{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:14:17Z","timestamp":1763968457647,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSFC","award":["61572278"],"award-info":[{"award-number":["61572278"]}]},{"name":"BNRist","award":["BNR2020RC01013"],"award-info":[{"award-number":["BNR2020RC01013"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,5,24]]},"DOI":"10.1145\/3433210.3453076","type":"proceedings-article","created":{"date-parts":[[2021,6,4]],"date-time":"2021-06-04T15:26:39Z","timestamp":1622820399000},"page":"565-577","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Privilege-Escalation Vulnerability Discovery for Large-scale RPC Services"],"prefix":"10.1145","author":[{"given":"Zhuotao","family":"Liu","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hao","family":"Zhao","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sainan","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qi","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tao","family":"Wei","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Wang","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Apache Dubbo RPC framework. https:\/\/dubbo.apache.org\/.  Apache Dubbo RPC framework. https:\/\/dubbo.apache.org\/."},{"key":"e_1_3_2_1_2_1","unstructured":"gRPC open-source universal RPC framework. https:\/\/www.grpc.io\/.  gRPC open-source universal RPC framework. https:\/\/www.grpc.io\/."},{"key":"e_1_3_2_1_3_1","unstructured":"198\n    million Americans hit by 'largest ever' voter records leak. https:\/\/www.zdnet.com\/article\/security-lapse-exposes-198-million-united-\/states-voter-records\/.  198 million Americans hit by 'largest ever' voter records leak. https:\/\/www.zdnet.com\/article\/security-lapse-exposes-198-million-united-\/states-voter-records\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Apr. 2018. 63 500 patient records breached by New York provider's misconfigured database. https:\/\/tinyurl.com\/y88vh8u5.  Apr. 2018. 63 500 patient records breached by New York provider's misconfigured database. https:\/\/tinyurl.com\/y88vh8u5."},{"key":"e_1_3_2_1_5_1","unstructured":"Microsoft RPC. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/rpc\/.  Microsoft RPC. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/rpc\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Sun's Remote Procedure Call (RPC). http:\/\/books.creativecgi.com\/tcpip\/puis\/ch19_02.htm.  Sun's Remote Procedure Call (RPC). http:\/\/books.creativecgi.com\/tcpip\/puis\/ch19_02.htm."},{"key":"e_1_3_2_1_7_1","volume-title":"Rest-ler: Automatic intelligent rest api fuzzing. arXiv: Software Engineering","author":"Atlidakis V.","year":"2018","unstructured":"Atlidakis , V. , Godefroid , P. , and Polishchuk , M . Rest-ler: Automatic intelligent rest api fuzzing. arXiv: Software Engineering ( 2018 ). Atlidakis, V., Godefroid, P., and Polishchuk, M. Rest-ler: Automatic intelligent rest api fuzzing. arXiv: Software Engineering (2018)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2080.357392"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00046"},{"key":"e_1_3_2_1_10_1","first-page":"747","volume-title":"USENIX Security Symposium","author":"Chen Y.","year":"2019","unstructured":"Chen , Y. , Xing , L. , Qin , Y. , Liao , X. , Wang , X. , Chen , K. , and Zou , W . Devils in the guidance: Predicting logic vulnerabilities in payment syndication services through automated documentation analysis . In USENIX Security Symposium ( 2019 ), pp. 747 -- 764 . Chen, Y., Xing, L., Qin, Y., Liao, X., Wang, X., Chen, K., and Zou, W. Devils in the guidance: Predicting logic vulnerabilities in payment syndication services through automated documentation analysis. In USENIX Security Symposium (2019), pp. 747--764."},{"key":"e_1_3_2_1_11_1","first-page":"267","volume-title":"USENIX Security Symposium","author":"Dalton M.","year":"2009","unstructured":"Dalton , M. , Kozyrakis , C. , and Zeldovich , N . Nemesis: preventing authentication & access control vulnerabilities in web applications . In USENIX Security Symposium ( 2009 ), pp. 267 -- 282 . Dalton, M., Kozyrakis, C., and Zeldovich, N. Nemesis: preventing authentication & access control vulnerabilities in web applications. In USENIX Security Symposium (2009), pp. 267--282."},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Security Symposium","author":"Das T.","year":"2010","unstructured":"Das , T. , Bhagwan , R. , and Naldurg , P . Baaz: a system for detecting access control misconfigurations . In USENIX Security Symposium ( 2010 ). Das, T., Bhagwan, R., and Naldurg, P. Baaz: a system for detecting access control misconfigurations. In USENIX Security Symposium (2010)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.01.008"},{"key":"e_1_3_2_1_14_1","volume-title":"USENIX Security Symposium","author":"Elsabagh M.","year":"2020","unstructured":"Elsabagh , M. , Johnson , R. , Stavrou , A. , Zuo , C. , Zhao , Q. , and Lin , Z . Firmscope: Automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in android firmware . In USENIX Security Symposium ( 2020 ). Elsabagh, M., Johnson, R., Stavrou, A., Zuo, C., Zhao, Q., and Lin, Z. Firmscope: Automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in android firmware. In USENIX Security Symposium (2020)."},{"key":"e_1_3_2_1_15_1","first-page":"10","volume-title":"USENIX Security Symposium","author":"Felmetsger V.","year":"2010","unstructured":"Felmetsger , V. , Cavedon , L. , Kruegel , C. , and Vigna , G . Toward automated detection of logic vulnerabilities in web applications . In USENIX Security Symposium ( 2010 ), pp. 10 -- 10 . Felmetsger, V., Cavedon, L., Kruegel, C., and Vigna, G. Toward automated detection of logic vulnerabilities in web applications. In USENIX Security Symposium (2010), pp. 10--10."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.16"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.04.005"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.28"},{"key":"e_1_3_2_1_19_1","volume-title":"USENIX Security Symposium","author":"Martin M. A.","year":"2008","unstructured":"Martin , M. A. , and Lam , M. S . Automatic generation of XSS and SQL injection attacks with goal-directed model checking . In USENIX Security Symposium ( 2008 ). Martin, M. A., and Lam, M. S. Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In USENIX Security Symposium (2008)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23309"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660337"},{"key":"e_1_3_2_1_22_1","volume-title":"Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces. In IEEE Symposium on Security and Privacy","author":"Mulliner C.","year":"2014","unstructured":"Mulliner , C. , Robertson , W. , and Kirda , E . Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces. In IEEE Symposium on Security and Privacy ( 2014 ). Mulliner, C., Robertson, W., and Kirda, E. Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces. In IEEE Symposium on Security and Privacy (2014)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813639"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884836"},{"key":"e_1_3_2_1_25_1","volume-title":"USENIX Security Symposium","author":"Pailoor S.","year":"2018","unstructured":"Pailoor , S. , Aday , A. , and Jana , S . Moonshine: Optimizing os fuzzer seed selection with trace distillation . In USENIX Security Symposium ( 2018 ). Pailoor, S., Aday, A., and Jana, S. Moonshine: Optimizing os fuzzer seed selection with trace distillation. In USENIX Security Symposium (2018)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2019.106960"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606610"},{"key":"e_1_3_2_1_28_1","volume-title":"NDSS","author":"Son S.","year":"2013","unstructured":"Son , S. , Mckinley , K. S. , and Shmatikov , V . Fix me up: Repairing access-control bugs in web applications . In NDSS ( 2013 ). Son, S., Mckinley, K. S., and Shmatikov, V. Fix me up: Repairing access-control bugs in web applications. In NDSS (2013)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC1831"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23009"},{"key":"e_1_3_2_1_31_1","volume-title":"USENIX Security Symposium","author":"Sun F.","year":"2011","unstructured":"Sun , F. , Xu , L. , and Su , Z . Static detection of access control vulnerabilities in web applications . In USENIX Security Symposium ( 2011 ). Sun, F., Xu, L., and Su, Z. Static detection of access control vulnerabilities in web applications. In USENIX Security Symposium (2011)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23351"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155278"},{"key":"e_1_3_2_1_34_1","unstructured":"Thrift A. Apache Thrift 2017.  Thrift A. Apache Thrift 2017."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978322"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363191"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23091"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2914642.2914661"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00009"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134089"}],"event":{"name":"ASIA CCS '21: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Hong Kong","acronym":"ASIA CCS '21"},"container-title":["Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3453076","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3453076","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:11Z","timestamp":1750193291000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3453076"}},"subtitle":["Principle, Design, and Deployment"],"short-title":[],"issued":{"date-parts":[[2021,5,24]]},"references-count":40,"alternative-id":["10.1145\/3433210.3453076","10.1145\/3433210"],"URL":"https:\/\/doi.org\/10.1145\/3433210.3453076","relation":{},"subject":[],"published":{"date-parts":[[2021,5,24]]},"assertion":[{"value":"2021-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}