{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T05:32:40Z","timestamp":1743053560089,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":52,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789811952081"},{"type":"electronic","value":"9789811952098"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-981-19-5209-8_19","type":"book-chapter","created":{"date-parts":[[2022,8,9]],"date-time":"2022-08-09T23:03:17Z","timestamp":1660086197000},"page":"272-297","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Survey of Detection Methods for Software Use-After-Free Vulnerability"],"prefix":"10.1007","author":[{"given":"Faming","family":"Lu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mengfan","family":"Tang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunxia","family":"Bao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaoyu","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,8,10]]},"reference":[{"key":"19_CR1","doi-asserted-by":"crossref","unstructured":"Ainsworth, S., Jones, T. M.: MarkUs: drop-in use-after-free prevention for low-level languages. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 578\u2013591. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00058"},{"key":"19_CR2","unstructured":"Allen, F.E.: Interprocedural data flow analysis. In: The 6th IFIP Congress 1974, pp. 398\u2013402. North-Holland (1974)"},{"issue":"5","key":"19_CR3","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MS.2008.130","volume":"25","author":"N Ayewah","year":"2008","unstructured":"Ayewah, N., Hovemeyer, D., Morgenthaler, J., et al.: Using static analysis to find bugs. IEEE Softw. 25(5), 22\u201329 (2008)","journal-title":"IEEE Softw."},{"key":"19_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/978-3-540-24723-4_2","volume-title":"Compiler Construction","author":"G Balakrishnan","year":"2004","unstructured":"Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5\u201323. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24723-4_2"},{"key":"19_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"202","DOI":"10.1007\/978-3-540-69149-5_22","volume-title":"Verified Software: Theories, Tools, Experiments","author":"G Balakrishnan","year":"2008","unstructured":"Balakrishnan, G., Reps, T., Melski, D., Teitelbaum, T.: WYSINWYX: what you see is not what you execute. In: Meyer, B., Woodcock, J. (eds.) VSTTE 2005. LNCS, vol. 4171, pp. 202\u2013213. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-69149-5_22"},{"key":"19_CR6","doi-asserted-by":"crossref","unstructured":"Bernhard, L., Rodler, M., Holz, T., & Davi, L.: Xtag: mitigating use-after-free vulnerabilities via software-based pointer tagging on intel x86-64. arXiv e-prints (2022)","DOI":"10.1109\/EuroSP53844.2022.00038"},{"key":"19_CR7","doi-asserted-by":"crossref","unstructured":"Caballero, J., Grieco, G., Marron, M., et al.: Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities. In: The 2012 International Symposium on Software Testing and Analysis, pp. 133\u2013143. ACM (2012)","DOI":"10.1145\/2338965.2336769"},{"key":"19_CR8","unstructured":"Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Usenix Conference on Operating Systems Design & Implementation, pp. 209\u2013224. USENIX Association (2009)"},{"key":"19_CR9","doi-asserted-by":"crossref","unstructured":"Cadar, C., Ganesh, V., Pawlowski, P. M., et al.: EXE: automatically generating inputs of death. In: ACM Conference on Computer & Communications Security, pp. 322\u2013335. ACM (2006)","DOI":"10.1145\/1180405.1180445"},{"issue":"2","key":"19_CR10","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1145\/2408776.2408795","volume":"56","author":"C Cadar","year":"2013","unstructured":"Cadar, C., Sen, K., et al.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82\u201390 (2013)","journal-title":"Commun. ACM"},{"key":"19_CR11","unstructured":"Cesare, S.: Bugalyze.com - detecting bugs using decompilation and data flow analysis"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Cheng, W., Zhao, Q., Yu, B., et al.: TainTrace: efficient flow tracing with dynamic binary rewriting. In: The 11th IEEE Symposium on Computers and Communications, ISCC 2006, pp. 749\u2013754. IEEE (2006)","DOI":"10.1109\/ISCC.2006.158"},{"issue":"6","key":"19_CR13","doi-asserted-by":"publisher","first-page":"480","DOI":"10.1145\/1273442.1250789","volume":"42","author":"S Cherem","year":"2007","unstructured":"Cherem, S., Princehouse, L., Rugina, R.: Practical memory leak detection using guarded value-flow analysis. ACM SIGPLAN Not. 42(6), 480\u2013491 (2007)","journal-title":"ACM SIGPLAN Not."},{"key":"19_CR14","doi-asserted-by":"crossref","unstructured":"Costa, M., Crowcroft, J., Castro, M., et al.: Vigilante: end-to-end containment of Internet worms. In: The 20th ACM Symposium on Operating Systems Principles 2005, pp. 133\u2013147. ACM (2005)","DOI":"10.1145\/1095809.1095824"},{"key":"19_CR15","unstructured":"Common vulnerabilities and exposures. https:\/\/cve.mitre.org\/index.html"},{"key":"19_CR16","unstructured":"Dullien, T., Porst, S.: REIL: a platform-independent intermediate representation of disassembled code for static code analysis. CanSecWest (2009)"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: The 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 85\u201396. ACM (2004)","DOI":"10.1145\/1037187.1024404"},{"key":"19_CR18","doi-asserted-by":"crossref","unstructured":"Feist, J., Mounier, L., Bardin, S., et al.: Finding the needle in the heap: combining static analysis and dynamic symbolic execution to trigger use-after-free. In: The 6th Workshop on Software Security, Protection, and Reverse Engineering, pp. 1\u201312. ACM (2016)","DOI":"10.1145\/3015135.3015137"},{"issue":"3","key":"19_CR19","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/s11416-014-0203-1","volume":"10","author":"J Feist","year":"2014","unstructured":"Feist, J., Mounier, L., Potet, M.-L.: Statically detecting use after free on binary code. J. Comput. Virol. Hacking Tech. 10(3), 211\u2013217 (2014)","journal-title":"J. Comput. Virol. Hacking Tech."},{"issue":"3","key":"19_CR20","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1145\/2090147.2094081","volume":"10","author":"P Godefroid","year":"2012","unstructured":"Godefroid, P., Levin, M.Y., Molnar, D.A.: SAGE: whitebox fuzzing for security testing. Queue 10(3), 20 (2012)","journal-title":"Queue"},{"key":"19_CR21","unstructured":"Gui, B., Song, W., Xiong, H., et al.: Automated use-after-free detection and exploit mitigation: how far have we gone. IEEE Trans. Softw. Eng. (2012)"},{"key":"19_CR22","unstructured":"Hastings, R., Joyce, B.: Purify: fast detection of memory leaks and access errors. In: Proceedings of the Winter 1992 USENIX Conference, pp. 125\u2013136. USENIX Association (1991)"},{"issue":"10","key":"19_CR23","first-page":"1022","volume":"57","author":"X Han","year":"2017","unstructured":"Han, X., Wei, S., Ye, J., et al.: Detect use-after-free vulnerabilities in binaries. Qinghua Daxue Xuebao\/J. Tsinghua Univ. 57(10), 1022\u20131029 (2017)","journal-title":"Qinghua Daxue Xuebao\/J. Tsinghua Univ."},{"issue":"4","key":"19_CR24","doi-asserted-by":"publisher","first-page":"848","DOI":"10.1145\/325478.325519","volume":"21","author":"M Hind","year":"1999","unstructured":"Hind, M., Burke, M., Carini, P., Choi, J.-D.: Interprocedural pointer alias analysis. ACM Trans. Program. Lang. Syst. 21(4), 848\u2013894 (1999)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"19_CR25","doi-asserted-by":"crossref","unstructured":"Huang, J.: UFO: predictive concurrency use-after-free detection. In: 2018 IEEE\/ACM 40th International Conference on Software Engineering (ICSE), pp. 609\u2013619. IEEE Computer Society (2018)","DOI":"10.1145\/3180155.3180225"},{"key":"19_CR26","doi-asserted-by":"crossref","unstructured":"Ye, J., Zhang, C., Han, X.: Poster: UAFchecker: scalable static detection of use-after-free vulnerabilities. In: The 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1529\u20131531. ACM (2014)","DOI":"10.1145\/2660267.2662394"},{"key":"19_CR27","unstructured":"Kouwe, E.V.D., Nigade, V., Giuffrida, C.: DangSan: scalable use-after-free detection. In: 12th European Conference on Computer Systems. ACM (2017)"},{"key":"19_CR28","doi-asserted-by":"crossref","unstructured":"Lee, B., Song, C., Jang, Y., et al.: Preventing use-after-free with dangling pointers nullification. In: Network & Distributed System Security Symposium, Internet Society (2015)","DOI":"10.14722\/ndss.2015.23238"},{"key":"19_CR29","doi-asserted-by":"crossref","unstructured":"Liu, D., Zhang, M., Wang, H.: A robust and efficient defense against use-after-free exploits via concurrent pointer sweeping. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1635\u20131648. ACM (2018)","DOI":"10.1145\/3243734.3243826"},{"key":"19_CR30","doi-asserted-by":"crossref","unstructured":"Liu, T., Curtsinger, C., Berger, E.D.: DoubleTake: fast and precise error detection via evidence-based dynamic analysis. In: The 38th International Conference on Software Engineering, pp. 911\u2013922. ACM (2016)","DOI":"10.1145\/2884781.2884784"},{"issue":"5","key":"19_CR31","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1145\/949952.940114","volume":"28","author":"VB Livshits","year":"2003","unstructured":"Livshits, V.B., Lam, M.S.: Tracking pointers with path and context sensitivity for bug detection in c programs. ACM SIGSOFT Softw. Eng. Notes 28(5), 317\u2013326 (2003)","journal-title":"ACM SIGSOFT Softw. Eng. Notes"},{"key":"19_CR32","unstructured":"Nguyen, M.D., Bardin, S., Bonichon, R., et al.: Binary-level directed fuzzing for use-after-free vulnerabilities. In: The 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020 (2020)"},{"key":"19_CR33","unstructured":"Nethercote, N.: Dynamic binary analysis and instrumentation. University of Cambridge (2004)"},{"issue":"6","key":"19_CR34","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1145\/1273442.1250746","volume":"42","author":"N Nethercote","year":"2007","unstructured":"Nethercote, N., Seward, J., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Not. 42(6), 89\u2013100 (2007)","journal-title":"ACM SIGPLAN Not."},{"key":"19_CR35","unstructured":"Newsome, J., Song D.X.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: 12th Annual Network and Distributed System Security Symposium, NDSS 2005 (2005)"},{"key":"19_CR36","unstructured":"Goodman, P.: Pointsto: static use-after-free detector for c\/c++. https:\/\/blog.trailofbits.com\/2016\/03\/09\/the-problem-with-dynamic-program-analysis\/"},{"key":"19_CR37","doi-asserted-by":"crossref","unstructured":"Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation (2004)","DOI":"10.1145\/1133572.1133599"},{"key":"19_CR38","volume-title":"Data Flow Analysis","author":"A Sanyal","year":"2009","unstructured":"Sanyal, A.: Data Flow Analysis, 1st edn. CRC Press, Boca Raton (2009)","edition":"1"},{"key":"19_CR39","unstructured":"Sen, K.: DART: directed automated random testing. In: The 5th International Haifa Verification Conference on Hardware and Software: Verification and Testing, pp. 213\u2013223. ACM (2009)"},{"key":"19_CR40","doi-asserted-by":"crossref","unstructured":"Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: The 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2005, pp. 263\u2013272. ACM (2005)","DOI":"10.1145\/1081706.1081750"},{"key":"19_CR41","unstructured":"Serebryany, K., Bruening, D., Potapenko, A., et al.: AddressSanitizer: a fast address sanity checker. In: Usenix Conference on Technical Conference, p. 28. USENIX Association (2012)"},{"issue":"4","key":"19_CR42","doi-asserted-by":"publisher","first-page":"693","DOI":"10.1145\/3296979.3192418","volume":"53","author":"Q Shi","year":"2018","unstructured":"Shi, Q., Xiao, X., Wu, R., et al.: Pinpoint: fast and precise sparse value flow analysis for million lines of code. ACM SIGPLAN Not. 53(4), 693\u2013706 (2018)","journal-title":"ACM SIGPLAN Not."},{"key":"19_CR43","unstructured":"Singh, B., Soni, M.: Dynamic instrumentation: US, US20110154297 A1"},{"issue":"4","key":"19_CR44","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1145\/1178625.1178628","volume":"15","author":"G Snelting","year":"2006","unstructured":"Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM Trans. Softw. Eng. Methodol. 15(4), 410\u2013457 (2006)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"19_CR45","unstructured":"The kernel address sanitizer. https:\/\/www.kernel.org\/doc\/html\/latest\/dev-tools\/kasan.html"},{"issue":"07","key":"19_CR46","first-page":"16","volume":"2012","author":"X Wang","year":"2012","unstructured":"Wang, X., Xue-Xin, L.I., Zhou, Z.P., et al.: Analysis of the software testing platform: S2E. Netinfo Secur. 2012(07), 16\u201319 (2012)","journal-title":"Netinfo Secur."},{"key":"19_CR47","doi-asserted-by":"crossref","unstructured":"Williams, N., Marre, B., Mouy, P.: On-the-fly generation of K-path tests for C functions. In: The 19th IEEE International Conference on Automated Software Engineering, pp. 290\u2013293. IEEE (2004)","DOI":"10.1109\/ASE.2004.1342749"},{"key":"19_CR48","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/978-3-030-67537-0_35","volume-title":"Collaborative Computing: Networking, Applications and Worksharing","author":"G Xu","year":"2021","unstructured":"Xu, G., et al.: Defending use-after-free via relationship between memory and pointer. In: Gao, H., Wang, X., Iqbal, M., Yin, Y., Yin, J., Gu, N. (eds.) CollaborateCom 2020. LNICSSITE, vol. 349, pp. 583\u2013597. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-67537-0_35"},{"key":"19_CR49","doi-asserted-by":"crossref","unstructured":"Yamauchi, T., Ikegami, Y., Ban, Y.: Mitigating use-after-free attacks using memory-reuse-prohibited library. IEICE Tras. Inf. Syst. E100.D(10), 2295\u20132306 (2017)","DOI":"10.1587\/transinf.2016INP0020"},{"key":"19_CR50","doi-asserted-by":"crossref","unstructured":"Younan, Y.: FreeSentry: protecting against use-after-free vulnerabilities due to dangling pointers. In: Network & Distributed System Security Symposium (2015)","DOI":"10.14722\/ndss.2015.23190"},{"issue":"04","key":"19_CR51","first-page":"273","volume":"33","author":"F Zhen","year":"2016","unstructured":"Zhen, F., Nie, S., Wang, Y., Zhi, X.: Use-after-free vulnerabilities detection scheme based on S2E. Comput. Appl. Softw. 33(04), 273\u2013276 (2016)","journal-title":"Comput. Appl. Softw."},{"key":"19_CR52","doi-asserted-by":"publisher","first-page":"78713","DOI":"10.1109\/ACCESS.2020.2990197","volume":"8","author":"K Zhu","year":"2020","unstructured":"Zhu, K., Lu, Y., Huang, H.: Scalable static detection of use-after-free vulnerabilities in binary code. IEEE Access 8, 78713\u201378725 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2990197","journal-title":"IEEE Access"}],"container-title":["Communications in Computer and Information Science","Data Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-19-5209-8_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,1]],"date-time":"2024-10-01T02:25:32Z","timestamp":1727749532000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-19-5209-8_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9789811952081","9789811952098"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-981-19-5209-8_19","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"10 August 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICPCSEE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference of Pioneering Computer Scientists, Engineers and Educators","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Chengdu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 August 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 August 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icpcsee2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"261","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"65","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}