{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T18:10:12Z","timestamp":1778091012189,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Shanghai Pilot Program for Basic Research-Fudan University","award":["21TQ1400100 (21TQ012)"],"award-info":[{"award-number":["21TQ1400100 (21TQ012)"]}]},{"name":"National Key Research and Development Program","award":["2021YFB3101200"],"award-info":[{"award-number":["2021YFB3101200"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172105, 62172104, 62102091, 62102093"],"award-info":[{"award-number":["62172105, 62172104, 62102091, 62102093"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100013105","name":"Shanghai Rising-Star Program","doi-asserted-by":"publisher","award":["21QA1400700"],"award-info":[{"award-number":["21QA1400700"]}],"id":[{"id":"10.13039\/501100013105","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Ministry of Industry and Information Technology of the People?s Republic of China","award":["TC220H079"],"award-info":[{"award-number":["TC220H079"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623146","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"1630-1644","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":26,"title":["SyzDirect: Directed Greybox Fuzzing for Linux Kernel"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-9018-0386","authenticated-orcid":false,"given":"Xin","family":"Tan","sequence":"first","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0726-9996","authenticated-orcid":false,"given":"Yuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1892-5971","authenticated-orcid":false,"given":"Jiadong","family":"Lu","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4818-8406","authenticated-orcid":false,"given":"Xin","family":"Xiong","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4047-6677","authenticated-orcid":false,"given":"Zhuang","family":"Liu","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9714-5545","authenticated-orcid":false,"given":"Min","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2017. Patch of Dirty COW Vulnerability Incomplete Researchers Claim. https:\/\/www.securityweek.com\/patch-dirty-cow-vulnerability-inco mplete-researchers-claim\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2022. K01311152: Linux kernel vulnerabilities CVE-2020-36322 and CVE-2021- 28950. https:\/\/my.f5.com\/manage\/s\/article\/K01311152."},{"key":"e_1_3_2_1_3_1","unstructured":"2022. net\/rds: fix warn in rds_message_alloc_sgs. https:\/\/git.kernel.org\/pub\/scm \/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=ea010070d0a7497253d5a6f919 f6dd107450b31a."},{"key":"e_1_3_2_1_4_1","unstructured":"2022. Trinity: Linux system call fuzzer. https:\/\/github.com\/kernelslacker\/trinity.."},{"key":"e_1_3_2_1_5_1","unstructured":"2023. Kernel.org Bugzilla. https:\/\/bugzilla.kernel.org."},{"key":"e_1_3_2_1_6_1","unstructured":"2023. Syzkaller System Call Description. https:\/\/github.com\/google\/syzkaller\/tr ee\/master\/sys\/linux."},{"key":"e_1_3_2_1_7_1","volume-title":"REDQUEEN: Fuzzing with Input-to-State Correspondence. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with Input-to-State Correspondence. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society."},{"key":"e_1_3_2_1_8_1","volume-title":"Static Detection of Unsafe DMA Accesses in Device Drivers. In 30th USENIX Security Symposium, USENIX Security 2021","author":"Bai Jia-Ju","year":"2021","unstructured":"Jia-Ju Bai, Tuo Li, Kangjie Lu, and Shi-Min Hu. 2021. Static Detection of Unsafe DMA Accesses in Device Drivers. In 30th USENIX Security Symposium, USENIX Security 2021, August 11--13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 1629--1645."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491956.2462186"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (San Diego, California) (OSDI'08). USENIX Association, USA, 209--224."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542517"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER48275.2020.9054797"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510197"},{"key":"e_1_3_2_1_16_1","volume-title":"Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021","author":"Emamdoost Navid","year":"2021","unstructured":"Navid Emamdoost, Qiushi Wu, Kangjie Lu, and Stephen McCamant. 2021. Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021. The Internet Society."},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium (SEC'20)","author":"Gan Shuitao","year":"2020","unstructured":"Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. GREYONE: Data Flow Sensitive Fuzzing. In Proceedings of the 29th USENIX Conference on Security Symposium (SEC'20). USENIX Association, USA, Article 145, 18 pages."},{"key":"e_1_3_2_1_18_1","unstructured":"Google. 2022a. Syzkaller. https:\/\/github.com\/google\/syzkaller."},{"key":"e_1_3_2_1_19_1","unstructured":"Google. 2022b. syzlang. https:\/\/github.com\/google\/syzkaller\/blob\/master\/docs\/syscall_descriptions_syntax.md."},{"key":"e_1_3_2_1_20_1","volume-title":"Static Generation of Syscall Descriptions for Kernel Drivers. In 44rd IEEE Symposium on Security and Privacy, SP 2023","author":"Hao Yu","year":"2023","unstructured":"Yu Hao, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, and Ardalan Amiri Sani. 2023. SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers. In 44rd IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 22-25, 2023. IEEE."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3488011"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833751"},{"key":"e_1_3_2_1_23_1","unstructured":"kernel.org. 2022. kcov: code coverage for fuzzing. https:\/\/www.kernel.org\/doc\/html\/v5.9\/dev-tools\/kcov.html."},{"key":"e_1_3_2_1_24_1","volume-title":"HFL: Hybrid Fuzzing on the Linux Kernel. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee. 2020. HFL: Hybrid Fuzzing on the Linux Kernel. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23-26, 2020. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/hfl-hybrid-fuzzing-on-the-linux-kernel\/"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/977395.977673"},{"key":"e_1_3_2_1_26_1","volume-title":"USENIX Security Symposium. 3559--3576","author":"Lee Gwangmu","year":"2021","unstructured":"Gwangmu Lee, Woochul Shim, and Byoungyoung Lee. 2021. Constraint-guided Directed Greybox Fuzzing.. In USENIX Security Symposium. 3559--3576."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507770"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833683"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485373"},{"key":"e_1_3_2_1_30_1","volume-title":"31st USENIX Security Symposium, USENIX Security 2022","author":"Liu Jian","year":"2022","unstructured":"Jian Liu, Lin Yi, Weiteng Chen, Chengyu Song, Zhiyun Qian, and Qiuping Yi. 2022. LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution. In 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10--12, 2022, Kevin R. B. Butler and Kurt Thomas (Eds.). USENIX Association, 125--142."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"e_1_3_2_1_32_1","volume-title":"An In-depth Analysis of Duplicated Linux Kernel Bug Reports. In Network and Distributed Systems Security (NDSS) Symposium","author":"Mu Dongliang","year":"2022","unstructured":"Dongliang Mu, Yuhang Wu, Yueqi Chen, Zhenpeng Lin, Chensheng Yu, Xinyu Xing, and Gang Wang. 2022. An In-depth Analysis of Duplicated Linux Kernel Bug Reports. In Network and Distributed Systems Security (NDSS) Symposium 2022."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908099"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 27th USENIX Conference on Security Symposium","author":"Pailoor Shankara","year":"2018","unstructured":"Shankara Pailoor, Andrew Aday, and Suman Jana. 2018. Moonshine: Optimizing OS Fuzzer Seed Selection with Trace Distillation. In Proceedings of the 27th USENIX Conference on Security Symposium (Baltimore, MD, USA). USENIX Association, USA, 729--743."},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium (SEC'20)","author":"Peng Hui","year":"2020","unstructured":"Hui Peng and Mathias Payer. 2020. USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation. In Proceedings of the 29th USENIX Conference on Security Symposium (SEC'20). USENIX Association, USA, Article 144, 17 pages."},{"key":"e_1_3_2_1_36_1","volume-title":"Under-Constrained Symbolic Execution: Correctness Checking for Real Code. In 24th USENIX Security Symposium (USENIX Security 15)","author":"David","unstructured":"David A. Ramos and Dawson Engler. 2015. Under-Constrained Symbolic Execution: Correctness Checking for Real Code. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 49--64. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/ramos"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/2671225.2671280"},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 26th USENIX Conference on Security Symposium","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. KAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels. In Proceedings of the 26th USENIX Conference on Security Symposium (Vancouver, BC, Canada) (SEC'17). USENIX Association, USA, 167--182."},{"key":"e_1_3_2_1_39_1","volume-title":"PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary. In Network and Distributed System Security Symposium (NDSS).","author":"Song Dokyung","year":"2019","unstructured":"Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, and Michael Franz. 2019. PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483547"},{"key":"e_1_3_2_1_41_1","volume-title":"the 30th USENIX Security Symposium (Security'21)","author":"Tan Xin","year":"2021","unstructured":"Xin Tan, Yuan Zhang, Xiyu Yang, Kangjie Lu, and Min Yang. 2021. Detecting kernel refcount bugs with two-dimensional consistency checking. In the 30th USENIX Security Symposium (Security'21)."},{"key":"e_1_3_2_1_42_1","volume-title":"SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning. In 30th USENIX Security Symposium, USENIX Security 2021","author":"Wang Daimeng","year":"2021","unstructured":"Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael B. Abu-Ghazaleh. 2021. SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 2741--2758. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/wang-daimeng"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24419"},{"key":"e_1_3_2_1_44_1","volume-title":"Mitigating Security Risks in Linux with KLAUS: A Method for Evaluating Patch Correctness. In 32st USENIX Security Symposium, USENIX Security","author":"Wu Yuhang","year":"2023","unstructured":"Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang K Le, Dongliang Mu, and Xinyu Xing. 2023. Mitigating Security Risks in Linux with KLAUS: A Method for Evaluating Patch Correctness. In 32st USENIX Security Symposium, USENIX Security 2023. USENIX Association."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134085"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24380"},{"key":"e_1_3_2_1_47_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Zong Peiyuan","year":"2020","unstructured":"Peiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang, and Kai Chen. 2020. FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2255--2269. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/zong"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623146","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623146","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:44:58Z","timestamp":1755740698000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623146"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":47,"alternative-id":["10.1145\/3576915.3623146","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623146","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}