{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:29:45Z","timestamp":1766449785453,"version":"3.37.3"},"reference-count":42,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100007085","name":"National University of Defense Technology Research Project","doi-asserted-by":"publisher","award":["ZK20-17","ZK20-09"],"award-info":[{"award-number":["ZK20-17","ZK20-09"]}],"id":[{"id":"10.13039\/501100007085","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation China","doi-asserted-by":"publisher","award":["62272472","61902412"],"award-info":[{"award-number":["62272472","61902412"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004735","name":"Hunan Province Natural Science Foundation","doi-asserted-by":"publisher","award":["2021JJ40692"],"award-info":[{"award-number":["2021JJ40692"]}],"id":[{"id":"10.13039\/501100004735","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2023]]},"DOI":"10.1109\/tifs.2022.3226906","type":"journal-article","created":{"date-parts":[[2022,12,5]],"date-time":"2022-12-05T22:30:54Z","timestamp":1670279454000},"page":"533-548","source":"Crossref","is-referenced-by-count":9,"title":["From Release to Rebirth: Exploiting Thanos Objects in Linux Kernel"],"prefix":"10.1109","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5375-7598","authenticated-orcid":false,"given":"Danjun","family":"Liu","sequence":"first","affiliation":[{"name":"School of Computer Science, National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3408-4153","authenticated-orcid":false,"given":"Pengfei","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Computer Science, National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0075-5003","authenticated-orcid":false,"given":"Xu","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Computer Science, National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei","family":"Xie","sequence":"additional","affiliation":[{"name":"School of Computer Science, National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gen","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science, National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7818-4987","authenticated-orcid":false,"given":"Zhenhao","family":"Luo","sequence":"additional","affiliation":[{"name":"School of Computer Science, National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7276-8735","authenticated-orcid":false,"given":"Tai","family":"Yue","sequence":"additional","affiliation":[{"name":"School of Computer Science, National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Baosheng","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Computer Science, National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813637"},{"key":"ref38","first-page":"781","article-title":"Fuze: Towards facilitating exploit generation for kernel use-after-free vulnerabilities","author":"wu","year":"2018","journal-title":"Proc 27th USENIX Secur Symp (USENIX Secur )"},{"journal-title":"WannaCry ransomware attack","year":"2017","key":"ref33"},{"journal-title":"Kasan Slab-Out-of-Bounds Write in Xfrm_Attr_Cpy32","year":"2021","key":"ref32"},{"journal-title":"Kasan Slab-Out-of-Bounds Write in Hiddev_Ioctl_ Usage","year":"2020","key":"ref31"},{"journal-title":"Kasan Use-After-Free Write in Dst_Release","year":"2018","key":"ref30"},{"key":"ref37","first-page":"1187","article-title":"Kepler: Facilitating control-flow hijacking primitive evaluation for Linux kernel vulnerabilities","volume":"2019","author":"wu","year":"0","journal-title":"Proc 28th USENIX Secur Symp (USENIX Secur )"},{"journal-title":"Return-oriented Programming","year":"2022","key":"ref36"},{"journal-title":"Executable Space Protection","year":"2022","key":"ref35"},{"journal-title":"Supervisor Mode Access Prevention","year":"2021","key":"ref34"},{"journal-title":"Linux Vulnerability Statistics","year":"2022","author":"details","key":"ref10"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134085"},{"journal-title":"Syzbot Google Continuously Fuzzing the Linux Kernel","year":"2018","key":"ref11"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978356"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978321"},{"journal-title":"Smep What is it and How to Beat it on Windows","year":"2011","author":"jurczyk","key":"ref14"},{"key":"ref15","first-page":"957","article-title":"ret2dir: Rethinking kernel isolation","author":"kemerlis","year":"2014","journal-title":"Proc 23rd USENIX Secur Symp (USENIX Secur )"},{"key":"ref16","first-page":"459","article-title":"kGuard: Lightweight kernel protection against return-to-user attacks","author":"kemerlis","year":"2012","journal-title":"Proc 21st USENIX Secur Symp (USENIX Secur )"},{"journal-title":"Exploiting the Linux Kernel via Packet Sockets","year":"2017","author":"konovalov","key":"ref17"},{"key":"ref18","first-page":"2363","article-title":"Exprace: Exploiting kernel races through raising interrupts","author":"lee","year":"2021","journal-title":"Proc 30th USENIX Secur Symp (USENIX Secur )"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833683"},{"journal-title":"Kasan Slab-Out-of-Bounds Write in Crypto_Dh_Enc ode_Key","year":"2018","key":"ref28"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423353"},{"journal-title":"Kasan Use-After-Free Read in MPI_Free","year":"2017","key":"ref27"},{"key":"ref3","first-page":"1093","article-title":"Koobe: Towards facilitating exploit generation of kernel out-of-bounds write vulnerabilities","author":"chen","year":"2020","journal-title":"Proc 29th USENIX Secur Symp (USENIX Secur )"},{"key":"ref6","first-page":"1","article-title":"Exploiting uses of uninitialized stack variables in Linux kernels to leak kernel pointers","author":"cho","year":"2020","journal-title":"Proc 14th USENIX Workshop Offensive Technol (WOOT)"},{"journal-title":"Kasan Slab-Out-of-Bounds Write in Sha512_Final","year":"2018","key":"ref29"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"journal-title":"A Page-Table Isolation Update","year":"2018","author":"corbet","key":"ref8"},{"journal-title":"Security Things in Linux v4 13","year":"2017","author":"cook","key":"ref7"},{"journal-title":"Architecture Reference Manual","year":"2012","key":"ref2"},{"journal-title":"Common Vulnerability and Exposures","year":"2021","author":"corporation","key":"ref9"},{"journal-title":"Major Attacks Using Log4J Vulnerability &#x2019;Lower Than Expected","year":"2017","author":"alspach","key":"ref1"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23387"},{"key":"ref21","first-page":"1769","article-title":"Detecting missing-check bugs via semantic-and context-aware criticalness and constraints inferences","author":"lu","year":"2019","journal-title":"Proc 28th USENIX Secur Symp (USENIX Secur )"},{"key":"ref42","article-title":"SyzScope: Revealing high-risk security impacts of fuzzer-exposed bugs in Linux kernel","author":"zou","year":"2021","journal-title":"arXiv 2111 06002"},{"journal-title":"CVE-2021&#x2013;22555 Turning 00 00 into 10000$","year":"2021","author":"nguyen","key":"ref24"},{"key":"ref41","first-page":"71","article-title":"Playing for K(H)eaps: Understanding and improving Linux kernel exploit reliability","author":"zeng","year":"2022","journal-title":"Proc 31st USENIX Secur Symp (USENIX Secur )"},{"journal-title":"Kernel Address Space Layout Randomization","year":"2013","key":"ref23"},{"journal-title":"Pax The guaranteed end of arbitrary code execution","year":"2022","author":"spengler","key":"ref26"},{"journal-title":"Homepage of the PaX Team","year":"2013","key":"ref25"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/9970396\/09970376.pdf?arnumber=9970376","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,16]],"date-time":"2023-01-16T19:08:50Z","timestamp":1673896130000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9970376\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"references-count":42,"URL":"https:\/\/doi.org\/10.1109\/tifs.2022.3226906","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2023]]}}}