{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T14:02:16Z","timestamp":1769004136717,"version":"3.49.0"},"reference-count":53,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key R&#x0026;D Program of China","award":["2022YFE0113200"],"award-info":[{"award-number":["2022YFE0113200"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U21A20464"],"award-info":[{"award-number":["U21A20464"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,1]]},"DOI":"10.1109\/tdsc.2025.3616496","type":"journal-article","created":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T17:42:02Z","timestamp":1759340522000},"page":"1360-1372","source":"Crossref","is-referenced-by-count":0,"title":["Minoris: Practical Out-of-Emulator Kernel Module Fuzzing"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-7837-5090","authenticated-orcid":false,"given":"Yangxi","family":"Xiang","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}]},{"given":"Feng","family":"Wang","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-2321-4910","authenticated-orcid":false,"given":"Yuan","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5865-6227","authenticated-orcid":false,"given":"Qiang","family":"Liu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1100-8633","authenticated-orcid":false,"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"}]},{"given":"Jiashui","family":"Wang","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1675-5283","authenticated-orcid":false,"given":"Lei","family":"Wu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}]},{"given":"Chaoyuan","family":"Chen","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7610-4736","authenticated-orcid":false,"given":"Yajin","family":"Zhou","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}]}],"member":"263","reference":[{"key":"ref1","article-title":"CLOC: Count lines of code","author":"Danial","year":"2009"},{"key":"ref2","article-title":"SYZKaller: SYZKaller is an unsupervised coverage-guided kernel fuzzer","author":"Google","year":"2015"},{"key":"ref3","first-page":"167","article-title":"$\\lbrace${kAFL$\\rbrace$}:$\\lbrace${Hardware-Assisted$\\rbrace$}feedback fuzzing for $\\lbrace${OS$\\rbrace$} kernels","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Schumilo","year":"2017"},{"key":"ref4","article-title":"Triforce Linux syscall fuzzer","author":"Jones","year":"2017"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134069"},{"key":"ref6","first-page":"291","article-title":"Charm: Facilitating dynamic analysis of device drivers of mobile systems","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Talebi","year":"2018"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00035"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3341301.3359662"},{"key":"ref9","first-page":"2559","article-title":"USBFuzz: A framework for fuzzing $\\lbrace${USB$\\rbrace$} drivers by device emulation","volume-title":"Proc. 29th {USENIX} Secur. Symp.","author":"Peng","year":"2020"},{"key":"ref10","first-page":"489","article-title":"$\\lbrace${TCP-Fuzz$\\rbrace$}: Detecting memory and semantic bugs in $\\lbrace${TCP$\\rbrace$} stacks with fuzzing","volume-title":"Proc. 2021 USENIX Annu. Tech. Conf.","author":"Zou","year":"2021"},{"key":"ref11","first-page":"2893","article-title":"Moonshine: Distilling with cheap convolutions","volume-title":"Proc. 32nd Int. Conf. Neural Inf. Process. Syst.","author":"Crowley","year":"2018"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24018"},{"key":"ref13","first-page":"689","article-title":"$\\lbrace${CAB-Fuzz$\\rbrace$}: Practical concolic testing techniques for $\\lbrace${COTS$\\rbrace$} operating systems","volume-title":"Proc. 2017 USENIX Annu. Tech. Conf.","author":"Kim","year":"2017"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24345"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00017"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00078"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23387"},{"key":"ref18","first-page":"781","article-title":"$\\lbrace${FUZE$\\rbrace$}: Towards facilitating exploit generation for kernel $\\lbrace${Use-After-Free$\\rbrace$} vulnerabilities","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Wu","year":"2018"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"key":"ref20","first-page":"1093","article-title":"$\\lbrace${KOOBE$\\rbrace$}: Towards facilitating exploit generation of kernel $\\lbrace${Out-of-Bounds$\\rbrace$} write vulnerabilities","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Chen","year":"2020"},{"key":"ref21","first-page":"3201","article-title":"SYZScope: Revealing high-risk security impacts of fuzzer-exposed bugs in Linux kernel","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Zou","year":"2022"},{"key":"ref22","article-title":"Trinity: Linux system call fuzzer","author":"Jones","year":"2011"},{"key":"ref23","first-page":"2541","article-title":"Agamotto: Accelerating kernel driver fuzzing with lightweight virtual machine checkpoints","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Song","year":"2020"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00094"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23176"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534226"},{"key":"ref27","first-page":"10","article-title":"QEMU, a fast and portable dynamic translator","volume-title":"Proc. USENIX Annu. Tech. Conf., FREENIX Track","volume":"41","author":"Bellard","year":"2005"},{"key":"ref28","first-page":"309","article-title":"$\\lbrace${AddressSanitizer$\\rbrace$}: A fast address sanity checker","volume-title":"Proc. 2012 USENIX Annu. Tech. Conf.","author":"Serebryany","year":"2012"},{"key":"ref29","first-page":"181","article-title":"Symbolic execution with $\\lbrace${SymCC$\\rbrace$}: Don\u2019t interpret, compile!","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Poeplau","year":"2020"},{"key":"ref30","article-title":"LibTooling - LibTooling is a library to support writing standalone tools based on clang","author":"Developers","year":"2024"},{"key":"ref31","article-title":"LibProtobuf-Mutator: Library for structured fuzzing with protobuffers","author":"Google","year":"2022"},{"key":"ref32","first-page":"328","article-title":"LKL: The Linux kernel library","volume-title":"Proc. 9th RoEduNet IEEE Int. Conf.","author":"Purdila","year":"2010"},{"key":"ref33","article-title":"LibNVME: C library for NVM express on Linux","author":"Belanger","year":"2024"},{"key":"ref34","article-title":"LibFuzzer - Library for coverage-guided fuzz testing","author":"Serebryany","year":"2024"},{"key":"ref35","article-title":"American fuzzy lop","author":"Zalewski","year":"2020"},{"key":"ref36","article-title":"HonggFuzz","author":"Swiecki","year":"2022"},{"key":"ref37","volume-title":"OSS-Fuzz - Google\u2019s Continuous Fuzzing Service for Open Source Software","author":"Serebryany","year":"2017"},{"key":"ref38","article-title":"Open sourcing clusterfuzz","author":"Arya","year":"2019"},{"key":"ref39","article-title":"OneFuzz: A self-hosted fuzzing-as-a-service platform","year":"2023"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3512345"},{"key":"ref41","article-title":"Clang 19 documentation - Sanitizercoverage","author":"Developers","year":"2024"},{"key":"ref42","first-page":"2289","article-title":"$\\lbrace${ParmeSan$\\rbrace$}: Sanitizer-guided greybox fuzzing","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"\u00d6sterlund","year":"2020"},{"key":"ref43","first-page":"363","article-title":"$\\lbrace${APISan$\\rbrace$}: Sanitizing $\\lbrace${API$\\rbrace$} usages through semantic $\\lbrace${Cross-Checking$\\rbrace$}","volume-title":"Proc. 25th USENIX Secur. Symp.","author":"Yun","year":"2016"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/1791194.1791203"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24296"},{"key":"ref46","article-title":"UBSAN: Undefinedbehaviorsanitizer is a fast undefined behavior detector","author":"Developers","year":"2024"},{"key":"ref47","first-page":"209","article-title":"KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs","volume-title":"Proc. 8th USENIX Symp. Operating Syst. Des. Implementation","author":"Cadar","year":"2008"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"ref49","first-page":"745","article-title":"$\\lbrace${QSYM$\\rbrace$}: A practical concolic execution engine tailored for hybrid fuzzing","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Yun","year":"2018"},{"key":"ref50","first-page":"2531","article-title":"$\\lbrace${SYMSAN$\\rbrace$}: Time and space efficient concolic execution via dynamic data-flow analysis","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Chen","year":"2022"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2022.105860"},{"key":"ref52","first-page":"279","article-title":"{SymDrive}: Testing drivers without devices","volume-title":"Proc. 10th USENIX Symp. Operating Syst. Des. Implementation","author":"Renzelmann","year":"2012"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2013.44"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11354469\/11186228.pdf?arnumber=11186228","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T23:23:25Z","timestamp":1768951405000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11186228\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1]]},"references-count":53,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3616496","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1]]}}}