{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T00:41:23Z","timestamp":1769733683719,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"NSF","award":["1652954"],"award-info":[{"award-number":["1652954"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484798","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"811-824","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels"],"prefix":"10.1145","author":[{"given":"Hang","family":"Zhang","sequence":"first","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Weiteng","family":"Chen","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Yu","family":"Hao","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Guoren","family":"Li","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Yizhuo","family":"Zhai","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Xiaochen","family":"Zou","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]},{"given":"Zhiyun","family":"Qian","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2021. CVE-2020-7053. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-7053."},{"key":"e_1_3_2_1_2_1","unstructured":"2021. CVE-2020-8648. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-8648."},{"key":"e_1_3_2_1_3_1","unstructured":"2021. Syzkaller. https:\/\/opensource.google\/projects\/syzkaller."},{"key":"e_1_3_2_1_4_1","unstructured":"2021. The patch for a high-order taint vulnerability in Qualcomm driver. https:\/\/review.lineageos.org\/c\/LineageOS\/android_kernel_motorola_msm8953\/+\/169169."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_1_6_1","volume-title":"Efficient and flexible discovery of php application vulnerabilities. In 2017 IEEE european symposium on security and privacy (EuroS&P)","author":"Backes Michael","unstructured":"Michael Backes, Konrad Rieck, Malte Skoruppa, Ben Stock, and Fabian Yamaguchi. 2017. Efficient and flexible discovery of php application vulnerabilities. In 2017 IEEE european symposium on security and privacy (EuroS&P). IEEE, 334--349."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423357"},{"key":"e_1_3_2_1_8_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Brown Fraser","year":"2020","unstructured":"Fraser Brown, Deian Stefan, and Dawson Engler. 2020. Sys: a static\/symbolic tool for finding good bugs in good (browser) code. In 29th USENIX Security Symposium (USENIX Security 20). 199--216."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813643"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00052"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-61053-7_66"},{"key":"e_1_3_2_1_12_1","unstructured":"Zheng Leong Chua Yanhao Wang Teodora Baluta Prateek Saxena Zhenkai Liang and Purui Su. 2019. One Engine To Serve'em All: Inferring Taint Rules Without Architectural Semantics.. In NDSS ."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.50"},{"key":"e_1_3_2_1_14_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Dahse Johannes","year":"2014","unstructured":"Johannes Dahse and Thorsten Holz. 2014. Static detection of second-order vulnerabilities in web applications. In 23rd USENIX Security Symposium (USENIX Security 14). 989--1003."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512538"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1375581.1375615"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635869"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2018.23019"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133926"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.54"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771803"},{"key":"e_1_3_2_1_22_1","volume-title":"USENIX Security Symposium","volume":"2","author":"Johnson Rob","year":"2004","unstructured":"Rob Johnson and David Wagner. 2004. Finding user\/kernel pointer bugs with type inference.. In USENIX Security Symposium, Vol. 2. 0."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134744.1134751"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978366"},{"key":"e_1_3_2_1_26_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Machiry Aravind","year":"2017","unstructured":"Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna. 2017. DR.CHECKER: A soundy analysis for linux kernel drivers. In 26th USENIX Security Symposium (USENIX Security 17). 1007--1024."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1290520.1290524"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/73560.73562"},{"key":"e_1_3_2_1_29_1","unstructured":"Bhargava Shastry Federico Maggi Fabian Yamaguchi Konrad Rieck and Jean-Pierre Seifert. 2017. Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing.. In WOOT ."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00022"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3192366.3192418"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453483.3454086"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2048066.2048145"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892235"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1543135.1542486"},{"key":"e_1_3_2_1_36_1","volume-title":"10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12)","author":"Wang Xi","year":"2012","unstructured":"Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, and M Frans Kaashoek. 2012. Improving integer security for systems with KINT. In 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12). 163--177."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1232420.1232423"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409686"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978320"},{"key":"e_1_3_2_1_42_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zhang Tong","year":"2019","unstructured":"Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed M Azab, and Ruowen Wang. 2019. Pex: A permission check analysis framework for linux kernel. In 28th USENIX Security Symposium (USENIX Security 19). 1205--1220."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00040"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484798","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484798","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484798","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:54:35Z","timestamp":1763499275000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484798"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":43,"alternative-id":["10.1145\/3460120.3484798","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484798","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}