{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:17:34Z","timestamp":1750220254754,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,30]],"date-time":"2022-05-30T00:00:00Z","timestamp":1653868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS 1822118"],"award-info":[{"award-number":["CNS 1822118"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,30]]},"DOI":"10.1145\/3494107.3522779","type":"proceedings-article","created":{"date-parts":[[2022,5,17]],"date-time":"2022-05-17T16:36:10Z","timestamp":1652805370000},"page":"27-38","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Detecting Secure Memory Deallocation Violations with CBMC"],"prefix":"10.1145","author":[{"given":"Vinayak S.","family":"Prabhu","sequence":"first","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohit","family":"Singh","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Indrajit","family":"Ray","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Indrakshi","family":"Ray","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sudipto","family":"Ghosh","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,5,30]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of the 18th Conference on USENIX Security Symposium (SSYM'09)","author":"Akritidis Periklis","year":"2009","unstructured":"Periklis Akritidis , Manuel Costa , Miguel Castro , and Steven Hand . 2009 . Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against out-of-Bounds Errors . In Proceedings of the 18th Conference on USENIX Security Symposium (SSYM'09) . USENIX Association, USA, 51--66. Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against out-of-Bounds Errors. In Proceedings of the 18th Conference on USENIX Security Symposium (SSYM'09). USENIX Association, USA, 51--66."},{"key":"e_1_3_2_1_2_1","volume-title":"Sensors","volume":"21","author":"Al-Boghdady Abdullah","year":"2021","unstructured":"Abdullah Al-Boghdady , Khaled Wassif , and Mohammad El-Ramly . 2021 . The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT's Low-End Devices . Sensors , Vol. 21 , 7 (2021). Abdullah Al-Boghdady, Khaled Wassif, and Mohammad El-Ramly. 2021. The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT's Low-End Devices. Sensors , Vol. 21, 7 (2021)."},{"key":"e_1_3_2_1_3_1","volume-title":"IoT-Taint: IoT Malware Detection Framework Using Dynamic Taint Analysis. In 2019 International Conference on Computational Science and Computational Intelligence (CSCI) . 1220--1223","author":"Alashjaee Abdullah Mujawib","year":"2019","unstructured":"Abdullah Mujawib Alashjaee , Salahaldeen Duraibi , and Jia Song . 2019 . IoT-Taint: IoT Malware Detection Framework Using Dynamic Taint Analysis. In 2019 International Conference on Computational Science and Computational Intelligence (CSCI) . 1220--1223 . Abdullah Mujawib Alashjaee, Salahaldeen Duraibi, and Jia Song. 2019. IoT-Taint: IoT Malware Detection Framework Using Dynamic Taint Analysis. In 2019 International Conference on Computational Science and Computational Intelligence (CSCI) . 1220--1223."},{"key":"e_1_3_2_1_4_1","volume-title":"Fast Bug Detection Algorithm for Identifying Potential Vulnerabilities in Juliet Test Cases. In 2020 IEEE 8th International Conference on Smart City and Informatization (iSCI). 89--94","author":"Amankwah Richard","year":"2020","unstructured":"Richard Amankwah , Jinfu Chen , Alfred Adutwum Amponsah , Patrick Kwaku Kudjo , Vivienne Ocran , and Comfort Ofoley Anang . 2020 . Fast Bug Detection Algorithm for Identifying Potential Vulnerabilities in Juliet Test Cases. In 2020 IEEE 8th International Conference on Smart City and Informatization (iSCI). 89--94 . Richard Amankwah, Jinfu Chen, Alfred Adutwum Amponsah, Patrick Kwaku Kudjo, Vivienne Ocran, and Comfort Ofoley Anang. 2020. Fast Bug Detection Algorithm for Identifying Potential Vulnerabilities in Juliet Test Cases. In 2020 IEEE 8th International Conference on Smart City and Informatization (iSCI). 89--94."},{"key":"e_1_3_2_1_5_1","unstructured":"Ofir Arkin and Josh Anderson. [n. d.]. EtherLeak: Ethernet frame padding information leakage . https:\/\/dl.packetstormsecurity.net\/advisories\/atstake\/atstake_etherleak_report.pdf .  Ofir Arkin and Josh Anderson. [n. d.]. EtherLeak: Ethernet frame padding information leakage . https:\/\/dl.packetstormsecurity.net\/advisories\/atstake\/atstake_etherleak_report.pdf ."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"volume-title":"Proceedings of the 8th International SPIN Workshop on Model Checking of Software","author":"Ball Thomas","key":"e_1_3_2_1_7_1","unstructured":"Thomas Ball and Sriram K. Rajamani . 2001. Automatically Validating Temporal Safety Properties of Interfaces . In Proceedings of the 8th International SPIN Workshop on Model Checking of Software ( Toronto, Ontario, Canada) (SPIN '01). Springer-Verlag, Berlin, Heidelberg, 103--122. Thomas Ball and Sriram K. Rajamani. 2001. Automatically Validating Temporal Safety Properties of Interfaces. In Proceedings of the 8th International SPIN Workshop on Model Checking of Software (Toronto, Ontario, Canada) (SPIN '01). Springer-Verlag, Berlin, Heidelberg, 103--122."},{"volume-title":"2007 IEEE SMC Information Assurance and Security Workshop. 341--348","author":"Bellettini Carlo","key":"e_1_3_2_1_8_1","unstructured":"Carlo Bellettini and Julian L. Rrushi . 2007. Vulnerability Analysis of SCADA Protocol Binaries through Detection of Memory Access Taintedness . In 2007 IEEE SMC Information Assurance and Security Workshop. 341--348 . Carlo Bellettini and Julian L. Rrushi. 2007. Vulnerability Analysis of SCADA Protocol Binaries through Detection of Memory Access Taintedness. In 2007 IEEE SMC Information Assurance and Security Workshop. 341--348."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 14th Conference on USENIX Security Symposium -","volume":"14","author":"Bhatkar Sandeep","unstructured":"Sandeep Bhatkar , R. Sekar , and Daniel C . DuVarney. 2005. Efficient Techniques for Comprehensive Protection from Memory Error Exploits . In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14 (SSYM'05). USENIX Association, 17. Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. 2005. Efficient Techniques for Comprehensive Protection from Memory Error Exploits. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14 (SSYM'05). USENIX Association, 17."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.23919\/ICACT48636.2020.9061281"},{"volume-title":"Proceedings of the 27th USENIX Conference on Security Symposium. USENIX Association, 1687--1704","author":"Celik Z. Berkay","key":"e_1_3_2_1_11_1","unstructured":"Z. Berkay Celik , Leonardo Babun , Amit K. Sikder , Hidayet Aksu , Gang Tan , Patrick McDaniel , and A. Selcuk Uluagac . 2018. Sensitive Information Tracking in Commodity IoT . In Proceedings of the 27th USENIX Conference on Security Symposium. USENIX Association, 1687--1704 . Z. Berkay Celik, Leonardo Babun, Amit K. Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. 2018. Sensitive Information Tracking in Commodity IoT. In Proceedings of the 27th USENIX Conference on Security Symposium. USENIX Association, 1687--1704."},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Security Symposium . 321--336","author":"Chow Jim","year":"2004","unstructured":"Jim Chow , Ben Pfaff , Tal Garfinkel , Kevin Christopher , and Mendel Rosenblum . 2004 . Understanding data lifetime via whole system simulation . In USENIX Security Symposium . 321--336 . Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. 2004. Understanding data lifetime via whole system simulation. In USENIX Security Symposium . 321--336."},{"key":"e_1_3_2_1_13_1","volume-title":"USENIX Security Symposium. 22--22","author":"Chow Jim","year":"2005","unstructured":"Jim Chow , Ben Pfaff , Tal Garfinkel , and Mendel Rosenblum . 2005 . Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation .. In USENIX Security Symposium. 22--22 . Jim Chow, Ben Pfaff, Tal Garfinkel, and Mendel Rosenblum. 2005. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation.. In USENIX Security Symposium. 22--22."},{"key":"e_1_3_2_1_14_1","volume-title":"Tuttle","author":"Cook Byron","year":"2018","unstructured":"Byron Cook , Kareem Khazem , Daniel Kroening , Serdar Tasiran , Michael Tautschnig , and Mark R . Tuttle . 2018 . Model Checking Boot Code from AWS Data Centers . In Computer Aided Verification , , Hana Chockler and Georg Weissenbacher (Eds.). Springer International Publishing, Cham, 467--486. Byron Cook, Kareem Khazem, Daniel Kroening, Serdar Tasiran, Michael Tautschnig, and Mark R. Tuttle. 2018. Model Checking Boot Code from AWS Data Centers. In Computer Aided Verification , , Hana Chockler and Georg Weissenbacher (Eds.). Springer International Publishing, Cham, 467--486."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/277652.277670"},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 18th ACM Symposium on Operating System Principles, SOSP 2001 , , Keith Marzullo and Mahadev Satyanarayanan (Eds.). ACM , 57--72","author":"Engler Dawson R.","year":"2001","unstructured":"Dawson R. Engler , David Yu Chen , and Andy Chou . 2001 . Bugs as Inconsistent Behavior: A General Approach to Inferring Errors in Systems Code . In Proceedings of the 18th ACM Symposium on Operating System Principles, SOSP 2001 , , Keith Marzullo and Mahadev Satyanarayanan (Eds.). ACM , 57--72 . Dawson R. Engler, David Yu Chen, and Andy Chou. 2001. Bugs as Inconsistent Behavior: A General Approach to Inferring Errors in Systems Code. In Proceedings of the 18th ACM Symposium on Operating System Principles, SOSP 2001 , , Keith Marzullo and Mahadev Satyanarayanan (Eds.). ACM , 57--72."},{"key":"e_1_3_2_1_17_1","volume-title":"FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In 25th USENIX Security Symposium (USENIX Security 16)","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes , Justin Paupore , Amir Rahmati , Daniel Simionato , Mauro Conti , and Atul Prakash . 2016 . FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In 25th USENIX Security Symposium (USENIX Security 16) . USENIX Association, Austin, TX, 531--548. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 531--548."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133572.1133599"},{"volume-title":"Model Checking Software , , Thomas Ball and Sriram K","author":"Henzinger Thomas A.","key":"e_1_3_2_1_19_1","unstructured":"Thomas A. Henzinger , Ranjit Jhala , Rupak Majumdar , and Gr\u00e9goire Sutre . 2003. Software Verification with BLAST . In Model Checking Software , , Thomas Ball and Sriram K . Rajamani (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg , 235--239. Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Gr\u00e9goire Sutre. 2003. Software Verification with BLAST. In Model Checking Software , , Thomas Ball and Sriram K. Rajamani (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 235--239."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/325478.325519"},{"key":"e_1_3_2_1_21_1","unstructured":"Daniel Kroening. [n. d.] a. CProver Developer Documentation . http:\/\/cprover.diffblue.com\/index.html . [Online; accessed 12-Dec-2020].  Daniel Kroening. [n. d.] a. CProver Developer Documentation . http:\/\/cprover.diffblue.com\/index.html . [Online; accessed 12-Dec-2020]."},{"key":"e_1_3_2_1_22_1","volume-title":"Cprover manual . https:\/\/www.cprover.org\/cbmc\/doc\/manual.pdf . [Online","author":"Kroening D.","year":"2020","unstructured":"D. Kroening . [n.,d.] b. Cprover manual . https:\/\/www.cprover.org\/cbmc\/doc\/manual.pdf . [Online ; accessed 12- Dec- 2020 ]. D. Kroening. [n.,d.] b. Cprover manual . https:\/\/www.cprover.org\/cbmc\/doc\/manual.pdf . [Online; accessed 12-Dec-2020]."},{"volume-title":"Tools and Algorithms for the Construction and Analysis of Systems, Erika \u00c1brah\u00e1m and Klaus Havelund (Eds.)","author":"Kroening Daniel","key":"e_1_3_2_1_23_1","unstructured":"Daniel Kroening and Michael Tautschnig . 2014. CBMC -- C Bounded Model Checker . In Tools and Algorithms for the Construction and Analysis of Systems, Erika \u00c1brah\u00e1m and Klaus Havelund (Eds.) . Springer Berlin Heidelberg, Berlin , Heidelberg , 389--391. Daniel Kroening and Michael Tautschnig. 2014. CBMC -- C Bounded Model Checker. In Tools and Algorithms for the Construction and Analysis of Systems, Erika \u00c1brah\u00e1m and Klaus Havelund (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 389--391."},{"key":"e_1_3_2_1_24_1","volume-title":"Statically Detecting Likely Buffer Overflow Vulnerabilities. In 10th USENIX Security Symposium (USENIX Security 01)","author":"Larochelle David","year":"2001","unstructured":"David Larochelle and David Evans . 2001 . Statically Detecting Likely Buffer Overflow Vulnerabilities. In 10th USENIX Security Symposium (USENIX Security 01) . USENIX Association. David Larochelle and David Evans. 2001. Statically Detecting Likely Buffer Overflow Vulnerabilities. In 10th USENIX Security Symposium (USENIX Security 01). USENIX Association."},{"key":"e_1_3_2_1_25_1","unstructured":"Sandra Loosemore Roland McGrath Andrew Oram and Richard M Stallman. 2001. The GNU C library reference manual .Free software foundation Boston.  Sandra Loosemore Roland McGrath Andrew Oram and Richard M Stallman. 2001. The GNU C library reference manual .Free software foundation Boston."},{"key":"e_1_3_2_1_26_1","volume-title":"Cross-Program Taint Analysis for IoT Systems","author":"Mandal Amit","year":"1944","unstructured":"Amit Mandal , Pietro Ferrara , Yuliy Khlyebnikov , Agostino Cortesi , and Fausto Spoto . 2020. Cross-Program Taint Analysis for IoT Systems . Association for Computing Machinery , 1944 --1952. Amit Mandal, Pietro Ferrara, Yuliy Khlyebnikov, Agostino Cortesi, and Fausto Spoto. 2020. Cross-Program Taint Analysis for IoT Systems .Association for Computing Machinery, 1944--1952."},{"key":"e_1_3_2_1_27_1","unstructured":"Daniel Marjam\"aki. 2013. Cppcheck: a tool for static C\/C  Daniel Marjam\"aki. 2013. Cppcheck: a tool for static C\/C"},{"key":"e_1_3_2_1_28_1","unstructured":"code analysis.  code analysis."},{"key":"e_1_3_2_1_29_1","unstructured":"MITRE. [n. d.] a. Common Vulnerabilities and Exposures . https:\/\/cve.mitre.org\/.  MITRE. [n. d.] a. Common Vulnerabilities and Exposures . https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_1_30_1","unstructured":"MITRE. [n. d.] b. Common Weakness Enumeration list . https:\/\/cwe.mitre.org\/data\/index.html .  MITRE. [n. d.] b. Common Weakness Enumeration list . https:\/\/cwe.mitre.org\/data\/index.html ."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS","author":"Newsome James","year":"2005","unstructured":"James Newsome and Dawn Xiaodong Song . 2005 . Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA. The Internet Society. James Newsome and Dawn Xiaodong Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA. The Internet Society."},{"key":"e_1_3_2_1_32_1","unstructured":"NIST. [n. d.]. Platform Firmware Resiliency Guidelines . https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800--193.pdf .  NIST. [n. d.]. Platform Firmware Resiliency Guidelines . https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800--193.pdf ."},{"key":"e_1_3_2_1_33_1","volume-title":"https:\/\/samate.nist.gov\/SRD\/testsuite.php . [Online","author":"Juliet Dataset NIST.","year":"2020","unstructured":"NIST. 2017. Juliet Dataset . https:\/\/samate.nist.gov\/SRD\/testsuite.php . [Online ; accessed 12- Dec- 2020 ]. NIST. 2017. Juliet Dataset . https:\/\/samate.nist.gov\/SRD\/testsuite.php . [Online; accessed 12-Dec-2020]."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.measurement.2019.107139"},{"key":"e_1_3_2_1_35_1","unstructured":"NVD. [n. d.]. CVE-2019--3733 . https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019--3733 .  NVD. [n. d.]. CVE-2019--3733 . https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019--3733 ."},{"key":"e_1_3_2_1_36_1","first-page":"297","article-title":"Report on the static analysis tool exposition (sate) iv","volume":"500","author":"Okun Vadim","year":"2013","unstructured":"Vadim Okun , Aurelien Delaitre , Paul E Black , 2013 . Report on the static analysis tool exposition (sate) iv . NIST Special Publication , Vol. 500 (2013), 297 . Vadim Okun, Aurelien Delaitre, Paul E Black, et almbox. 2013. Report on the static analysis tool exposition (sate) iv. NIST Special Publication , Vol. 500 (2013), 297.","journal-title":"NIST Special Publication"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/186025.186041"},{"volume-title":"Proceedings of the 11th annual Network and Distributed System Security Symposium. 159--169","author":"Ruwase Olatunji","key":"e_1_3_2_1_38_1","unstructured":"Olatunji Ruwase and Monica S. Lam . 2004. A Practical Dynamic Buffer Overflow Detector . In Proceedings of the 11th annual Network and Distributed System Security Symposium. 159--169 . Olatunji Ruwase and Monica S. Lam. 2004. A Practical Dynamic Buffer Overflow Detector. In Proceedings of the 11th annual Network and Distributed System Security Symposium. 159--169."},{"volume-title":"Security Analysis for SmartThings IoT Applications. In 2019 IEEE\/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft) . 25--29","author":"Schmeidl Florian","key":"e_1_3_2_1_39_1","unstructured":"Florian Schmeidl , Bara Nazzal , and Manar H. Alalfi . 2019 . Security Analysis for SmartThings IoT Applications. In 2019 IEEE\/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft) . 25--29 . Florian Schmeidl, Bara Nazzal, and Manar H. Alalfi. 2019. Security Analysis for SmartThings IoT Applications. In 2019 IEEE\/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft) . 25--29."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"volume-title":"Introduction to the Theory of Computation","author":"Sipser Michael","key":"e_1_3_2_1_41_1","unstructured":"Michael Sipser . 2012. Introduction to the Theory of Computation third ed.). Cengage Learning . Michael Sipser. 2012. Introduction to the Theory of Computation third ed.). Cengage Learning."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2855563"},{"key":"e_1_3_2_1_43_1","unstructured":"Daniel Stenberg. [n. d.]. curl: RTSP bad headers buffer over-read . https:\/\/seclists.org\/oss-sec\/2018\/q2\/116 .  Daniel Stenberg. [n. d.]. curl: RTSP bad headers buffer over-read . https:\/\/seclists.org\/oss-sec\/2018\/q2\/116 ."},{"key":"e_1_3_2_1_44_1","volume-title":"Lorenzo Cavallaro, and Herbert Bos.","author":"van der Veen Victor","year":"2012","unstructured":"Victor van der Veen , Nitish dutt Sharma , Lorenzo Cavallaro, and Herbert Bos. 2012 . Memory Errors : The Past, the Present, and the Future. In Research in Attacks, Intrusions, and Defenses, Davide Balzarotti, Salvatore J. Stolfo, and Marco Cova (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg, 86--106. Victor van der Veen, Nitish dutt Sharma, Lorenzo Cavallaro, and Herbert Bos. 2012. Memory Errors: The Past, the Present, and the Future. In Research in Attacks, Intrusions, and Defenses, Davide Balzarotti, Salvatore J. Stolfo, and Marco Cova (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 86--106."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2602087.2602101"},{"key":"e_1_3_2_1_46_1","unstructured":"John Viega. [n. d.]. Protecting sensitive data in memory . https:\/\/www.cgisecurity.com\/lib\/protecting-sensitive-data.html .  John Viega. [n. d.]. Protecting sensitive data in memory . https:\/\/www.cgisecurity.com\/lib\/protecting-sensitive-data.html ."},{"key":"e_1_3_2_1_47_1","unstructured":"John Viega and Gary R McGraw. 2001. Building secure software: How to avoid security problems the right way portable documents .Pearson Education.  John Viega and Gary R McGraw. 2001. Building secure software: How to avoid security problems the right way portable documents .Pearson Education."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5220\/0005032902440252"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.59"},{"volume-title":"Network Computing and Information Security ,","author":"Wang Yong","key":"e_1_3_2_1_50_1","unstructured":"Yong Wang , Dawu Gu , Daogang Peng , Shuai Chen , and Heng Yang . 2012. Stuxnet Vulnerabilities Analysis of SCADA Systems . In Network Computing and Information Security , , Jingsheng Lei, Fu Lee Wang, Mo Li, and Yuan Luo (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg , 640--646. Yong Wang, Dawu Gu, Daogang Peng, Shuai Chen, and Heng Yang. 2012. Stuxnet Vulnerabilities Analysis of SCADA Systems. In Network Computing and Information Security , , Jingsheng Lei, Fu Lee Wang, Mo Li, and Yuan Luo (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 640--646."},{"key":"e_1_3_2_1_51_1","unstructured":"David A Wheeler. 2013. Flawfinder.  David A Wheeler. 2013. Flawfinder."},{"volume-title":"Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation","author":"Robert","key":"e_1_3_2_1_52_1","unstructured":"Robert P. Wilson and Monica S. Lam. 1995. Efficient Context-Sensitive Pointer Analysis for C Programs . In Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation ( La Jolla, California, USA) (PLDI '95). Association for Computing Machinery, New York, NY, USA, 1--12. Robert P. Wilson and Monica S. Lam. 1995. Efficient Context-Sensitive Pointer Analysis for C Programs. In Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation (La Jolla, California, USA) (PLDI '95). Association for Computing Machinery, New York, NY, USA, 1--12."},{"key":"e_1_3_2_1_53_1","volume-title":"Automatic Inference of Search Patterns for Taint-Style Vulnerabilities. In 2015 IEEE Symposium on Security and Privacy. 797--812","author":"Yamaguchi Fabian","year":"2015","unstructured":"Fabian Yamaguchi , Alwin Maier , Hugo Gascon , and Konrad Rieck . 2015 . Automatic Inference of Search Patterns for Taint-Style Vulnerabilities. In 2015 IEEE Symposium on Security and Privacy. 797--812 . Fabian Yamaguchi, Alwin Maier, Hugo Gascon, and Konrad Rieck. 2015. Automatic Inference of Search Patterns for Taint-Style Vulnerabilities. In 2015 IEEE Symposium on Security and Privacy. 797--812."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/iThings\/CPSCom.2011.34"}],"event":{"name":"ASIA CCS '22: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Nagasaki Japan","acronym":"ASIA CCS '22"},"container-title":["Proceedings of the 8th ACM on Cyber-Physical System Security Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3494107.3522779","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3494107.3522779","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3494107.3522779","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3494107.3522779","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:45Z","timestamp":1750188645000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3494107.3522779"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,30]]},"references-count":54,"alternative-id":["10.1145\/3494107.3522779","10.1145\/3494107"],"URL":"https:\/\/doi.org\/10.1145\/3494107.3522779","relation":{},"subject":[],"published":{"date-parts":[[2022,5,30]]},"assertion":[{"value":"2022-05-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}