{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,18]],"date-time":"2026-02-18T22:59:52Z","timestamp":1771455592709,"version":"3.50.1"},"reference-count":53,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"2020 IBM Ph.D. Fellowship"},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62102154"],"award-info":[{"award-number":["62102154"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,1]]},"DOI":"10.1109\/tdsc.2023.3246170","type":"journal-article","created":{"date-parts":[[2023,2,17]],"date-time":"2023-02-17T21:09:01Z","timestamp":1676668141000},"page":"93-109","source":"Crossref","is-referenced-by-count":4,"title":["Towards Unveiling Exploitation Potential With Multiple Error Behaviors for Kernel Bugs"],"prefix":"10.1109","volume":"21","author":[{"given":"Ziqin","family":"Liu","sequence":"first","affiliation":[{"name":"Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhenpeng","family":"Lin","sequence":"additional","affiliation":[{"name":"College of Information Sciences and Technology, The Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yueqi","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Information Sciences and Technology, The Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuhang","family":"Wu","sequence":"additional","affiliation":[{"name":"College of Information Sciences and Technology, The Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yalong","family":"Zou","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8042-8928","authenticated-orcid":false,"given":"Dongliang","family":"Mu","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinyu","family":"Xing","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Northwestern University, Evanston, IL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833683"},{"key":"ref2","article-title":"!exploitable crash analyzer version 1.6","author":"Team","year":"2013"},{"key":"ref3","article-title":"Bugid - Automated bug analysis","author":"Wever","year":"2017"},{"key":"ref4","article-title":"In memory safety, the soundness of attacks is what matters","author":"Vanegue","year":"2020"},{"key":"ref5","article-title":"Syzkaller","author":"Vyukov","year":"2020"},{"key":"ref6","first-page":"167","article-title":"kAFL: Hardware-assisted feedback fuzzing for OS kernels","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Schumilo"},{"key":"ref7","article-title":"AURORA: Statistical crash analysis for automated root cause explanation","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Blazytko"},{"key":"ref8","article-title":"syzbot","year":"2020"},{"key":"ref9","article-title":"KernelAddressSanitizer, a fast memory error detector for the linux kernel","year":"2020"},{"key":"ref10","article-title":"Submitting patches: The essential guide to getting your code into the kernel","author":"Kernel","year":"2021"},{"key":"ref11","article-title":"Crash type in clusterfuzz","year":"2019"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2642990"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23421"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23218"},{"key":"ref15","first-page":"957","article-title":"Ret2dir: Rethinking kernel isolation","volume-title":"Proc. 23rd USENIX Conf. Secur. Symp.","author":"Kemerlis"},{"key":"ref16","first-page":"781","article-title":"FUZE: Towards facilitating exploit generation for kernel use-after-free vulnerabilities","volume-title":"Proc. 27th USENIX Conf. Secur. Symp.","author":"Wu"},{"key":"ref17","first-page":"1187","article-title":"KEPLER: Facilitating control-flow hijacking primitive evaluation for linux kernel vulnerabilities","volume-title":"Proc. 28th USENIX Conf. Secur. Symp.","author":"Wu"},{"key":"ref18","article-title":"KOOBE: Towards facilitating exploit generation of kernel out-of-bounds write vulnerabilities","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Chen"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23183"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417240"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423353"},{"key":"ref24","article-title":"Automatic hot patch generation for android kernels","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Xu"},{"key":"ref25","article-title":"general protection fault in hrtimer_active","year":"2017"},{"key":"ref26","article-title":"Kasan: Use-after-free read in free_netdev","year":"2017"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24018"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00017"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483549"},{"key":"ref30","article-title":"MUZZ: Thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs","volume-title":"Proc. 29th USENIX Conf. Secur. Symp.","author":"Chen"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/S0169-7552(98)00110-X"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423353"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-25465-X_7"},{"key":"ref36","first-page":"729","article-title":"MoonShine: Optimizing OS fuzzer seed selection with trace distillation","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Pailoor"},{"key":"ref37","article-title":"WARNING: Refcount bug in crypto_mod_get","year":"2020"},{"key":"ref38","article-title":"WARNING: Refcount bug in nr_insert_socket","year":"2019"},{"key":"ref39","article-title":"general protection fault in delayed_uprobe_remove","year":"2019"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"ref42","first-page":"919","article-title":"Understanding the reproducibility of crowd-reported security vulnerabilities","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Mu"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134103"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134069"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23176"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00078"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134085"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813637"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23387"},{"key":"ref51","article-title":"Exploiting uses of uninitialized stack variables in linux kernels to leak kernel pointers","volume-title":"Proc. 14th USENIX Workshop Offensive Technol.","author":"Cho"},{"key":"ref52","first-page":"957","article-title":"ret2dir: Rethinking kernel isolation","volume-title":"Proc. 23rd USENIX Secur. Symp.","author":"Kemerlis"},{"key":"ref53","first-page":"1187","article-title":"KEPLER: Facilitating control-flow hijacking primitive evaluation for linux kernel vulnerabilities","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Wu"},{"key":"ref54","first-page":"781","article-title":"FUZE: Towards facilitating exploit generation for kernel use-after-free vulnerabilities","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Wu"},{"key":"ref55","article-title":"KOOBE: Towards facilitating exploit generation of kernel out-of-bounds write vulnerabilities","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Chen"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10400751\/10048506.pdf?arnumber=10048506","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,18]],"date-time":"2024-01-18T01:43:07Z","timestamp":1705542187000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10048506\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1]]},"references-count":53,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3246170","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1]]}}}