{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T16:54:08Z","timestamp":1770224048429,"version":"3.49.0"},"reference-count":46,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1109\/sp46214.2022.9833613","type":"proceedings-article","created":{"date-parts":[[2022,7,27]],"date-time":"2022-07-27T19:28:05Z","timestamp":1658950085000},"page":"2096-2113","source":"Crossref","is-referenced-by-count":13,"title":["Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis"],"prefix":"10.1109","author":[{"given":"Yunlong","family":"Lyu","sequence":"first","affiliation":[{"name":"University of Science and Technology of China"}]},{"given":"Yi","family":"Fang","sequence":"additional","affiliation":[{"name":"Feiyu Security"}]},{"given":"Yiwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"G.O.S.S.I.P, Shanghai Jiao Tong University"}]},{"given":"Qibin","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Science and Technology of China"}]},{"given":"Siqi","family":"Ma","sequence":"additional","affiliation":[{"name":"The University of New South Wales"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Kangjie","family":"Lu","sequence":"additional","affiliation":[{"name":"University of Minnesota"}]},{"given":"Juanru","family":"Li","sequence":"additional","affiliation":[{"name":"Feiyu Security"}]}],"member":"263","reference":[{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243844"},{"key":"ref35","article-title":"Klee: unassisted and automatic generation of high-coverage tests for complex systems programs","author":"cadar","year":"2008","journal-title":"OSDI"},{"key":"ref12","article-title":"PeX: A permission check analysis framework for linux kernel","author":"zhang","year":"2019","journal-title":"28th USENIX Security Symposium (USENIX Security 19)"},{"key":"ref34","article-title":"Symbolic execution with SymCC: Don&#x2019;t interpret, compile!","author":"poeplau","year":"2020","journal-title":"29th USENIX Security Symposium ( USENIX Security 20)"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P16-1162"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368118"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P18-1007"},{"key":"ref36","doi-asserted-by":"crossref","DOI":"10.1145\/2345156.2254088","article-title":"Efficient state merging in symbolic execution","author":"kuznetsov","year":"2012","journal-title":"ACM SIGPLAN Notices"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"ref30","article-title":"Sys: A Static\/Symbolic Tool for Finding Good Bugs in Good (Browser) Code","author":"brown","year":"2020","journal-title":"29th USENIX Security Symposium (USENIX Security 20)"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2014.10"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2110356.2110358"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2015.7095788"},{"key":"ref32","article-title":"{QSYM}: A practical concolic execution engine tailored for hybrid fuzzing","author":"yun","year":"2018","journal-title":"27th USENIX Security Symposium ( USENIX Security 18)"},{"key":"ref2","article-title":"Lessons from Building Static Analysis Tools at Google","year":"2021"},{"key":"ref1","article-title":"Linux Kernel Security Done Right","year":"2021"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1142\/S0218001493000339"},{"key":"ref39","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2018.23326","article-title":"K-Miner: Uncovering Memory Corruption in Linux","author":"gens","year":"2018","journal-title":"the Symposium on Network and Distributed System Security NDSS-95"},{"key":"ref16","article-title":"StackExchange archive site","year":"2021"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568293"},{"key":"ref19","article-title":"Linux memory management APIs","year":"2021"},{"key":"ref18","article-title":"Attention is all you need","author":"vaswani","year":"2017","journal-title":"Advances in Neural IInformation Processing Systems"},{"key":"ref24","article-title":"CodeChecker: A static analysis infrastructure built on the LLVM\/Clang Static Analyzer toolchain","year":"2021"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2014.66"},{"key":"ref23","article-title":"Range based constraint manager","year":"2021"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00082"},{"key":"ref26","article-title":"Poster: Implementation and evaluation of cross translation unit symbolic execution for c family languages","author":"horv\u00e1th","year":"2018","journal-title":"2018 IEEE\/ACM 40th International Conference on Software Engineering Companion (ICSE-Companion)"},{"key":"ref25","article-title":"Cross Translation Unit (CTU) Analysis","year":"2021"},{"key":"ref20","article-title":"GNU libc","year":"2021"},{"key":"ref42","article-title":"Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers","author":"bai","year":"2019","journal-title":"2019 USENIX Annual Technical Conference (USENIX ATC 19)"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180178"},{"key":"ref22","article-title":"MallocChecker","year":"2021"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2014.67"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2009.5270354"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-16558-0_44"},{"key":"ref27","article-title":"Clang: a C language family frontend for LLVM","year":"2021"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00017"},{"key":"ref8","article-title":"Clang Static Analyzer","year":"2021"},{"key":"ref7","article-title":"Understanding and Detecting Disordered Error Handling with Precise Function Pairing","author":"wu","year":"2021","journal-title":"30th USENIX Security Symposium (USENIX Security 21)"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2013.6671277"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23039"},{"key":"ref3","article-title":"NLPEYE: Detecting Memory Corruptions via Semantic-aware Memory Operation Function Identification","author":"wang","year":"2019","journal-title":"22nd International Symposium on Research in Attacks Intrusions and Defenses (RAID 2019)"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24416"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409678"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134620"}],"event":{"name":"2022 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2022,5,22]]},"end":{"date-parts":[[2022,5,26]]}},"container-title":["2022 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9833550\/9833558\/09833613.pdf?arnumber=9833613","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T23:14:33Z","timestamp":1699485273000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9833613\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":46,"URL":"https:\/\/doi.org\/10.1109\/sp46214.2022.9833613","relation":{},"subject":[],"published":{"date-parts":[[2022,5]]}}}