{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:29:52Z","timestamp":1766449792027,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,12,5]],"date-time":"2022-12-05T00:00:00Z","timestamp":1670198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,12,5]]},"DOI":"10.1145\/3564625.3568001","type":"proceedings-article","created":{"date-parts":[[2022,12,3]],"date-time":"2022-12-03T01:01:29Z","timestamp":1670029289000},"page":"964-977","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["iService: Detecting and Evaluating the Impact of Confused Deputy Problem in AppleOS"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9488-7092","authenticated-orcid":false,"given":"Yizhuo","family":"Wang","sequence":"first","affiliation":[{"name":"Shanghai Jiao Tong University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2035-7176","authenticated-orcid":false,"given":"Yikun","family":"Hu","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4534-8364","authenticated-orcid":false,"given":"Xuangan","family":"Xiao","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0504-9538","authenticated-orcid":false,"given":"Dawu","family":"Gu","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, China"}]}],"member":"320","published-online":{"date-parts":[[2022,12,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243842"},{"key":"e_1_3_2_1_2_1","volume-title":"Elevating Privileges Safely - Apple Developers. https:\/\/developer.apple.com\/library\/archive\/documentation\/Security\/Conceptual\/SecureCodingGuide\/Articles\/AccessControl.html. [Online","author":"Apple Inc.","year":"2022","unstructured":"Apple Inc. 2016. Elevating Privileges Safely - Apple Developers. https:\/\/developer.apple.com\/library\/archive\/documentation\/Security\/Conceptual\/SecureCodingGuide\/Articles\/AccessControl.html. [Online ; accessed 8- June - 2022 ]. Apple Inc.2016. Elevating Privileges Safely - Apple Developers. https:\/\/developer.apple.com\/library\/archive\/documentation\/Security\/Conceptual\/SecureCodingGuide\/Articles\/AccessControl.html. [Online; accessed 8-June-2022]."},{"key":"e_1_3_2_1_3_1","volume-title":"About the security content of macOS Mojave 10.14.4. https:\/\/support.apple.com\/en-us\/HT209600. [Online","author":"Apple Inc.","year":"2022","unstructured":"Apple Inc. 2019. About the security content of macOS Mojave 10.14.4. https:\/\/support.apple.com\/en-us\/HT209600. [Online ; accessed 28- June - 2022 ]. Apple Inc.2019. About the security content of macOS Mojave 10.14.4. https:\/\/support.apple.com\/en-us\/HT209600. [Online; accessed 28-June-2022]."},{"key":"e_1_3_2_1_4_1","volume-title":"About the security content of iOS 12.2. https:\/\/support.apple.com\/en-us\/HT209599. [Online","author":"Apple Inc.","year":"2022","unstructured":"Apple Inc. 2021. About the security content of iOS 12.2. https:\/\/support.apple.com\/en-us\/HT209599. [Online ; accessed 28- June - 2022 ]. Apple Inc.2021. About the security content of iOS 12.2. https:\/\/support.apple.com\/en-us\/HT209599. [Online; accessed 28-June-2022]."},{"key":"e_1_3_2_1_5_1","volume-title":"About the security content of iOS 14.7 and iPadOS 14.7. https:\/\/support.apple.com\/en-us\/HT212601. [Online","author":"Apple Inc.","year":"2022","unstructured":"Apple Inc. 2021. About the security content of iOS 14.7 and iPadOS 14.7. https:\/\/support.apple.com\/en-us\/HT212601. [Online ; accessed 28- June - 2022 ]. Apple Inc.2021. About the security content of iOS 14.7 and iPadOS 14.7. https:\/\/support.apple.com\/en-us\/HT212601. [Online; accessed 28-June-2022]."},{"key":"e_1_3_2_1_6_1","volume-title":"About the security content of macOS Big Sur 11.5. https:\/\/support.apple.com\/en-us\/HT212602. [Online","author":"Apple Inc.","year":"2022","unstructured":"Apple Inc. 2021. About the security content of macOS Big Sur 11.5. https:\/\/support.apple.com\/en-us\/HT212602. [Online ; accessed 28- June - 2022 ]. Apple Inc.2021. About the security content of macOS Big Sur 11.5. https:\/\/support.apple.com\/en-us\/HT212602. [Online; accessed 28-June-2022]."},{"key":"e_1_3_2_1_7_1","volume-title":"About the security content of tvOS 14.7. https:\/\/support.apple.com\/en-us\/HT212604. [Online","author":"Apple Inc.","year":"2022","unstructured":"Apple Inc. 2021. About the security content of tvOS 14.7. https:\/\/support.apple.com\/en-us\/HT212604. [Online ; accessed 28- June - 2022 ]. Apple Inc.2021. About the security content of tvOS 14.7. https:\/\/support.apple.com\/en-us\/HT212604. [Online; accessed 28-June-2022]."},{"key":"e_1_3_2_1_8_1","volume-title":"https:\/\/speakerdeck.com\/vashchenko\/job-s-bless-us-privileged-operations-on-macos?slide=2. [Online","author":"Privileged Bless","year":"2022","unstructured":"Aronskaka. 2020. Job(s) Bless Us! Privileged Operations on macOS. https:\/\/speakerdeck.com\/vashchenko\/job-s-bless-us-privileged-operations-on-macos?slide=2. [Online ; accessed 8- June - 2022 ]. Aronskaka. 2020. Job(s) Bless Us! Privileged Operations on macOS. https:\/\/speakerdeck.com\/vashchenko\/job-s-bless-us-privileged-operations-on-macos?slide=2. [Online; accessed 8-June-2022]."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 2012 ACM conference on Computer and communications security. 217\u2013228","author":"Wain\u00a0Yee Au Kathy","year":"2012","unstructured":"Kathy Wain\u00a0Yee Au , Yi\u00a0Fan Zhou , Zhen Huang , and David Lie . 2012 . Pscout: analyzing the android permission specification . In Proceedings of the 2012 ACM conference on Computer and communications security. 217\u2013228 . Kathy Wain\u00a0Yee Au, Yi\u00a0Fan Zhou, Zhen Huang, and David Lie. 2012. Pscout: analyzing the android permission specification. In Proceedings of the 2012 ACM conference on Computer and communications security. 217\u2013228."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423357"},{"key":"e_1_3_2_1_11_1","unstructured":"Ian Beer. 2015. Auditing and Exploiting Apple IPC. Accessed: 2022-06-01.  Ian Beer. 2015. Auditing and Exploiting Apple IPC. Accessed: 2022-06-01."},{"volume-title":"OSX XPC Revisited - 3rd Party Application Flaws. Accessed: 2022-06-01","author":"Bohan Tyler","key":"e_1_3_2_1_12_1","unstructured":"Tyler Bohan . 2019. OSX XPC Revisited - 3rd Party Application Flaws. Accessed: 2022-06-01 . Tyler Bohan. 2019. OSX XPC Revisited - 3rd Party Application Flaws. Accessed: 2022-06-01."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818033"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Weiteng Chen Yu Wang Zheng Zhang and Zhiyun Qian. 2021. SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers. In ACM CCS.  Weiteng Chen Yu Wang Zheng Zhang and Zhiyun Qian. 2021. SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers. In ACM CCS.","DOI":"10.1145\/3460120.3484564"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813675"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00023"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196527"},{"key":"e_1_3_2_1_18_1","unstructured":"Manuel Egele Christopher Kruegel Engin Kirda and Giovanni Vigna. 2011. PiOS: Detecting Privacy Leaks in iOS Applications.. In NDSS. 177\u2013183.  Manuel Egele Christopher Kruegel Engin Kirda and Giovanni Vigna. 2011. PiOS: Detecting Privacy Leaks in iOS Applications.. In NDSS. 177\u2013183."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_1_20_1","unstructured":"Adrienne\u00a0Porter Felt Helen\u00a0J Wang Alexander Moshchuk Steve Hanna and Erika Chin. 2011. Permission Re-Delegation: Attacks and Defenses.. In USENIX security symposium Vol.\u00a030. 88.  Adrienne\u00a0Porter Felt Helen\u00a0J Wang Alexander Moshchuk Steve Hanna and Erika Chin. 2011. Permission Re-Delegation: Attacks and Defenses.. In USENIX security symposium Vol.\u00a030. 88."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292006.3300023"},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the 12th conference on security and privacy in wireless and mobile networks. 151\u2013161","author":"William Enck Sigmund\u00a0Albert","year":"2019","unstructured":"Sigmund\u00a0Albert Gorski\u00a0III and William Enck . 2019 . Arf: identifying re-delegation vulnerabilities in android system services . In Proceedings of the 12th conference on security and privacy in wireless and mobile networks. 151\u2013161 . Sigmund\u00a0Albert Gorski\u00a0III and William Enck. 2019. Arf: identifying re-delegation vulnerabilities in android system services. In Proceedings of the 12th conference on security and privacy in wireless and mobile networks. 151\u2013161."},{"key":"e_1_3_2_1_23_1","volume-title":"FRED: Identifying File Re-Delegation in Android System Services.","author":"Sigmund\u00a0Albert","year":"2022","unstructured":"Sigmund\u00a0Albert Gorski\u00a0III, Seaver Thorn , William Enck , and Haining Chen . 2022 . FRED: Identifying File Re-Delegation in Android System Services. (2022). Sigmund\u00a0Albert Gorski\u00a0III, Seaver Thorn, William Enck, and Haining Chen. 2022. FRED: Identifying File Re-Delegation in Android System Services. (2022)."},{"key":"e_1_3_2_1_24_1","volume-title":"Don\u2019t Trust the PID! Stories of a simple logic bug and where to find it. https:\/\/saelo.github.io\/presentations\/warcon18_dont_trust_the_pid.pdf. [Online","author":"Gro\u00df Samuel","year":"2022","unstructured":"Samuel Gro\u00df . 2018. Don\u2019t Trust the PID! Stories of a simple logic bug and where to find it. https:\/\/saelo.github.io\/presentations\/warcon18_dont_trust_the_pid.pdf. [Online ; accessed 8- June - 2022 ]. Samuel Gro\u00df. 2018. Don\u2019t Trust the PID! Stories of a simple logic bug and where to find it. https:\/\/saelo.github.io\/presentations\/warcon18_dont_trust_the_pid.pdf. [Online; accessed 8-June-2022]."},{"volume-title":"IDA Pro: A powerful disassembler and a versatile debugger. https:\/\/www.hex-rays.com\/products\/ida. [Online","year":"2022","key":"e_1_3_2_1_25_1","unstructured":"Hex-Rays.2022. IDA Pro: A powerful disassembler and a versatile debugger. https:\/\/www.hex-rays.com\/products\/ida. [Online ; accessed 28- June - 2022 ]. Hex-Rays.2022. IDA Pro: A powerful disassembler and a versatile debugger. https:\/\/www.hex-rays.com\/products\/ida. [Online; accessed 28-June-2022]."},{"key":"e_1_3_2_1_26_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Liu Baozheng","year":"2020","unstructured":"Baozheng Liu , Chao Zhang , Guang Gong , Yishun Zeng , Haifeng Ruan , and Jianwei Zhuge . 2020 . {FANS}: Fuzzing Android Native System Services via Automated Interface Analysis . In 29th USENIX Security Symposium (USENIX Security 20) . 307\u2013323. Baozheng Liu, Chao Zhang, Guang Gong, Yishun Zeng, Haifeng Ruan, and Jianwei Zhuge. 2020. {FANS}: Fuzzing Android Native System Services via Automated Interface Analysis. In 29th USENIX Security Symposium (USENIX Security 20). 307\u2013323."},{"volume-title":"Petabyte Scale. https:\/\/neo4j.com. [Online","year":"2022","key":"e_1_3_2_1_27_1","unstructured":"Neo4j Team.2022. NEO4J GRAPH DATA PLATFORM: Blazing-Fast Graph , Petabyte Scale. https:\/\/neo4j.com. [Online ; accessed 28- June - 2022 ]. Neo4j Team.2022. NEO4J GRAPH DATA PLATFORM: Blazing-Fast Graph, Petabyte Scale. https:\/\/neo4j.com. [Online; accessed 28-June-2022]."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/199448.199462"},{"volume-title":"Interprocedural dataflow analysis via graph reachability","author":"Reps Thomas","key":"e_1_3_2_1_29_1","unstructured":"Thomas Reps , Mooly Sagiv , and Susan Horwitz . 1994. Interprocedural dataflow analysis via graph reachability . Datalogisk Institut , K\u00f8benhavns Universitet . Thomas Reps, Mooly Sagiv, and Susan Horwitz. 1994. Interprocedural dataflow analysis via graph reachability. Datalogisk Institut, K\u00f8benhavns Universitet."},{"volume-title":"Abusing and Securing XPC in macOS apps. https:\/\/objectivebythesea.org. [Online","year":"2022","key":"e_1_3_2_1_30_1","unstructured":"Wojciech. 2020. Abusing and Securing XPC in macOS apps. https:\/\/objectivebythesea.org. [Online ; accessed 8- June - 2022 ]. Wojciech. 2020. Abusing and Securing XPC in macOS apps. https:\/\/objectivebythesea.org. [Online; accessed 8-June-2022]."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484801"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243843"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Min Zheng Xiaolong Bai Yajin Zhou Chao Zhang and Fuping Qu. 2021. POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming.. In NDSS.  Min Zheng Xiaolong Bai Yajin Zhou Chao Zhang and Fuping Qu. 2021. POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming.. In NDSS.","DOI":"10.14722\/ndss.2021.23126"}],"event":{"name":"ACSAC: Annual Computer Security Applications Conference","acronym":"ACSAC","location":"Austin TX USA"},"container-title":["Proceedings of the 38th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3564625.3568001","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3564625.3568001","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:29Z","timestamp":1750182569000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3564625.3568001"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,5]]},"references-count":34,"alternative-id":["10.1145\/3564625.3568001","10.1145\/3564625"],"URL":"https:\/\/doi.org\/10.1145\/3564625.3568001","relation":{},"subject":[],"published":{"date-parts":[[2022,12,5]]},"assertion":[{"value":"2022-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}