{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:51:55Z","timestamp":1767340315301,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3591365.3592946","type":"proceedings-article","created":{"date-parts":[[2023,7,4]],"date-time":"2023-07-04T16:07:29Z","timestamp":1688486849000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["WinkFuzz: Model-based Script Synthesis for Fuzzing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9013-2581","authenticated-orcid":false,"given":"Zian","family":"Liu","sequence":"first","affiliation":[{"name":"Swinburne University of Technology, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1355-3870","authenticated-orcid":false,"given":"Chao","family":"Chen","sequence":"additional","affiliation":[{"name":"Royal Melbourne Institute of Technology, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8033-0998","authenticated-orcid":false,"given":"Ejaz","family":"Ahmed","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2189-7801","authenticated-orcid":false,"given":"Jun","family":"Zhang","sequence":"additional","affiliation":[{"name":"Swinburne University of Technology, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0221-2571","authenticated-orcid":false,"given":"Dongxi","family":"Liu","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Australia"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Announcing oss-fuzz: Continuous fuzzing for open source software. https:\/\/testing.googleblog.com\/2016\/12\/announcing-ossfuzz-continuous-fuzzing.html  [n. d.]. Announcing oss-fuzz: Continuous fuzzing for open source software. https:\/\/testing.googleblog.com\/2016\/12\/announcing-ossfuzz-continuous-fuzzing.html"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. iknowthis. https:\/\/github.com\/rgbkrk\/iknowthis  [n. d.]. iknowthis. https:\/\/github.com\/rgbkrk\/iknowthis"},{"key":"e_1_3_2_1_3_1","unstructured":"[n. d.]. sysfuzz: A Prototype Systemcall Fuzzer. https:\/\/events.ccc.de\/congress\/2005\/fahrplan\/attachments\/ 683-slides_fuzzing.pdf  [n. d.]. sysfuzz: A Prototype Systemcall Fuzzer. https:\/\/events.ccc.de\/congress\/2005\/fahrplan\/attachments\/ 683-slides_fuzzing.pdf"},{"key":"e_1_3_2_1_4_1","unstructured":"[n. d.]. System Service Descriptor Table - SSDT. https:\/\/www.ired.team\/miscellaneous-reversing-forensics\/windows-kernel-internals\/glimpse-into-ssdt-in-windows-x64-kernel  [n. d.]. System Service Descriptor Table - SSDT. https:\/\/www.ired.team\/miscellaneous-reversing-forensics\/windows-kernel-internals\/glimpse-into-ssdt-in-windows-x64-kernel"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3140587.3062349"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_2_1_7_1","unstructured":"Cristian Cadar Daniel Dunbar Dawson\u00a0R Engler 2008. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.. In OSDI Vol.\u00a08. 209\u2013224.  Cristian Cadar Daniel Dunbar Dawson\u00a0R Engler 2008. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.. In OSDI Vol.\u00a08. 209\u2013224."},{"key":"e_1_3_2_1_8_1","unstructured":"Sang\u00a0K Cha. 2020. Model-Based Fuzzing for Finding Kernel Vulnerabilities.  Sang\u00a0K Cha. 2020. Model-Based Fuzzing for Finding Kernel Vulnerabilities."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.50"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Weiteng Chen Yu Wang Zheng Zhang and Zhiyun Qian. 2021. SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers. In ACM CCS.  Weiteng Chen Yu Wang Zheng Zhang and Zhiyun Qian. 2021. SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers. In ACM CCS.","DOI":"10.1145\/3460120.3484564"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00114"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134069"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070546"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2014.7"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2011.116"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2093548.2093564"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115618"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134103"},{"key":"e_1_3_2_1_21_1","volume-title":"USENIX Security Symposium. 445\u2013458","author":"Holler Christian","year":"2012","unstructured":"Christian Holler , Kim Herzig , Andreas Zeller , 2012 . Fuzzing with Code Fragments .. In USENIX Security Symposium. 445\u2013458 . Christian Holler, Kim Herzig, Andreas Zeller, 2012. Fuzzing with Code Fragments.. In USENIX Security Symposium. 445\u2013458."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00017"},{"key":"e_1_3_2_1_23_1","volume-title":"USENIX Security Symposium, Vol.\u00a02. 0.","author":"Johnson Rob","year":"2004","unstructured":"Rob Johnson and David Wagner . 2004 . Finding user\/kernel pointer bugs with type inference .. In USENIX Security Symposium, Vol.\u00a02. 0. Rob Johnson and David Wagner. 2004. Finding user\/kernel pointer bugs with type inference.. In USENIX Security Symposium, Vol.\u00a02. 0."},{"key":"e_1_3_2_1_24_1","unstructured":"[\n  24\n  ]  Dave Jones. [n. d.]. https:\/\/github.com\/kernelslacker\/trinity  [24] Dave Jones. [n. d.]. https:\/\/github.com\/kernelslacker\/trinity"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24334"},{"key":"e_1_3_2_1_26_1","unstructured":"Mateusz Jurczyk. [n. d.]. BrokenType. https:\/\/github.com\/googleprojectzero\/BrokenType.  Mateusz Jurczyk. [n. d.]. BrokenType. https:\/\/github.com\/googleprojectzero\/BrokenType."},{"key":"e_1_3_2_1_27_1","volume-title":"HFL: Hybrid Fuzzing on the Linux Kernel.. In NDSS.","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim , Dae\u00a0 R Jeong , Chung\u00a0Hwan Kim , Yeongjin Jang , Insik Shin , and Byoungyoung Lee . 2020 . HFL: Hybrid Fuzzing on the Linux Kernel.. In NDSS. Kyungtae Kim, Dae\u00a0R Jeong, Chung\u00a0Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee. 2020. HFL: Hybrid Fuzzing on the Linux Kernel.. In NDSS."},{"key":"e_1_3_2_1_28_1","volume-title":"2017 USENIX Annual Technical Conference (USENIX ATC 17)","author":"Kim Su\u00a0Yong","year":"2017","unstructured":"Su\u00a0Yong Kim , Sangho Lee , Insu Yun , Wen Xu , Byoungyoung Lee , Youngtae Yun , and Taesoo Kim . 2017 . { CAB-Fuzz} : Practical Concolic Testing Techniques for { COTS} Operating Systems . In 2017 USENIX Annual Technical Conference (USENIX ATC 17) . 689\u2013701. Su\u00a0Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim. 2017. { CAB-Fuzz} : Practical Concolic Testing Techniques for { COTS} Operating Systems. In 2017 USENIX Annual Technical Conference (USENIX ATC 17). 689\u2013701."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2560537"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_31_1","unstructured":"F-Secure LABS. [n. d.]. Kernel Fuzzer. https:\/\/github.com\/FSecureLABS\/KernelFuzzer  F-Secure LABS. [n. d.]. Kernel Fuzzer. https:\/\/github.com\/FSecureLABS\/KernelFuzzer"},{"key":"e_1_3_2_1_32_1","unstructured":"Lucas Leong. 2019. Make static instrumentation great again: High performance fuzzing for Windows system. In Blackhat.  Lucas Leong. 2019. Make static instrumentation great again: High performance fuzzing for Windows system. In Blackhat."},{"key":"e_1_3_2_1_33_1","volume-title":"Active fuzzing as complementary for passive fuzzing. PacSec","author":"Moony Li.","year":"2016","unstructured":"Moony Li. 2016. Active fuzzing as complementary for passive fuzzing. PacSec ( 2016 ). Moony Li. 2016. Active fuzzing as complementary for passive fuzzing. PacSec (2016)."},{"key":"e_1_3_2_1_34_1","unstructured":"Dejan Lukan. [n. d.]. The Sysenter Instruction Internals. https:\/\/resources.infosecinstitute.com\/topic\/the-sysenter-instruction-internals\/  Dejan Lukan. [n. d.]. The Sysenter Instruction Internals. https:\/\/resources.infosecinstitute.com\/topic\/the-sysenter-instruction-internals\/"},{"key":"e_1_3_2_1_35_1","volume-title":"USENIX Security Symposium, Vol.\u00a09. 67\u201382","author":"Molnar David","year":"2009","unstructured":"David Molnar , Xue\u00a0Cong Li , and David\u00a0 A Wagner . 2009 . Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs .. In USENIX Security Symposium, Vol.\u00a09. 67\u201382 . David Molnar, Xue\u00a0Cong Li, and David\u00a0A Wagner. 2009. Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs.. In USENIX Security Symposium, Vol.\u00a09. 67\u201382."},{"key":"e_1_3_2_1_36_1","unstructured":"Dmytro Oleksiuk. 2009. Ioctl fuzzer. https:\/\/github.com\/Cr4sh\/ioctlfuzzer  Dmytro Oleksiuk. 2009. Ioctl fuzzer. https:\/\/github.com\/Cr4sh\/ioctlfuzzer"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.37"},{"key":"e_1_3_2_1_38_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Pailoor Shankara","year":"2018","unstructured":"Shankara Pailoor , Andrew Aday , and Suman Jana . 2018 . { MoonShine} : Optimizing { OS} Fuzzer Seed Selection with Trace Distillation . In 27th USENIX Security Symposium (USENIX Security 18) . 729\u2013743. Shankara Pailoor, Andrew Aday, and Suman Jana. 2018. { MoonShine} : Optimizing { OS} Fuzzer Seed Selection with Trace Distillation. In 27th USENIX Security Symposium (USENIX Security 18). 729\u2013743."},{"key":"e_1_3_2_1_39_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Pan Jianfeng","year":"2017","unstructured":"Jianfeng Pan , Guanglu Yan , and Xiaocao Fan . 2017 . Digtool: A { Virtualization-Based} Framework for Detecting Kernel Vulnerabilities . In 26th USENIX Security Symposium (USENIX Security 17) . 149\u2013165. Jianfeng Pan, Guanglu Yan, and Xiaocao Fan. 2017. Digtool: A { Virtualization-Based} Framework for Detecting Kernel Vulnerabilities. In 26th USENIX Security Symposium (USENIX Security 17). 149\u2013165."},{"key":"e_1_3_2_1_40_1","unstructured":"Alex Plaskett. [n. d.]. OSXFuzz. https:\/\/github.com\/FSecureLABS\/OSXFuzz.  Alex Plaskett. [n. d.]. OSXFuzz. https:\/\/github.com\/FSecureLABS\/OSXFuzz."},{"key":"e_1_3_2_1_41_1","volume-title":"Vuzzer: Application-aware evolutionary fuzzing.. In NDSS, Vol.\u00a017. 1\u201314.","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat , Vivek Jain , Ashish Kumar , Lucian Cojocar , Cristiano Giuffrida , and Herbert Bos . 2017 . Vuzzer: Application-aware evolutionary fuzzing.. In NDSS, Vol.\u00a017. 1\u201314. Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. Vuzzer: Application-aware evolutionary fuzzing.. In NDSS, Vol.\u00a017. 1\u201314."},{"volume-title":"23rd { USENIX} Security Symposium ({ USENIX} Security 14). 861\u2013875.","author":"Rebert Alexandre","key":"e_1_3_2_1_42_1","unstructured":"Alexandre Rebert , Sang\u00a0Kil Cha , Thanassis Avgerinos , Jonathan Foote , David Warren , Gustavo Grieco , and David Brumley . 2014. Optimizing seed selection for fuzzing . In 23rd { USENIX} Security Symposium ({ USENIX} Security 14). 861\u2013875. Alexandre Rebert, Sang\u00a0Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, and David Brumley. 2014. Optimizing seed selection for fuzzing. In 23rd { USENIX} Security Symposium ({ USENIX} Security 14). 861\u2013875."},{"key":"e_1_3_2_1_43_1","volume-title":"USENIX Security Symposium. 167\u2013182","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo , Cornelius Aschermann , Robert Gawlik , Sebastian Schinzel , and Thorsten Holz . 2017 . kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels .. In USENIX Security Symposium. 167\u2013182 . Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels.. In USENIX Security Symposium. 167\u2013182."},{"key":"e_1_3_2_1_44_1","unstructured":"Solomon Sklash. 2020. Using Syscalls to Inject Shellcode on Windows. https:\/\/www.solomonsklash.io\/syscalls-for-shellcode-injection.html  Solomon Sklash. 2020. Using Syscalls to Inject Shellcode on Windows. https:\/\/www.solomonsklash.io\/syscalls-for-shellcode-injection.html"},{"key":"e_1_3_2_1_45_1","volume-title":"Driller: Augmenting fuzzing through selective symbolic execution.. In NDSS, Vol.\u00a016. 1\u201316.","author":"Stephens Nick","year":"2016","unstructured":"Nick Stephens , John Grosen , Christopher Salls , Andrew Dutcher , Ruoyu Wang , Jacopo Corbetta , Yan Shoshitaishvili , Christopher Kruegel , and Giovanni Vigna . 2016 . Driller: Augmenting fuzzing through selective symbolic execution.. In NDSS, Vol.\u00a016. 1\u201316. Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting fuzzing through selective symbolic execution.. In NDSS, Vol.\u00a016. 1\u201316."},{"key":"e_1_3_2_1_46_1","unstructured":"ReactOS Team. [n. d.]. ReactOS. https:\/\/reactos.org\/  ReactOS Team. [n. d.]. ReactOS. https:\/\/reactos.org\/"},{"key":"e_1_3_2_1_47_1","volume-title":"Experiences with Model Inference Assisted Fuzzing.WOOT 2","author":"Viide Joachim","year":"2008","unstructured":"Joachim Viide , Aki Helin , Marko Laakso , Pekka Pietik\u00e4inen , Mika Sepp\u00e4nen , Kimmo Halunen , Rauli Puuper\u00e4 , and Juha R\u00f6ning . 2008. Experiences with Model Inference Assisted Fuzzing.WOOT 2 ( 2008 ), 1\u20132. Joachim Viide, Aki Helin, Marko Laakso, Pekka Pietik\u00e4inen, Mika Sepp\u00e4nen, Kimmo Halunen, Rauli Puuper\u00e4, and Juha R\u00f6ning. 2008. Experiences with Model Inference Assisted Fuzzing.WOOT 2 (2008), 1\u20132."},{"key":"e_1_3_2_1_48_1","unstructured":"Dmitry Vyukov. [n. d.]. syzkaller. https:\/\/github.com\/google\/syzkaller.  Dmitry Vyukov. [n. d.]. syzkaller. https:\/\/github.com\/google\/syzkaller."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"volume-title":"Presented as part of the 10th { USENIX} Symposium on Operating Systems Design and Implementation ({ OSDI} 12). 163\u2013177.","author":"Wang Xi","key":"e_1_3_2_1_50_1","unstructured":"Xi Wang , Haogang Chen , Zhihao Jia , Nickolai Zeldovich , and M\u00a0Frans Kaashoek . 2012. Improving integer security for systems with { KINT} . In Presented as part of the 10th { USENIX} Symposium on Operating Systems Design and Implementation ({ OSDI} 12). 163\u2013177. Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, and M\u00a0Frans Kaashoek. 2012. Improving integer security for systems with { KINT}. In Presented as part of the 10th { USENIX} Symposium on Operating Systems Design and Implementation ({ OSDI} 12). 163\u2013177."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516736"}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","acronym":"ASIA CCS '23","location":"Melbourne VIC Australia"},"container-title":["Proceedings of the Third International Symposium on Advanced Security on Software and Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3591365.3592946","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3591365.3592946","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:47:22Z","timestamp":1750178842000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3591365.3592946"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":51,"alternative-id":["10.1145\/3591365.3592946","10.1145\/3591365"],"URL":"https:\/\/doi.org\/10.1145\/3591365.3592946","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}