","unstructured":"InfoSec Institute: Exploiting Windows Drivers: Double-fetch Race Condition Vulnerability (2016). http:\/\/resources.infosecinstitute.com\/exploiting-windows-drivers-double-fetch-race-condition-vulnerability"},{"key":"1_CR7","unstructured":"Jana, S., Kang, Y.J., Roth, S., Ray, B.: Automatically detecting error handling bugs using error specifications. In: USENIX Security Symposium, pp. 345\u2013362 (2016)"},{"key":"1_CR8","doi-asserted-by":"crossref","unstructured":"Kang, Y., Ray, B., Jana, S.: APEx: automated inference of error specifications for C APIs. In: Proceedings of the 31st IEEE\/ACM International Conference on Automated Software Engineering, pp. 472\u2013482. ACM (2016)","DOI":"10.1145\/2970276.2970354"},{"key":"1_CR9","unstructured":"Kim, S.Y., et al.: CAB-FUZZ: practical concolic testing techniques for COTS operating systems. In: 2017 USENIX Annual Technical Conference (USENIX ATC 2017), pp. 689\u2013701 (2017)"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Klees, G., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2123\u20132138. ACM (2018)","DOI":"10.1145\/3243734.3243804"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Koning, K., Chen, X., Bos, H., Giuffrida, C., Athanasopoulos, E.: No need to hide: protecting safe regions on commodity hardware. In: Proceedings of the Twelfth European Conference on Computer Systems, pp. 437\u2013452. ACM (2017)","DOI":"10.1145\/3064176.3064217"},{"key":"1_CR12","unstructured":"Kremenek, T., Twohey, P., Back, G., Ng, A., Engler, D.: From uncertainty to belief: inferring the specification within. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI 2006 (2006)"},{"key":"1_CR13","doi-asserted-by":"crossref","unstructured":"Lu, K., Walter, M.T., Pfaff, D., N\u00fcmberger, S., Lee, W., Backes, M.: Unleashing use-before-initialization vulnerabilities in the Linux kernel using targeted stack spraying. In: NDSS (2017)","DOI":"10.14722\/ndss.2017.23387"},{"issue":"2","key":"1_CR14","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1145\/2980024.2872389","volume":"44","author":"J Mao","year":"2016","unstructured":"Mao, J., Chen, Y., Xiao, Q., Shi, Y.: RID: finding reference count bugs with inconsistent path pair checking. ACM SIGARCH Comput. Archit. News 44(2), 531\u2013544 (2016)","journal-title":"ACM SIGARCH Comput. Archit. News"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"Min, C., Kashyap, S., Lee, B., Song, C., Kim, T.: Cross-checking semantic correctness: the case of finding file system bugs. In: Proceedings of the 25th Symposium on Operating Systems Principles, pp. 361\u2013377. ACM (2015)","DOI":"10.1145\/2815400.2815422"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1007\/978-3-030-00470-5_17","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"L Mogosanu","year":"2018","unstructured":"Mogosanu, L., Rane, A., Dautenhahn, N.: MicroStache: a lightweight execution context for in-process safe region isolation. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 359\u2013379. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_17"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Monshizadeh, M., Naldurg, P., Venkatakrishnan, V.: MACE: detecting privilege escalation vulnerabilities in web applications. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 690\u2013701. ACM (2014)","DOI":"10.1145\/2660267.2660337"},{"issue":"6","key":"1_CR18","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1145\/1543135.1542504","volume":"44","author":"S Nagarakatte","year":"2009","unstructured":"Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. ACM SIGPLAN Not. 44(6), 245\u2013258 (2009)","journal-title":"ACM SIGPLAN Not."},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Niu, B., Tan, G.: Modular control-flow integrity. In: ACM SIGPLAN Notices, vol. 49, pp. 577\u2013587. ACM (2014)","DOI":"10.1145\/2666356.2594295"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Peng, H., Shoshitaishvili, Y., Payer, M.: T-FUZZ: fuzzing by program transformation. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 697\u2013710. IEEE (2018)","DOI":"10.1109\/SP.2018.00056"},{"issue":"6","key":"1_CR21","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1145\/1543135.1542506","volume":"44","author":"Cindy Rubio-Gonz\u00e1lez","year":"2009","unstructured":"Rubio-Gonz\u00e1lez, C., Gunawi, H.S., Liblit, B., Arpaci-Dusseau, R.H., Arpaci-Dusseau, A.C.: Error propagation analysis for file systems. In: ACM SIGPLAN Notices, vol. 44, pp. 270\u2013280. ACM (2009)","journal-title":"ACM SIGPLAN Notices"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Saha, S., Lozi, J.P., Thomas, G., Lawall, J.L., Muller, G.: Hector: detecting resource-release omission faults in error-handling code for systems software. In: 2013 43rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1\u201312. IEEE (2013)","DOI":"10.1109\/DSN.2013.6575307"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Schwarz, M., et al.: Automated detection, exploitation, and elimination of double-fetch bugs using modern CPU features. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 587\u2013600. ACM (2018)","DOI":"10.1145\/3196494.3196508"},{"key":"1_CR24","unstructured":"Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. Presented as part of the 2012 USENIX Annual Technical Conference (USENIX ATC 2012), pp. 309\u2013318 (2012)"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"Situ, L., Wang, L., Liu, Y., Mao, B., Li, X.: Vanguard: detecting missing checks for prognosing potential vulnerabilities. In: Proceedings of the Tenth Asia-Pacific Symposium on Internetware, p. 5. ACM (2018)","DOI":"10.1145\/3275219.3275225"},{"issue":"10","key":"1_CR26","doi-asserted-by":"publisher","first-page":"1069","DOI":"10.1145\/2076021.2048146","volume":"46","author":"Sooel Son","year":"2011","unstructured":"Son, S., McKinley, K.S., Shmatikov, V.: RoleCast: finding missing security checks when you do not know what checks are. In: ACM SIGPLAN Notices, vol. 46, pp. 1069\u20131084. ACM (2011)","journal-title":"ACM SIGPLAN Notices"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Song, C., Lee, B., Lu, K., Harris, W., Kim, T., Lee, W.: Enforcing kernel security invariants with data flow integrity. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23218"},{"key":"1_CR28","unstructured":"Tan, L., Zhang, X., Ma, X., Xiong, W., Zhou, Y.: AutoISES: automatically inferring security specification and detecting violations. In: USENIX Security Symposium, pp. 379\u2013394 (2008)"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Tian, Y., Ray, B.: Automatically diagnosing and repairing error handling bugs in C. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, pp. 752\u2013762. ACM (2017)","DOI":"10.1145\/3106237.3106300"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Van Der Veen, V., et al.: A tough call: mitigating advanced code-reuse attacks at the binary level. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 934\u2013953. IEEE (2016)","DOI":"10.1109\/SP.2016.60"},{"key":"1_CR31","unstructured":"Wang, P., Krinke, J., Lu, K., Li, G., Dodier-Lazaro, S.: How double-fetch situations turn into double-fetch vulnerabilities: a study of double fetches in the Linux kernel. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1\u201316 (2017)"},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"Wang, W., Lu, K., Yew, P.C.: Check it again: detecting lacking-recheck bugs in OS kernels. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1899\u20131913. ACM (2018)","DOI":"10.1145\/3243734.3243844"},{"key":"1_CR33","unstructured":"Wikibooks: C Programming\/Program flow control (2017). https:\/\/en.wikibooks.org\/wiki\/C_Programming\/Program_flow_control"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"Xu, M., Qian, C., Lu, K., Backes, M., Kim, T.: Precise and scalable detection of double-fetch bugs in OS kernels. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 661\u2013678. IEEE (2018)","DOI":"10.1109\/SP.2018.00017"},{"key":"1_CR35","doi-asserted-by":"crossref","unstructured":"Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discovery. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 499\u2013510. ACM (2013)","DOI":"10.1145\/2508859.2516665"},{"key":"1_CR36","doi-asserted-by":"crossref","unstructured":"Yee, B., et al.: Native client: a sandbox for portable, untrusted x86 native code. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 79\u201393. IEEE (2009)","DOI":"10.1109\/SP.2009.25"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2019"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-29962-0_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,15]],"date-time":"2024-09-15T00:09:49Z","timestamp":1726358989000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-29962-0_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030299613","9783030299620"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-29962-0_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"15 September 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/conf.laas.fr\/esorics\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"344","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"67","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}