{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T04:25:55Z","timestamp":1769747155251,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,26]],"date-time":"2022-10-26T00:00:00Z","timestamp":1666742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Hong Kong S.A.R. Research Grants Council (RGC) General Research Fund","award":["14209720"],"award-info":[{"award-number":["14209720"]}]},{"name":"National Key Research & Development Project of China","award":["2019YFB1804400"],"award-info":[{"award-number":["2019YFB1804400"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,26]]},"DOI":"10.1145\/3545948.3545966","type":"proceedings-article","created":{"date-parts":[[2022,10,17]],"date-time":"2022-10-17T11:21:49Z","timestamp":1666005709000},"page":"364-379","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework"],"prefix":"10.1145","author":[{"given":"Menghan","family":"Sun","sequence":"first","affiliation":[{"name":"The Chinese University of Hong Kong, China"}]},{"given":"Zirui","family":"Song","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, China"}]},{"given":"Xiaoxi","family":"Ren","sequence":"additional","affiliation":[{"name":"Hunan University, China"}]},{"given":"Daoyuan","family":"Wu","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, China"}]},{"given":"Kehuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, China"}]}],"member":"320","published-online":{"date-parts":[[2022,10,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"1996. strace(1) - Linux man page. https:\/\/linux.die.net\/man\/1\/strace  1996. strace(1) - Linux man page. https:\/\/linux.die.net\/man\/1\/strace"},{"key":"e_1_3_2_1_2_1","unstructured":"[\n  2\n  ]  2018. https:\/\/nxnjz.net\/2018\/08\/an-interesting-privilege-escalation-vector-getcap\/  [2] 2018. https:\/\/nxnjz.net\/2018\/08\/an-interesting-privilege-escalation-vector-getcap\/"},{"key":"e_1_3_2_1_3_1","unstructured":"2019. CVE - CVE-2019-12594. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-12594.  2019. CVE - CVE-2019-12594. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-12594."},{"key":"e_1_3_2_1_4_1","unstructured":"2021. aledwmorris\/probedhcp: Simple program for sending IPv4 DHCP packets with increasing TTL. https:\/\/github.com\/aledwmorris\/probedhcp\/tree\/master.  2021. aledwmorris\/probedhcp: Simple program for sending IPv4 DHCP packets with increasing TTL. https:\/\/github.com\/aledwmorris\/probedhcp\/tree\/master."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. alobbs\/macchanger: GNU MAC Changer. https:\/\/github.com\/alobbs\/macchanger.  2021. alobbs\/macchanger: GNU MAC Changer. https:\/\/github.com\/alobbs\/macchanger."},{"key":"e_1_3_2_1_6_1","unstructured":"2021. aoh\/radamsa: a general-purpose fuzzer. https:\/\/github.com\/aoh\/radamsa.  2021. aoh\/radamsa: a general-purpose fuzzer. https:\/\/github.com\/aoh\/radamsa."},{"key":"e_1_3_2_1_7_1","unstructured":"2021. Becoming Root Through Overprivileged Processes | by Vickie Li | Better Programming. https:\/\/betterprogramming.pub\/becoming-root-through-overprivileged-processes-f26f83e18059.  2021. Becoming Root Through Overprivileged Processes | by Vickie Li | Better Programming. https:\/\/betterprogramming.pub\/becoming-root-through-overprivileged-processes-f26f83e18059."},{"key":"e_1_3_2_1_8_1","unstructured":"2021. DOSBox an x86 emulator with DOS. https:\/\/www.dosbox.com\/.  2021. DOSBox an x86 emulator with DOS. https:\/\/www.dosbox.com\/."},{"key":"e_1_3_2_1_9_1","unstructured":"2021. hastho\/dosbox-pigeos. https:\/\/github.com\/hastho\/dosbox-pigeos.  2021. hastho\/dosbox-pigeos. https:\/\/github.com\/hastho\/dosbox-pigeos."},{"key":"e_1_3_2_1_10_1","unstructured":"2021. jupyter. https:\/\/github.com\/jsand66\/jupyter\/blob\/master\/setcap.txt.  2021. jupyter. https:\/\/github.com\/jsand66\/jupyter\/blob\/master\/setcap.txt."},{"key":"e_1_3_2_1_11_1","unstructured":"2021. kongbiji\/scan_iface. https:\/\/github.com\/kongbiji\/scan_iface\/tree\/master.  2021. kongbiji\/scan_iface. https:\/\/github.com\/kongbiji\/scan_iface\/tree\/master."},{"key":"e_1_3_2_1_12_1","unstructured":"2021. The OCaml bindings distributed with LLVM. https:\/\/opam.ocaml.org\/packages\/llvm\/  2021. The OCaml bindings distributed with LLVM. https:\/\/opam.ocaml.org\/packages\/llvm\/"},{"key":"e_1_3_2_1_13_1","unstructured":"2021. Paul Warren \/ iftop \u00b7 GitLab. https:\/\/code.blinkace.com\/pdw\/iftop  2021. Paul Warren \/ iftop \u00b7 GitLab. https:\/\/code.blinkace.com\/pdw\/iftop"},{"key":"e_1_3_2_1_14_1","unstructured":"2021. PayloadsAllTheThings\/Linux - Privilege Escalation.md at master \u00b7 swisskyrepo\/PayloadsAllTheThings \u00b7 GitHub. https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings.  2021. PayloadsAllTheThings\/Linux - Privilege Escalation.md at master \u00b7 swisskyrepo\/PayloadsAllTheThings \u00b7 GitHub. https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings."},{"key":"e_1_3_2_1_15_1","unstructured":"2021. Privilege escalation via Docker - Chris Foster. https:\/\/fosterelli.co\/privilege-escalation-via-docker.html.  2021. Privilege escalation via Docker - Chris Foster. https:\/\/fosterelli.co\/privilege-escalation-via-docker.html."},{"key":"e_1_3_2_1_16_1","unstructured":"2021. reddit\/mcsauna: Track hottest memcached keys by regex in a graphite-friendly format.https:\/\/github.com\/reddit\/mcsauna.  2021. reddit\/mcsauna: Track hottest memcached keys by regex in a graphite-friendly format.https:\/\/github.com\/reddit\/mcsauna."},{"key":"e_1_3_2_1_17_1","unstructured":"2022. The LLVM Compiler Infrastructure Project. https:\/\/llvm.org\/.  2022. The LLVM Compiler Infrastructure Project. https:\/\/llvm.org\/."},{"key":"e_1_3_2_1_18_1","unstructured":"2022. LLVM Intermediate Representation and Static Analysis! Oh My! - GaZAR. https:\/\/gazar.eu\/2021\/02\/21\/llvm-intermediate-representation-and-static-analysis-oh-my\/.  2022. LLVM Intermediate Representation and Static Analysis! Oh My! - GaZAR. https:\/\/gazar.eu\/2021\/02\/21\/llvm-intermediate-representation-and-static-analysis-oh-my\/."},{"key":"e_1_3_2_1_19_1","unstructured":"[\n  19\n  ]  Canonical.2019. http:\/\/manpages.ubuntu.com\/manpages\/precise\/man7\/capabilities.7.html  [19] Canonical.2019. http:\/\/manpages.ubuntu.com\/manpages\/precise\/man7\/capabilities.7.html"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2019.00065"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1017\/s0890060408000103"},{"key":"e_1_3_2_1_23_1","unstructured":"Serge\u00a0E Hallyn and Andrew\u00a0G Morgan. 2008. Linux capabilities: Making them work. (2008).  Serge\u00a0E Hallyn and Andrew\u00a0G Morgan. 2008. Linux capabilities: Making them work. (2008)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2018.00014"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/0096-0551(78)90009-7"},{"key":"e_1_3_2_1_26_1","unstructured":"Michael Kerrisk. 2012. CAP_SYS_ADMIN: the new root. https:\/\/lwn.net\/Articles\/486306\/  Michael Kerrisk. 2012. CAP_SYS_ADMIN: the new root. https:\/\/lwn.net\/Articles\/486306\/"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_28_1","volume-title":"Tackling the Path Explosion Problem in Symbolic Execution-Driven Test Generation for Programs. In 2010 19th IEEE Asian Test Symposium. 59\u201364","author":"Krishnamoorthy Saparya","year":"2010","unstructured":"Saparya Krishnamoorthy , Michael\u00a0 S. Hsiao , and Loganathan Lingappan . 2010 . Tackling the Path Explosion Problem in Symbolic Execution-Driven Test Generation for Programs. In 2010 19th IEEE Asian Test Symposium. 59\u201364 . https:\/\/doi.org\/10.1109\/ATS.2010.19 10.1109\/ATS.2010.19 Saparya Krishnamoorthy, Michael\u00a0S. Hsiao, and Loganathan Lingappan. 2010. Tackling the Path Explosion Problem in Symbolic Execution-Driven Test Generation for Programs. In 2010 19th IEEE Asian Test Symposium. 59\u201364. https:\/\/doi.org\/10.1109\/ATS.2010.19"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363282"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274720"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"#cr-split#-e_1_3_2_1_32_1.1","doi-asserted-by":"crossref","unstructured":"Kangjie Lu and Hong Hu. 2019. Where Does It Go?: Refining Indirect-Call Targets with Multi-Layer Type Analysis. 1867-1881. https:\/\/doi.org\/10.1145\/3319535.3354244 10.1145\/3319535.3354244","DOI":"10.1145\/3319535.3354244"},{"key":"#cr-split#-e_1_3_2_1_32_1.2","doi-asserted-by":"crossref","unstructured":"Kangjie Lu and Hong Hu. 2019. Where Does It Go?: Refining Indirect-Call Targets with Multi-Layer Type Analysis. 1867-1881. https:\/\/doi.org\/10.1145\/3319535.3354244","DOI":"10.1145\/3319535.3354244"},{"key":"e_1_3_2_1_33_1","unstructured":"Novell. 2020. Home \u00b7 Wiki \u00b7 AppArmor \/ apparmor. https:\/\/gitlab.com\/apparmor\/apparmor\/-\/wikis\/home  Novell. 2020. Home \u00b7 Wiki \u00b7 AppArmor \/ apparmor. https:\/\/gitlab.com\/apparmor\/apparmor\/-\/wikis\/home"},{"key":"e_1_3_2_1_34_1","volume-title":"Automated Technology for Verification and Analysis, Tevfik Bultan and Pao-Ann Hsiung (Eds.)","author":"Obdr\u017e\u00e1lek Jan","unstructured":"Jan Obdr\u017e\u00e1lek and Marek Trt\u00edk . 2011. Efficient Loop Navigation for Symbolic Execution . In Automated Technology for Verification and Analysis, Tevfik Bultan and Pao-Ann Hsiung (Eds.) . Springer Berlin Heidelberg , Berlin, Heidelberg , 453\u2013462. Jan Obdr\u017e\u00e1lek and Marek Trt\u00edk. 2011. Efficient Loop Navigation for Symbolic Execution. In Automated Technology for Verification and Analysis, Tevfik Bultan and Pao-Ann Hsiung (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 453\u2013462."},{"key":"e_1_3_2_1_35_1","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems, Tom\u00e1\u0161 Vojnar and Lijun Zhang (Eds.)","author":"Schubert Philipp\u00a0Dominik","unstructured":"Philipp\u00a0Dominik Schubert , Ben Hermann , and Eric Bodden . 2019. PhASAR: An Inter-procedural Static Analysis Framework for C\/C++ . In Tools and Algorithms for the Construction and Analysis of Systems, Tom\u00e1\u0161 Vojnar and Lijun Zhang (Eds.) . Springer International Publishing , Cham , 393\u2013410. Philipp\u00a0Dominik Schubert, Ben Hermann, and Eric Bodden. 2019. PhASAR: An Inter-procedural Static Analysis Framework for C\/C++. In Tools and Algorithms for the Construction and Analysis of Systems, Tom\u00e1\u0161 Vojnar and Lijun Zhang (Eds.). Springer International Publishing, Cham, 393\u2013410."},{"key":"e_1_3_2_1_37_1","unstructured":"Linus Torvalds. 2003. Sparse. https:\/\/www.kernel.org\/doc\/html\/v4.14\/dev-tools\/sparse.html  Linus Torvalds. 2003. Sparse. https:\/\/www.kernel.org\/doc\/html\/v4.14\/dev-tools\/sparse.html"},{"key":"e_1_3_2_1_38_1","unstructured":"Maciej Treder. 2020. ng toolkit. http:\/\/netsniff-ng.org\/  Maciej Treder. 2020. ng toolkit. http:\/\/netsniff-ng.org\/"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516665"},{"key":"e_1_3_2_1_40_1","unstructured":"Z3Prover. 2008. Z3Prover\/z3. https:\/\/github.com\/Z3Prover\/z3  Z3Prover. 2008. Z3Prover\/z3. https:\/\/github.com\/Z3Prover\/z3"},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 28th USENIX Security Symposium","author":"Zhang Tong","year":"2019","unstructured":"Tong Zhang , Wenbo Shen , Ahmed\u00a0 M. Azab , Dongyoon Lee , Changhee Jung , and Ruowen Wang . 2019 . PEX: A permission check analysis framework for linux kernel . Proceedings of the 28th USENIX Security Symposium (2019), 1205\u20131220. Tong Zhang, Wenbo Shen, Ahmed\u00a0M. Azab, Dongyoon Lee, Changhee Jung, and Ruowen Wang. 2019. PEX: A permission check analysis framework for linux kernel. Proceedings of the 28th USENIX Security Symposium (2019), 1205\u20131220."}],"event":{"name":"RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Limassol Cyprus","acronym":"RAID 2022"},"container-title":["Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545966","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3545948.3545966","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:27Z","timestamp":1750188627000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545966"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,26]]},"references-count":41,"alternative-id":["10.1145\/3545948.3545966","10.1145\/3545948"],"URL":"https:\/\/doi.org\/10.1145\/3545948.3545966","relation":{},"subject":[],"published":{"date-parts":[[2022,10,26]]},"assertion":[{"value":"2022-10-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}