{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:59:56Z","timestamp":1763499596468,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3485373","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"1627-1644","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Detecting Missed Security Operations Through Differential Checking of Object-based Similar Paths"],"prefix":"10.1145","author":[{"given":"Dinghao","family":"Liu","sequence":"first","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"given":"Qiushi","family":"Wu","sequence":"additional","affiliation":[{"name":"University of Minnesota, Twin Cities, MN, USA"}]},{"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[{"name":"Zhejiang University &amp; Binjiang Institution of Zhejiang University, Hangzhou, China"}]},{"given":"Kangjie","family":"Lu","sequence":"additional","affiliation":[{"name":"University of Minnesota, Twin Cities, MN, USA"}]},{"given":"Zhenguang","family":"Liu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"given":"Jianhai","family":"Chen","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"given":"Qinming","family":"He","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2020. CVE-2019--12819 a use-after-free vulnerability in Linux kernel. https:\/\/www.cvedetails.com\/cve\/CVE-2019--12819\/"},{"key":"e_1_3_2_1_2_1","unstructured":"2020. CVE-2019--15807 a memory leak vulnerability in Linux kernel. https:\/\/cwe.mitre.org\/data\/definitions\/833.html"},{"key":"e_1_3_2_1_3_1","unstructured":"2020. CVE-2019--8980 a memory leak vulnerability in Linux kernel. https:\/\/www.cvedetails.com\/cve\/CVE-2019--8980\/"},{"key":"e_1_3_2_1_4_1","unstructured":"2020. CVE Details. The ultimate security vulnerability datasource. https:\/\/www.cvedetails.com\/"},{"key":"e_1_3_2_1_5_1","unstructured":"2020. CWE-285: Improper Authorization. https:\/\/cwe.mitre.org\/data\/definitions\/285.html"},{"key":"e_1_3_2_1_6_1","unstructured":"2020. CWE-788: Access of Memory Location After End of Buffer. https:\/\/cwe.mitre.org\/data\/definitions\/788.html"},{"key":"e_1_3_2_1_7_1","unstructured":"2020. CWE-833: Deadlock. https:\/\/cwe.mitre.org\/data\/definitions\/833.html"},{"key":"e_1_3_2_1_8_1","unstructured":"2020. CWE-920: Improper Restriction of Power Consumption. https:\/\/cwe.mitre.org\/data\/definitions\/920.html"},{"volume-title":"30th USENIX Security Symposium (USENIX Security 21)","key":"e_1_3_2_1_9_1","unstructured":"2021. Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Vancouver, B.C. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/ahmadi"},{"volume-title":"Understanding and Detecting Disordered Error Handling with Precise Function Pairing. In 30th USENIX Security Symposium (USENIX Security 21)","key":"e_1_3_2_1_10_1","unstructured":"2021. Understanding and Detecting Disordered Error Handling with Precise Function Pairing. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Vancouver, B.C. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/wu-qiushi"},{"key":"e_1_3_2_1_11_1","volume-title":"Brent Lim Tze Hao, and David Brumley.","author":"Avgerinos Thanassis","year":"2011","unstructured":"Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley. 2011. AEG: Automatic exploit generation. (2011)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304065"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134069"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/502059.502041"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250767"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3037697.3037743"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3037697.3037743"},{"volume-title":"2019 IEEE Symposium on Security and Privacy (SP). 754--768","author":"Jeong D. R.","key":"e_1_3_2_1_18_1","unstructured":"D. R. Jeong, K. Kim, B. Shivakumar, B. Lee, and I. Shin. 2019. Razzer: Finding Kernel Race Bugs through Fuzzing. In 2019 IEEE Symposium on Security and Privacy (SP). 754--768."},{"key":"e_1_3_2_1_19_1","volume-title":"HFL: Hybrid Fuzzing on the Linux Kernel. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee. 2020. HFL: Hybrid Fuzzing on the Linux Kernel. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23--26, 2020. The Internet Society."},{"volume-title":"Bug Localization with Combination of Deep Learning and Information Retrieval. In 2017 IEEE\/ACM 25th International Conference on Program Comprehension (ICPC). 218--229","author":"Lam A. N.","key":"e_1_3_2_1_20_1","unstructured":"A. N. Lam, A. T. Nguyen, H. A. Nguyen, and T. N. Nguyen. 2017. Bug Localization with Combination of Deep Learning and Information Retrieval. In 2017 IEEE\/ACM 25th International Conference on Program Comprehension (ICPC). 218--229."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991102"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2021.3102234"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2021.3095196"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (Security)","author":"Lu Kangjie","year":"2019","unstructured":"Kangjie Lu, Aditya Pakki, and Qiushi Wu. 2019. Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences. In Proceedings of the 28th USENIX Security Symposium (Security). Santa Clara, CA."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-94268-1_67"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2872362.2872389"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815422"},{"key":"e_1_3_2_1_28_1","unstructured":"KOSAKI Motohiro. 2020. A memory corruption by refcount imbalance. https:\/\/lore.kernel.org\/patchwork\/patch\/331920\/"},{"key":"e_1_3_2_1_29_1","volume-title":"Moonshine: Optimizing {OS } fuzzer seed selection with trace distillation. In 27th {USENIX} Security Symposium ({USENIX}Security 18). 729--743.","author":"Pailoor Shankara","year":"2018","unstructured":"Shankara Pailoor, Andrew Aday, and Suman Jana. 2018. Moonshine: Optimizing {OS } fuzzer seed selection with trace distillation. In 27th {USENIX} Security Symposium ({USENIX}Security 18). 729--743."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417256"},{"volume-title":"Cross-Architecture Bug Search in Binary Executables. In 2015 IEEE Symposium on Security and Privacy. 709--724","author":"Pewny J.","key":"e_1_3_2_1_31_1","unstructured":"J. Pewny, B. Garmany, R. Gawlik, C. Rossow, and T. Holz. 2015. Cross-Architecture Bug Search in Binary Executables. In 2015 IEEE Symposium on Security and Privacy. 709--724."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991103"},{"volume-title":"2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). 1027--1038","author":"Pham H. V.","key":"e_1_3_2_1_33_1","unstructured":"H. V. Pham, T. Lutellier, W. Qi, and L. Tan. 2019. CRADLE: Cross-Backend Validation to Detect and Localize Bugs in Deep Learning Libraries. In 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). 1027--1038."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236065"},{"volume-title":"24th {USENIX}Security Symposium ({USENIX}Security 15). 49--64.","author":"Ramos David A","key":"e_1_3_2_1_35_1","unstructured":"David A Ramos and Dawson Engler. 2015. Under-constrained symbolic execution: Correctness checking for real code. In 24th {USENIX}Security Symposium ({USENIX}Security 15). 49--64."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2013.6575307"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Dokyung Song Felicitas Hetzelt Dipanjan Das Chad Spensky Yeoul Na Stijn Volckaert Giovanni Vigna Christopher Kruegel Jean-Pierre Seifert and Michael Franz. 2019. PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary.. In NDSS.","DOI":"10.14722\/ndss.2019.23176"},{"volume-title":"Hardware Is the New Software: Finding Exploitable Bugs in Hardware Designs","author":"Sturton Cynthia","key":"e_1_3_2_1_38_1","unstructured":"Cynthia Sturton. 2019. Hardware Is the New Software: Finding Exploitable Bugs in Hardware Designs. USENIX Association, Burlingame, CA."},{"volume-title":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS). 183--190","author":"Uneno Y.","key":"e_1_3_2_1_39_1","unstructured":"Y. Uneno, O. Mizuno, and E. Choi. 2016. Using a Distributed Representation of Words in Localizing Relevant Files for Bug Reports. In 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS). 183--190."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00091"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-016-6383-8"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243844"},{"key":"e_1_3_2_1_43_1","volume-title":"MAZE: Towards Automated Heap Feng Shui. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Wang Yan","year":"2021","unstructured":"Yan Wang, Chao Zhang, Zixuan Zhao, Bolun Zhang, Xiaorui Gong, and Wei Zou. 2021. MAZE: Towards Automated Heap Feng Shui. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/wang-yan"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24419"},{"key":"e_1_3_2_1_45_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Xiao Yang","year":"2020","unstructured":"Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, and Wenchang Shi. 2020. MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1165--1182. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/xiao"},{"volume-title":"Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. In 2018 IEEE Symposium on Security and Privacy (SP). 661--678","author":"Xu M.","key":"e_1_3_2_1_46_1","unstructured":"M. Xu, C. Qian, K. Lu, M. Backes, and T. Kim. 2018. Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. In 2018 IEEE Symposium on Security and Privacy (SP). 661--678."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2016.11.002"},{"key":"e_1_3_2_1_48_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Yun Insu","year":"2016","unstructured":"Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, and Mayur Naik. 2016. APISan: Sanitizing API Usages through Semantic Cross-Checking. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 363--378."},{"key":"e_1_3_2_1_49_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Yun Insu","year":"2016","unstructured":"Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, and Mayur Naik. 2016. APISan: Sanitizing API Usages through Semantic Cross-Checking. In 25th USENIX Security Symposium (USENIX Security 16). 363--378."},{"key":"e_1_3_2_1_50_1","volume-title":"PeX: A Permission Check Analysis Framework for Linux Kernel. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Zhang Tong","year":"2019","unstructured":"Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed M Azab, and Ruowen Wang. 2019. PeX: A Permission Check Analysis Framework for Linux Kernel. In 28th USENIX Security Symposium (USENIX Security 19). 1205--1220."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"crossref","unstructured":"Yuan Zhuang Zhenguang Liu Peng Qian Qi Liu Xiang Wang and Qinming He. 2020. Smart Contract Vulnerability Detection using Graph Neural Network. In IJCAI. 3283--3290.","DOI":"10.24963\/ijcai.2020\/454"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Republic of Korea","acronym":"CCS '21"},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485373","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485373","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:54:14Z","timestamp":1763499254000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485373"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":51,"alternative-id":["10.1145\/3460120.3485373","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3485373","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}