{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T10:53:17Z","timestamp":1770288797937,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,13]],"date-time":"2022-11-13T00:00:00Z","timestamp":1668297600000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"IITP\/MSIT","award":["2019-0-01343"],"award-info":[{"award-number":["2019-0-01343"]}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1563848, CNS-1704701, CRI-1629851, CNS-1749711"],"award-info":[{"award-number":["CNS-1563848, CNS-1704701, CRI-1629851, CNS-1749711"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-18-1-2662, N00014-15-1-2162, N00014-17-1-2895"],"award-info":[{"award-number":["N00014-18-1-2662, N00014-15-1-2162, N00014-17-1-2895"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"name":"ETRI IITP\/KEIT","award":["2014-3-00035"],"award-info":[{"award-number":["2014-3-00035"]}]},{"DOI":"10.13039\/100004318","name":"Microsoft","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100004318","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100005801","name":"Facebook","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100005801","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012642","name":"Mozilla Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100012642","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100002418","name":"Intel Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100002418","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006785","name":"Google","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006785","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484740","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"379-392","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators"],"prefix":"10.1145","author":[{"given":"Insu","family":"Yun","sequence":"first","affiliation":[{"name":"KAIST, Daejeon, Republic of Korea"}]},{"given":"Woosun","family":"Song","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, Republic of Korea"}]},{"given":"Seunggi","family":"Min","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, Republic of Korea"}]},{"given":"Taesoo","family":"Kim","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland)","author":"Ainsworth Sam","unstructured":"Sam Ainsworth and Timothy M. Jones. 2020. MarkUs: Drop-in use-after-free prevention for low-level languages. In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA."},{"key":"e_1_3_2_1_2_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS)","author":"Avgerinos Thanassis","year":"2011","unstructured":"Thanassis Avgerinos, Sang Kil Cha, Alexandre Rebert, Edward J. Schwartz, Maverick Woo, and David Brumley. 2011. AEG: Automatic exploit generation. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA."},{"key":"e_1_3_2_1_3_1","unstructured":"blackngel. 2009. Malloc Des-Maleficarum. http:\/\/phrack.org\/issues\/66\/10.html. (2009)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"e_1_3_2_1_5_1","unstructured":"Silvio Cesare. 2020. Breaking Secure Checksums in the Scudo Allocator. https:\/\/blog.infosectcbr.com.au\/2020\/04\/breaking-secure-checksums-in-scudo_8.html. (2020)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_7_1","unstructured":"Wei Chan. 2019. Heap Overflow Exploitation on Windows 10 Explained. (2019)."},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (Security)","author":"Chen Weiteng","year":"2020","unstructured":"Weiteng Chen, Xiaochen Zou, Guoren Li, and Zhiyun Qian. 2020. KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities. In Proceedings of the 29th USENIX Security Symposium (Security). Boston, MA."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the International Symposium on Software Testing and Analysis (ISSTA) .","author":"Choi Jong-Deok","year":"2007","unstructured":"Jong-Deok Choi and Andreas Zeller. 2007. Isolating failure-inducing thread schedules. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA) ."},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (Security)","author":"Eckert Moritz","year":"2018","unstructured":"Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2018. Heaphopper: Bringing bounded model checking to heap implementation security. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD."},{"key":"e_1_3_2_1_11_1","unstructured":"Google. 2013. Partition Alloc Design. https:\/\/chromium.googlesource.com\/chromium\/src\/+\/master\/base\/allocator\/partition_allocator\/PartitionAlloc.md. (2013)."},{"key":"e_1_3_2_1_12_1","unstructured":"GrapheneOS. 2018. Hardened malloc. https:\/\/github.com\/GrapheneOS\/hardened_malloc. (2018)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2014.37"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.1574"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786846"},{"key":"e_1_3_2_1_16_1","unstructured":"Ben Hawkes. 2019. 0day \"In the Wild\". https:\/\/googleprojectzero.blogspot.com\/p\/0day.html. (2019)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/3277203.3277261"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354224"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 42nd International Conference on Software Engineering (ICSE) .","author":"Kirschner Lukas","year":"2020","unstructured":"Lukas Kirschner, Ezekiel Soremekun, and Andreas Zeller. 2020. Debugging inputs. In Proceedings of the 42nd International Conference on Software Engineering (ICSE) ."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23238"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3361525.3361532"},{"key":"e_1_3_2_1_22_1","unstructured":"LLVM Project. 2019. Scudo Hardened Allocator. https:\/\/llvm.org\/docs\/ScudoHardenedAllocator.html. (2019)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23387"},{"key":"e_1_3_2_1_24_1","unstructured":"Microsoft. 2018. Low-fragmentation Heap. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/memory\/low-fragmentation-heap. (2018)."},{"key":"e_1_3_2_1_25_1","unstructured":"Microsoft. 2019. mimalloc. https:\/\/github.com\/microsoft\/mimalloc. (2019)."},{"key":"e_1_3_2_1_26_1","unstructured":"Matt Miller. 2020. Pursuing Durably Safe Systems Software. In SSTIC ."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134307"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866371"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241105"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330576"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254104"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139337.3139346"},{"key":"e_1_3_2_1_33_1","unstructured":"Chris Rohlf. 2020. https:\/\/github.com\/struct\/isoalloc. (2020)."},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 20th USENIX Security Symposium (Security)","author":"Schwartz Edward J","year":"2011","unstructured":"Edward J Schwartz, Thanassis Avgerinos, and David Brumley. 2011. Q: Exploit Hardening Made Easy.. In Proceedings of the 20th USENIX Security Symposium (Security). San Francisco, CA."},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 2012 USENIX Annual Technical Conference (ATC)","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Proceedings of the 2012 USENIX Annual Technical Conference (ATC). Boston, MA."},{"key":"e_1_3_2_1_36_1","unstructured":"shellphish. 2016. how2heap: A repository for learning various heap exploitation techniques. https:\/\/github.com\/shellphish\/how2heap. (2016)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133957"},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (Security)","author":"Silvestro Sam","year":"2018","unstructured":"Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, and Tongping Liu. 2018. Guarder: A tunable secure allocator. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD."},{"key":"e_1_3_2_1_39_1","unstructured":"Michael Steranka and Emery Berger. 2019. Entroprise. https:\/\/github.com\/plasma-umass\/entroprise. (2019)."},{"key":"e_1_3_2_1_40_1","volume-title":"The probable error of a mean. Biometrika","year":"1908","unstructured":"Student. 1908. The probable error of a mean. Biometrika (1908), 1--25."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180236"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064211"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Pauli Virtanen Ralf Gommers Travis E Oliphant Matt Haberland Tyler Reddy David Cournapeau Evgeni Burovski Pearu Peterson Warren Weckesser Jonathan Bright et al. 2020. SciPy 1.0: fundamental algorithms for scientific computing in Python. Nature methods Vol. 17 3 (2020) 261--272.","DOI":"10.1038\/s41592-020-0772-5"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243847"},{"key":"e_1_3_2_1_45_1","volume-title":"JungWon Lim Sanidhya Kashyap, and Taesoo Kim.","author":"Wickman Brian","year":"2021","unstructured":"Brian Wickman, Hong Hu, Insu Yun Daehee Jang, JungWon Lim Sanidhya Kashyap, and Taesoo Kim. 2021. Preventing Use-After-Free Attacks with Fast Forward Allocation. (Aug. 2021)."},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (Security)","author":"Wu Wei","year":"2019","unstructured":"Wei Wu, Yueqi Chen, Xinyu Xing, and Wei Zou. 2019. KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities. In Proceedings of the 28th USENIX Security Symposium (Security). Santa Clara, CA."},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (Security)","author":"Wu Wei","year":"2018","unstructured":"Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, and Wei Zou. 2018. FUZE: Towards facilitating exploit generation for kernel use-after-free vulnerabilities. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD."},{"key":"e_1_3_2_1_48_1","unstructured":"Insu Yun. 2021. mimalloc issue # 372. https:\/\/github.com\/microsoft\/mimalloc\/issues\/372. (2021)."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/3489212.3489275"},{"key":"e_1_3_2_1_50_1","unstructured":"Michal Zalewski. 2014. American fuzzy lop. http:\/\/lcamtuf.coredump.cx\/afl\/. (2014)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48166-4_16"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484740","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484740","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484740","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:48:33Z","timestamp":1763498913000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484740"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":51,"alternative-id":["10.1145\/3460120.3484740","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484740","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}