{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:54:30Z","timestamp":1772042070410,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":108,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,13]],"date-time":"2022-11-13T00:00:00Z","timestamp":1668297600000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["HR00112090031"],"award-info":[{"award-number":["HR00112090031"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-19-1-2179,N00014-17-1-2895,N00014-15-1-2162,N00014-18-1-2662"],"award-info":[{"award-number":["N00014-19-1-2179,N00014-17-1-2895,N00014-15-1-2162,N00014-18-1-2662"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3485363","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"320-336","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis"],"prefix":"10.1145","author":[{"given":"Carter","family":"Yagemann","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Simon P.","family":"Chung","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Brendan","family":"Saltaformaggio","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978380"},{"key":"e_1_3_2_1_2_1","volume-title":"Security impact ratings considered harmful. arXiv preprint arXiv:0904.4058","author":"Arnold Jeff","year":"2009","unstructured":"Jeff Arnold, Tim Abbott, Waseem Daher, Gregory Price, Nelson Elhage, Geoffrey Thomas, and Anders Kaseorg. 2009. Security impact ratings considered harmful. arXiv preprint arXiv:0904.4058 (2009)."},{"key":"e_1_3_2_1_3_1","volume-title":"Restler: Stateful Rest API Fuzzing. In 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). IEEE, 748--758","author":"Atlidakis Vaggelis","year":"2019","unstructured":"Vaggelis Atlidakis, Patrice Godefroid, and Marina Polishchuk. 2019. Restler: Stateful Rest API Fuzzing. In 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). IEEE, 748--758."},{"key":"e_1_3_2_1_4_1","volume-title":"Brent Lim Tze Hao, and David Brumley.","author":"Avgerinos Thanassis","year":"2018","unstructured":"Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley. 2018. Automatic Exploit Generation. Carnegie Mellon University."},{"key":"e_1_3_2_1_5_1","volume-title":"27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 975--985","author":"Babi\u0107 Domagoj","year":"2019","unstructured":"Domagoj Babi\u0107, Stefan Bucur, Yaohui Chen, Franjo Ivanvc i\u0107, Tim King, Markus Kusano, Caroline Lemieux, L\u00e1szl\u00f3 Szekeres, and Wei Wang. 2019. Fudge: Fuzz Driver Generation at Scale. In 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 975--985."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991114"},{"key":"e_1_3_2_1_7_1","unstructured":"Mihir Bellare and Bennet Yee. 1997. Forward integrity for secure audit logs . Technical Report. Computer Science and Engineering Department University of California at San Diego."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304073"},{"key":"e_1_3_2_1_9_1","volume-title":"AURORA: Statistical Crash Analysis for Automated Root Cause Explanation. In 29th USENIX Security Symposium. 235--252","author":"Blazytko Tim","year":"2020","unstructured":"Tim Blazytko, Moritz Schl\u00f6gel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon W\u00f6rner, and Thorsten Holz. 2020. AURORA: Statistical Crash Analysis for Automated Root Cause Explanation. In 29th USENIX Security Symposium. 235--252."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_2"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/390016.808445"},{"key":"e_1_3_2_1_12_1","volume-title":"CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation","author":"Brotzman Robert","unstructured":"Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, and Mahmut Kandemir. 2019. CaSym: Cache aware symbolic execution for side channel detection and mitigation. In CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. IEEE."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.41"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368860.3368862"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.50"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.40"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Sze Yiu Chau Moosa Yahyazadeh Omar Chowdhury Aniket Kate and Ninghui Li. 2019. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS# 1 v1. 5 Signature Verification.. In NDSS .","DOI":"10.14722\/ndss.2019.23430"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2013.6671277"},{"key":"e_1_3_2_1_20_1","volume-title":"et almbox","author":"Chen Yaohui","year":"2019","unstructured":"Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Long Lu, et almbox. 2019. SAVIOR: Towards Bug-Driven Hybrid Testing. arXiv preprint arXiv:1906.07327 (2019)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961296.1950396"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1976.233817"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095824"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Cui Weidong","year":"2018","unstructured":"Weidong Cui, Xinyang Ge, Baris Kasikci, Ben Niu, Upamanyu Sharma, Ruoyu Wang, and Insu Yun. 2018. REPT: Reverse Debugging of Failures in Deployed Software. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI) . Carlsbad, CA."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884844"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00009"},{"key":"e_1_3_2_1_28_1","volume-title":"DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report. In Network and Distributed Systems Security (NDSS) Symposium 2020 .","author":"Ding Ren","year":"2020","unstructured":"Ren Ding, Hong Hu, Wen Xu, and Taesoo Kim. 2020. DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report. In Network and Distributed Systems Security (NDSS) Symposium 2020 ."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557550"},{"key":"e_1_3_2_1_30_1","volume-title":"Daniele Cono D'Elia, and Leonardo Querzoni","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Daniele Cono D'Elia, and Leonardo Querzoni. 2020. Fuzzing binaries for memory safety errors with QASan. In 2020 IEEE Secure Development (SecDev) . IEEE, 23--30."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-28865-9_18"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3037697.3037716"},{"key":"e_1_3_2_1_34_1","volume-title":"Reverse Debugging of Kernel Failures in Deployed Systems. In USENIX Annual Technical Conference . 281--292","author":"Ge Xinyang","year":"2020","unstructured":"Xinyang Ge, Ben Niu, and Weidong Cui. 2020. Reverse Debugging of Kernel Failures in Deployed Systems. In USENIX Annual Technical Conference . 281--292."},{"key":"e_1_3_2_1_35_1","volume-title":"Command Line Buffer Overflow . https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=550978#50 . [Online","year":"2019","unstructured":"gif2png. 2009. Command Line Buffer Overflow . https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=550978#50 . [Online; accessed 25-October-2019]."},{"key":"e_1_3_2_1_36_1","volume-title":"Whitebox Fuzzing. In Proceedings of the 2nd International Workshop on Random Testing. 1--1.","author":"Godefroid Patrice","year":"2007","unstructured":"Patrice Godefroid. 2007. Random Testing for Security: Blackbox vs. Whitebox Fuzzing. In Proceedings of the 2nd International Workshop on Random Testing. 1--1."},{"key":"e_1_3_2_1_37_1","volume-title":"NDSS","volume":"8","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid, Michael Y Levin, David A Molnar, et almbox. 2008. Automated Whitebox Fuzz Testing.. In NDSS, Vol. 8. Citeseer, 151--166."},{"key":"e_1_3_2_1_38_1","unstructured":"GraphicsMagick. 2017. Attempt to Fix Issue 440 . http:\/\/hg.code.sf.net\/p\/graphicsmagick\/code\/rev\/98721124e51f . [Online; accessed 25-October-2019]."},{"key":"e_1_3_2_1_39_1","volume-title":"USENIX Annual Technical Conference. 285--292","author":"Guo Philip J","year":"2009","unstructured":"Philip J Guo and Dawson R Engler. 2009. Linux Kernel Developer Responses to Static Analysis Bug Reports.. In USENIX Annual Technical Conference. 285--292."},{"key":"e_1_3_2_1_40_1","volume-title":"Vulnerability Prioritization Tops Security Pros' Challenges. https:\/\/tinyurl.com\/y6os685b . [Online","author":"Habusha David","year":"2020","unstructured":"David Habusha. [n.d.]. Vulnerability Prioritization Tops Security Pros' Challenges. https:\/\/tinyurl.com\/y6os685b . [Online; accessed 18-November-2020]."},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 22nd USENIX Security Symposium. 49--64","author":"Haller Istvan","year":"2013","unstructured":"Istvan Haller, Asia Slowinska, Matthias Neugschwandtner, and Herbert Bos. 2013. Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations. In Proceedings of the 22nd USENIX Security Symposium. 49--64."},{"key":"e_1_3_2_1_42_1","volume-title":"Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats. In 27th ISOC Network and Distributed System Security Symposium (NDSS'20)","author":"Han Xueyan","year":"2020","unstructured":"Xueyan Han, Thomas Pasqueir, Adam Bates, James Mickens, and Margo Seltzer. 2020. Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats. In 27th ISOC Network and Distributed System Security Symposium (NDSS'20)."},{"key":"e_1_3_2_1_43_1","volume-title":"NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. In 26th ISOC Network and Distributed System Security Symposium (NDSS'19)","author":"Hassan Wajih Ul","year":"2019","unstructured":"Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates. 2019. NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. In 26th ISOC Network and Distributed System Security Symposium (NDSS'19)."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243838"},{"key":"e_1_3_2_1_45_1","volume-title":"International Conference on Integrated Formal Methods. Springer, 425--438","author":"Ren\u00e1ta","unstructured":"Ren\u00e1ta Hodov\u00e1n and \u00c1kos Kiss. 2016. Fuzzing javascript engine apis. In International Conference on Integrated Formal Methods. Springer, 425--438."},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of the Australasian Information Security Workshop (AISW-NetSec) .","author":"Holt Jason E.","year":"2006","unstructured":"Jason E. Holt. 2006. Logcrypt: Forward Security and Public Verification for Secure Audit Logs. In Proceedings of the Australasian Information Security Workshop (AISW-NetSec) ."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243797"},{"key":"e_1_3_2_1_48_1","volume-title":"Fuzzgen: Automatic Fuzzer Generation. In 29th USENIX Security Symposium . 2271--2287","author":"Ispoglou Kyriakos","year":"2020","unstructured":"Kyriakos Ispoglou, Daniel Austin, Vishwath Mohan, and Mathias Payer. 2020. Fuzzgen: Automatic Fuzzer Generation. In 29th USENIX Security Symposium . 2271--2287."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","unstructured":"Joonun Jang and Huy Kang Kim. 2019. FuzzBuilder: Automated building greybox fuzzing environment for C\/C","DOI":"10.1145\/3359789.3359846"},{"key":"e_1_3_2_1_50_1","volume-title":"Proceedings of the 35th Annual Computer Security Applications Conference . 627--637","unstructured":"library. In Proceedings of the 35th Annual Computer Security Applications Conference . 627--637."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134045"},{"key":"e_1_3_2_1_52_1","volume-title":"Towards Efficient Heap Overflow Discovery. In 26th USENIX Security Symposium . 989--1006","author":"Jia Xiangkun","year":"2017","unstructured":"Xiangkun Jia, Chao Zhang, Purui Su, Yi Yang, Huafeng Huang, and Dengguo Feng. 2017a. Towards Efficient Heap Overflow Discovery. In 26th USENIX Security Symposium . 989--1006."},{"key":"e_1_3_2_1_53_1","volume-title":"Towards Efficient Heap Overflow Discovery. In 26th USENIX Security Symposium . 989--1006","author":"Jia Xiangkun","year":"2017","unstructured":"Xiangkun Jia, Chao Zhang, Purui Su, Yi Yang, Huafeng Huang, and Dengguo Feng. 2017b. Towards Efficient Heap Overflow Discovery. In 26th USENIX Security Symposium . 989--1006."},{"key":"e_1_3_2_1_54_1","volume-title":"WINNIE: Fuzzing Windows Applications with Harness Synthesis and Fast Cloning. In Network and Distributed System Security Symposium .","author":"Jung Jinho","year":"2021","unstructured":"Jinho Jung, Stephen Tong, Hong Hu, Jungwon Lim, Yonghwi Jin, and Taesoo Kim. 2021. WINNIE: Fuzzing Windows Applications with Harness Synthesis and Fast Cloning. In Network and Distributed System Security Symposium ."},{"key":"e_1_3_2_1_55_1","unstructured":"Min Gyung Kang Stephen McCamant Pongsin Poosankam and Dawn Song. 2011. Dta"},{"key":"e_1_3_2_1_56_1","unstructured":": dynamic taint analysis with targeted control-flow propagation.. In NDSS ."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132767"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815412"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_60_1","volume-title":"Proceedings of the 12th ISOC Network and Distributed System Security Symposium (NDSS'05)","author":"King Samuel T","year":"2005","unstructured":"Samuel T King, Zhuoqing Morley Mao, Dominic G Lucchetti, and Peter M Chen. 2005. Enriching Intrusion Alerts Through Multi-Host Causality.. In Proceedings of the 12th ISOC Network and Distributed System Security Symposium (NDSS'05)."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3301417.3312501"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23476"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243783"},{"key":"e_1_3_2_1_64_1","volume-title":"Fix double free . https:\/\/github.com\/nih-at\/libzip\/commit\/2217022b7d1142738656d891e00b3d2d9179b796 . [Online","year":"2019","unstructured":"libzip. 2017. Fix double free . https:\/\/github.com\/nih-at\/libzip\/commit\/2217022b7d1142738656d891e00b3d2d9179b796 . [Online; accessed 25-October-2019]."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(17)30034-9"},{"key":"e_1_3_2_1_66_1","article-title":"A new approach to secure logging","volume":"5","author":"Ma Di","year":"2009","unstructured":"Di Ma and Gene Tsudik. 2009. A new approach to secure logging. ACM Transactions on Storage (TOS) , Vol. 5, 1 (2009).","journal-title":"ACM Transactions on Storage (TOS)"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2150976.2151012"},{"key":"e_1_3_2_1_68_1","volume-title":"2019 IEEE Symposium on Security and Privacy. IEEE Computer Society","author":"Milajerdi S. Momeni","unstructured":"S. Momeni Milajerdi, R. Gjomemo, B. Eshete, R. Sekar, and V. Venkatakrishnan. 2019. HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows. In 2019 IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, USA."},{"key":"e_1_3_2_1_69_1","volume-title":"Catchconv: Symbolic execution and run-time type inference for integer conversion errors. UC Berkeley EECS","author":"Molnar David A","year":"2007","unstructured":"David A Molnar and David Wagner. 2007. Catchconv: Symbolic execution and run-time type inference for integer conversion errors. UC Berkeley EECS (2007)."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180444"},{"key":"e_1_3_2_1_71_1","unstructured":"James Newsome David Brumley Dawn Song Jad Chamcham and Xeno Kovah. 2006 b. Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software.. In NDSS ."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.1870876"},{"key":"e_1_3_2_1_73_1","volume-title":"Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution . https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1593580 . [Online","year":"2019","unstructured":"ntp. 2018. Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution . https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1593580 . [Online; accessed 25-October-2019]."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417862"},{"key":"e_1_3_2_1_75_1","volume-title":"Prevent a buffer overflow in possibly corrupt PDFs . https:\/\/github.com\/enferex\/pdfresurrect\/commit\/4ea7a6f4f51d0440da651d099247e2273f811dbc . [Online","year":"2019","unstructured":"pdfresurrect. 2019. Prevent a buffer overflow in possibly corrupt PDFs . https:\/\/github.com\/enferex\/pdfresurrect\/commit\/4ea7a6f4f51d0440da651d099247e2273f811dbc . [Online; accessed 25-October-2019]."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54494-5_3"},{"key":"e_1_3_2_1_77_1","volume-title":"Hercules: Reproducing Crashes in Real-World Application Binaries. In 37th IEEE International Conference on Software Engineering","volume":"1","author":"Pham Van-Thuan","year":"2015","unstructured":"Van-Thuan Pham, Wei Boon Ng, Konstantin Rubinov, and Abhik Roychoudhury. 2015. Hercules: Reproducing Crashes in Real-World Application Binaries. In 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 891--901."},{"key":"e_1_3_2_1_78_1","volume-title":"RAZOR: A Framework for Post-deployment Software Debloating. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Qian Chenxiong","year":"2019","unstructured":"Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho Chung, Taesoo Kim, and Wenke Lee. 2019. RAZOR: A Framework for Post-deployment Software Debloating. In 28th USENIX Security Symposium (USENIX Security 19). 1733--1750."},{"key":"e_1_3_2_1_79_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Quach Anh","year":"2018","unstructured":"Anh Quach, Aravind Prakash, and Lok Yan. 2018. Debloating software through piece-wise compilation and loading. In 27th USENIX Security Symposium (USENIX Security 18). 869--886."},{"key":"e_1_3_2_1_80_1","first-page":"1","article-title":"VUzzer: Application-aware Evolutionary Fuzzing","volume":"17","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing.. In NDSS, Vol. 17. 1--14.","journal-title":"NDSS"},{"key":"e_1_3_2_1_81_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Rebert Alexandre","year":"2014","unstructured":"Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, and David Brumley. 2014. Optimizing seed selection for fuzzing. In 23rd USENIX Security Symposium (USENIX Security 14). 861--875."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451131"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572299"},{"key":"e_1_3_2_1_84_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX) .","author":"Schneier Bruce","year":"1998","unstructured":"Bruce Schneier and John Kelsey. 1998. Cryptographic Support for Secure Logs on Untrusted Machines.. In Proceedings of the USENIX Security Symposium (USENIX) ."},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/1081706.1081750"},{"key":"e_1_3_2_1_86_1","volume-title":"2012 USENIX Annual Technical Conference (USENIX ATC). 309--318","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In 2012 USENIX Annual Technical Conference (USENIX ATC). 309--318."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238160"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.1870858"},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"crossref","unstructured":"Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware.. In NDSS .","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/3105761"},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.32"},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_3_2_1_95_1","volume-title":"Format String Vulnerability . https:\/\/bugs.gentoo.org\/401533 . [Online","year":"2019","unstructured":"sudo. 2012. Format String Vulnerability . https:\/\/bugs.gentoo.org\/401533 . [Online; accessed 25-October-2019]."},{"key":"e_1_3_2_1_96_1","volume-title":"Semantic Crash Bucketing. In 33rd IEEE International Conference on Automated Software Engineering. IEEE, 612--622","author":"van Tonder Rijnard","year":"2018","unstructured":"Rijnard van Tonder, John Kotheimer, and Claire Le Goues. 2018. Semantic Crash Bucketing. In 33rd IEEE International Conference on Automated Software Engineering. IEEE, 612--622."},{"key":"e_1_3_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"e_1_3_2_1_98_1","volume-title":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","author":"Warrender C.","unstructured":"C. Warrender, S. Forrest, and B. Pearlmutter. 1999. Detecting intrusions using system calls: alternative data models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344) . 133--145."},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39945-3_8"},{"key":"e_1_3_2_1_100_1","volume-title":"2016 46th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 467--478","author":"Xu K.","unstructured":"K. Xu, K. Tian , D. Yao, and B. G. Ryder. 2016. A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection with Context Sensitivity. In 2016 46th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 467--478."},{"key":"e_1_3_2_1_101_1","volume-title":"ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems. In USENIX Security Symposium .","author":"Yagemann Carter","year":"2021","unstructured":"Carter Yagemann, Matthew Pruett, Simon P. Chung, Kennon Bittick, Brendan Saltaformaggio, and Wenke Lee. 2021. ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems. In USENIX Security Symposium ."},{"key":"e_1_3_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-30215-3_17"},{"key":"e_1_3_2_1_103_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.28"},{"key":"e_1_3_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32946-3_12"},{"key":"e_1_3_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134085"},{"key":"e_1_3_2_1_106_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Yun Insu","year":"2018","unstructured":"Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. In 27th USENIX Security Symposium (USENIX Security 18). 745--761."},{"key":"e_1_3_2_1_107_1","unstructured":"Michal Zalewski. 2017. American Fuzzy Lop. http:\/\/lcamtuf.coredump.cx\/afl (2017)."},{"key":"e_1_3_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.988498"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485363","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485363","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485363","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:48:47Z","timestamp":1763498927000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485363"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":108,"alternative-id":["10.1145\/3460120.3485363","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3485363","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}