{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T17:54:28Z","timestamp":1763747668386,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,6,16]],"date-time":"2017-06-16T00:00:00Z","timestamp":1497571200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCF-1320605, SBE-1422215, CNS-1422594, and CNS-1505664"],"award-info":[{"award-number":["CCF-1320605, SBE-1422215, CNS-1422594, and CNS-1505664"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-13-1-0421"],"award-info":[{"award-number":["W911NF-13-1-0421"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,6,16]]},"DOI":"10.1145\/3081333.3081361","type":"proceedings-article","created":{"date-parts":[[2017,6,16]],"date-time":"2017-06-16T18:24:43Z","timestamp":1497637483000},"page":"225-238","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["System Service Call-oriented Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation"],"prefix":"10.1145","author":[{"given":"Lannan","family":"Luo","sequence":"first","affiliation":[{"name":"The Pennsylvania State University, Philadelphia, USA"}]},{"given":"Qiang","family":"Zeng","sequence":"additional","affiliation":[{"name":"Temple University, Philadelphia, USA"}]},{"given":"Chen","family":"Cao","sequence":"additional","affiliation":[{"name":"SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Kai","family":"Chen","sequence":"additional","affiliation":[{"name":"SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Jian","family":"Liu","sequence":"additional","affiliation":[{"name":"SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Limin","family":"Liu","sequence":"additional","affiliation":[{"name":"SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Neng","family":"Gao","sequence":"additional","affiliation":[{"name":"SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Min","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Xinyu","family":"Xing","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University, Philadelhphia, USA"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University, Philadelhphia, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,6,16]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393666"},{"key":"e_1_3_2_1_2_1","unstructured":"App Manifest. https:\/\/developer.android.com\/guide\/topics\/manifest\/manifest-intro.html.  App Manifest. https:\/\/developer.android.com\/guide\/topics\/manifest\/manifest-intro.html."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"e_1_3_2_1_6_1","volume-title":"USENIX Security","author":"Backes M.","year":"2016","unstructured":"M. Backes , S. Bugiel , E. Derr , P. McDaniel , D. Octeau , and S. Weisgerber . On demystifying the android application framework: Re-visiting android permission specification analysis . In USENIX Security , 2016 . M. Backes, S. Bugiel, E. Derr, P. McDaniel, D. Octeau, and S. Weisgerber. On demystifying the android application framework: Re-visiting android permission specification analysis. In USENIX Security, 2016."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"e_1_3_2_1_8_1","volume-title":"OSDI","author":"Cadar C.","year":"2008","unstructured":"C. Cadar , D. Dunbar , and D. R. Engler . KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs . In OSDI , 2008 . C. Cadar, D. Dunbar, and D. R. Engler. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180445"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23140"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568286"},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Security","author":"Chen K.","year":"2015","unstructured":"K. Chen , P. Wang , Y. Lee , X. Wang , N. Zhang , H. Huang , WeiZou, and P. Liu . Finding unknown malice in 10 seconds: Mass vetting for new threats at the Google-Play scale . In USENIX Security , 2015 . K. Chen, P. Wang, Y. Lee, X. Wang, N. Zhang, H. Huang, WeiZou, and P. Liu. Finding unknown malice in 10 seconds: Mass vetting for new threats at the Google-Play scale. In USENIX Security, 2015."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294274"},{"key":"e_1_3_2_1_16_1","unstructured":"CVE-2015--6628. https:\/\/www.cvedetails.com\/cve\/CVE-2015--6628\/.  CVE-2015--6628. https:\/\/www.cvedetails.com\/cve\/CVE-2015--6628\/."},{"key":"e_1_3_2_1_17_1","unstructured":"CVE-2016--2496. https:\/\/www.cvedetails.com\/cve\/CVE-2016--2496\/.  CVE-2016--2496. https:\/\/www.cvedetails.com\/cve\/CVE-2016--2496\/."},{"key":"e_1_3_2_1_18_1","unstructured":"CVE-2016--3750. https:\/\/www.cvedetails.com\/cve\/CVE-2016--3750\/.  CVE-2016--3750. https:\/\/www.cvedetails.com\/cve\/CVE-2016--3750\/."},{"key":"e_1_3_2_1_19_1","unstructured":"CVE-2016--3759. https:\/\/www.cvedetails.com\/cve\/CVE-2016--3759\/.  CVE-2016--3759. https:\/\/www.cvedetails.com\/cve\/CVE-2016--3759\/."},{"key":"e_1_3_2_1_20_1","volume-title":"OSDI","author":"Enck W.","year":"2010","unstructured":"W. Enck , P. Gilbert , B.-G. Chun , L. P. Cox , J. Jung , P. McDaniel , and A. N. Sheth . TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones . In OSDI , 2010 . W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, 2010."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653691"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273464"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_3_2_1_25_1","volume-title":"NDSS","author":"Godefroid P.","year":"2008","unstructured":"P. Godefroid , M. Y. Levin , and D. Molnar . Automated whitebox fuzz testing . In NDSS , 2008 . P. Godefroid, M. Y. Levin, and D. Molnar. Automated whitebox fuzz testing. In NDSS, 2008."},{"key":"e_1_3_2_1_26_1","unstructured":"Google. Android Interfaces and Architecture. https:\/\/source.android.com\/devices\/.  Google. Android Interfaces and Architecture. https:\/\/source.android.com\/devices\/."},{"key":"e_1_3_2_1_27_1","unstructured":"GSON. https:\/\/sites.google.com\/site\/gson\/Home.  GSON. https:\/\/sites.google.com\/site\/gson\/Home."},{"key":"e_1_3_2_1_28_1","unstructured":"Handler. https:\/\/developer.android.com\/reference\/android\/os\/Handler.html.  Handler. https:\/\/developer.android.com\/reference\/android\/os\/Handler.html."},{"key":"e_1_3_2_1_29_1","unstructured":"HPROF Parser. https:\/\/github.com\/eaftan\/hprof-parser.  HPROF Parser. https:\/\/github.com\/eaftan\/hprof-parser."},{"key":"e_1_3_2_1_30_1","unstructured":"IDC. Smartphone OS Market Share 2016. https:\/\/www.idc.com\/prodserv\/smartphone-os-market-share.jsp.  IDC. Smartphone OS Market Share 2016. https:\/\/www.idc.com\/prodserv\/smartphone-os-market-share.jsp."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483777"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/1765871.1765924"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818791"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635900"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2015.7381839"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382756.2382798"},{"key":"e_1_3_2_1_39_1","first-page":"543","volume-title":"Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13)","author":"Octeau D.","year":"2013","unstructured":"D. Octeau , P. McDaniel , S. Jha , A. Bartel , E. Bodden , J. Klein , and Y. Le Traon . Effective inter-component communication mapping in android: An essential step towards holistic security analysis . In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13) , pages 543 -- 558 , 2013 . D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon. Effective inter-component communication mapping in android: An essential step towards holistic security analysis. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), pages 543--558, 2013."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390635"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10515-013-0122-2"},{"key":"e_1_3_2_1_42_1","volume-title":"USENIX Security","author":"Ramos D. A.","year":"2015","unstructured":"D. A. Ramos and D. Engler . Under-Constrained Symbolic Execution: correctness checking for real code . In USENIX Security , 2015 . D. A. Ramos and D. Engler. Under-Constrained Symbolic Execution: correctness checking for real code. In USENIX Security, 2015."},{"key":"e_1_3_2_1_43_1","volume-title":"CAV","author":"Ramos D. A.","year":"2011","unstructured":"D. A. Ramos and D. R. Engler . Practical, low-effort equivalence verification of real code . In CAV , 2011 . D. A. Ramos and D. R. Engler. Practical, low-effort equivalence verification of real code. In CAV, 2011."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435379"},{"key":"e_1_3_2_1_45_1","volume-title":"USENIX Security","author":"Ren C.","year":"2015","unstructured":"C. Ren , Y. Zhang , H. Xue , T. Wei , and P. Liu . Towards discovering and understanding task hijacking in android . In USENIX Security , 2015 . C. Ren, Y. Zhang, H. Xue, T. Wei, and P. Liu. Towards discovering and understanding task hijacking in android. In USENIX Security, 2015."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2632362.2632363"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23046"},{"key":"e_1_3_2_1_48_1","unstructured":"Stagefright. https:\/\/en.wikipedia.org\/wiki\/Stagefright_(bug).  Stagefright. https:\/\/en.wikipedia.org\/wiki\/Stagefright_(bug)."},{"volume-title":"Cumulative number of apps downloaded from the Google Play","year":"2016","key":"e_1_3_2_1_49_1","unstructured":"Statista. Cumulative number of apps downloaded from the Google Play , 2016 . https:\/\/www.statista.com\/statistics\/281106\/number-of-android-app-downloads-from-google-play\/. Statista. Cumulative number of apps downloaded from the Google Play, 2016. https:\/\/www.statista.com\/statistics\/281106\/number-of-android-app-downloads-from-google-play\/."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978343"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022920129859"},{"key":"e_1_3_2_1_52_1","unstructured":"WSJ. Google says android has 1.4 billion active users. www.wsj.com\/articles\/google-says-android-has-1--4-billion-active-users-1443546856.  WSJ. Google says android has 1.4 billion active users. www.wsj.com\/articles\/google-says-android-has-1--4-billion-active-users-1443546856."},{"key":"e_1_3_2_1_53_1","volume-title":"USENIX Security","author":"Yan L.-K.","year":"2012","unstructured":"L.-K. Yan and H. Yin . DroidScope: Seamlessly reconstructing os and dalvik semantic views for dynamic android malware analysis . In USENIX Security , 2012 . L.-K. Yan and H. Yin. DroidScope: Seamlessly reconstructing os and dalvik semantic views for dynamic android malware analysis. In USENIX Security, 2012."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516676"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"e_1_3_2_1_56_1","first-page":"50","volume-title":"NDSS","volume":"25","author":"Zhou Y.","year":"2012","unstructured":"Y. Zhou , Z. Wang , W. Zhou , and X. Jiang . Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets . In NDSS , volume 25 , pages 50 -- 52 , 2012 . Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In NDSS, volume 25, pages 50--52, 2012."}],"event":{"name":"MobiSys'17: The 15th Annual International Conference on Mobile Systems, Applications, and Services","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing","SIGOPS ACM Special Interest Group on Operating Systems"],"location":"Niagara Falls New York USA","acronym":"MobiSys'17"},"container-title":["Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3081333.3081361","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3081333.3081361","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3081333.3081361","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:37:00Z","timestamp":1750217820000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3081333.3081361"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,6,16]]},"references-count":56,"alternative-id":["10.1145\/3081333.3081361","10.1145\/3081333"],"URL":"https:\/\/doi.org\/10.1145\/3081333.3081361","relation":{},"subject":[],"published":{"date-parts":[[2017,6,16]]},"assertion":[{"value":"2017-06-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}