{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T02:35:59Z","timestamp":1773369359975,"version":"3.50.1"},"reference-count":73,"publisher":"Association for Computing Machinery (ACM)","issue":"4","funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["62202465"],"award-info":[{"award-number":["62202465"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"National Key Research and Development Program of China","award":["2022YFB3103904"],"award-info":[{"award-number":["2022YFB3103904"]}]},{"DOI":"10.13039\/501100009076","name":"University of Science and Technology of China","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100009076","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2026,4,30]]},"abstract":"File access vulnerabilities (FAVs) are one type of security weakness arising from adversary manipulations of file access inputs, posing significant threats to system integrity. Despite their prevalence, FAVs remain underexplored due to limited understanding, complex triggering scenarios, and stealthy and diverse manifestations; these challenges render current detection approaches incomplete and inaccurate.<\/jats:p>\n \n To this end, we conducted an in-depth empirical study across 204 file-related CVEs, uncovering the root cause and trigger mechanisms of FAVs. Based on these findings, we propose an exhaustive\n accessing model<\/jats:italic>\n and a specialized\n threat model<\/jats:italic>\n that define the\n adversary<\/jats:italic>\n and\n attack surface<\/jats:italic>\n for FAVs, enabling systematic attribution and analysis of file operations. Furthermore, we propose\n FAVDisco<\/jats:sc>\n , a novel framework for discovering FAVs by mutating, triggering, and analyzing file operations. It employs a\n File Mutator<\/jats:italic>\n to simulate diverse execution scenarios and an\n FAV Checker<\/jats:italic>\n that integrates a\n model-based adversary controllable checker<\/jats:italic>\n with\n pattern-based detection rules<\/jats:italic>\n to identify FAVs. Implemented on Windows,\n FAVDisco<\/jats:sc>\n achieves remarkable performance with 92.1% precision and 83.3% recall on the disclosed FAV detection task, outperforming state-of-the-art methods. Moreover, it uncovers 13 zero-day FAVs in 10 widely used services, with six assigned new CVEs and earning a reward of $29,000 from Microsoft Security Response Center.\n <\/jats:p>","DOI":"10.1145\/3744901","type":"journal-article","created":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T21:20:50Z","timestamp":1750281650000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["FAVDisco<\/scp>\n : Modeling and Discovering File Access Vulnerabilities"],"prefix":"10.1145","volume":"35","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-6066-8044","authenticated-orcid":false,"given":"Beibei","family":"Zhao","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3636-0035","authenticated-orcid":false,"given":"Wenjie","family":"Feng","sequence":"additional","affiliation":[{"name":"School of Artificial Intelligence and Data Science, University of Science and Technology of China, Hefei, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3587-634X","authenticated-orcid":false,"given":"Qingli","family":"Guo","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-7313-0256","authenticated-orcid":false,"given":"Yingli","family":"Sun","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2531-4642","authenticated-orcid":false,"given":"Fangming","family":"Gu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-1287-096X","authenticated-orcid":false,"given":"Bolun","family":"Zhang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8203-1496","authenticated-orcid":false,"given":"Xiaorui","family":"Gong","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1353-7838","authenticated-orcid":false,"given":"Hong","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2026,3,12]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"e_1_3_3_3_2","volume-title":"Network and Distributed System Security Symposium","author":"Bugiel Sven","year":"2012","unstructured":"Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, and Bhargava Shastry. 2012. Towards taming privilege-escalation attacks on android. In Network and Distributed System Security Symposium. Retrieved from https:\/\/api.semanticscholar.org\/CorpusID:14960107"},{"key":"e_1_3_3_4_2","volume-title":"Network and Distributed System Security Symposium","author":"Chari Suresh","year":"2010","unstructured":"Suresh Chari, Shai Halevi, and Wietse Z. Venema. 2010. Where do you want to go today? Escalating privileges by pathname manipulation. In Network and Distributed System Security Symposium. Retrieved from https:\/\/api.semanticscholar.org\/CorpusID:3479419"},{"key":"e_1_3_3_5_2","volume-title":"10th USENIX Security Symposium (USENIX Security \u201901)","author":"Cowan Crispin","year":"2001","unstructured":"Crispin Cowan, Steve Beattie, Chris Wright, and Greg Kroah-Hartman. 2001. RaceGuard: Kernel protection from temporary file race vulnerabilities. In 10th USENIX Security Symposium (USENIX Security \u201901). USENIX Association, Washington, D.C. Retrieved from https:\/\/www.usenix.org\/conference\/10th-usenix-security-symposium\/raceguard-kernel-protection-temporary-file-race"},{"key":"e_1_3_3_6_2","volume-title":"14th USENIX Workshop on Offensive Technologies (WOOT \u201920)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL++: Combining incremental steps of fuzzing research. In 14th USENIX Workshop on Offensive Technologies (WOOT \u201920). USENIX Association. Retrieved from https:\/\/www.usenix.org\/conference\/woot20\/presentation\/fioraldi"},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3292006.3300023"},{"key":"e_1_3_3_8_2","first-page":"1525","volume-title":"31st USENIX Security Symposium (USENIX Security \u201922)","author":"Gorski-III Sigmund Albert","year":"2022","unstructured":"Sigmund Albert Gorski-III, Seaver Thorn, William Enck, and Haining Chen. 2022. FReD: Identifying file re-delegation in Android system services. In 31st USENIX Security Symposium (USENIX Security \u201922). USENIX Association, Boston, MA, 1525\u20131542. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/gorski"},{"key":"e_1_3_3_9_2","first-page":"3019","volume-title":"31st USENIX Security Symposium (USENIX Security \u201922)","author":"Gu Fangming","year":"2022","unstructured":"Fangming Gu, Qingli Guo, Lian Li, Zhiniang Peng, Wei Lin, Xiaobo Yang, and Xiaorui Gong. 2022. COMRace: Detecting data race vulnerabilities in COM objects. In 31st USENIX Security Symposium (USENIX Security \u201922). USENIX Association, Boston, MA, 3019\u20133036. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/gu-fangming"},{"key":"e_1_3_3_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3420014"},{"key":"e_1_3_3_11_2","unstructured":"Itman. 2024. PrivescCheck - Privilege Escalation Enumeration Script for Windows. Retrieved from https:\/\/github.com\/itm4n\/PrivescCheck"},{"key":"e_1_3_3_12_2","unstructured":"Itman. 2024. Windows DLL Hijacking (Hopefully) Clarified. Retrieved from https:\/\/itm4n.github.io\/windows-dll-hijacking-clarified\/"},{"key":"e_1_3_3_13_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24334"},{"key":"e_1_3_3_14_2","unstructured":"Michael Kerrisk. 2024. setuid(2)\u2014Linux Manual Page. Retrieved from https:\/\/www.man7.org\/linux\/man-pages\/man2\/setuid.2.html"},{"key":"e_1_3_3_15_2","volume-title":"USENIX Annual Technical Conference","author":"Kim Su Yong","year":"2017","unstructured":"Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim. 2017. CAB-Fuzz: Practical concolic testing techniques for COTS operating systems. In USENIX Annual Technical Conference. Retrieved from https:\/\/api.semanticscholar.org\/CorpusID:12770219"},{"key":"e_1_3_3_16_2","first-page":"2579","volume-title":"30th USENIX Security Symposium (USENIX Security \u201921)","author":"Lee Yu-Tsung","year":"2021","unstructured":"Yu-Tsung Lee, William Enck, Haining Chen, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Daimeng Wang, Giuseppe Petracca, and Trent Jaeger. 2021. PolyScope: Multi-policy access control analysis to compute authorized attack operations in Android systems. In 30th USENIX Security Symposium (USENIX Security \u201921). USENIX Association, 2579\u20132596. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/lee-yu-tsung"},{"key":"e_1_3_3_17_2","doi-asserted-by":"publisher","unstructured":"Yu-Tsung Lee Rahul George Haining Chen Kevin Chan and Trent Jaeger. 2023. Triaging Android systems using Bayesian attack graphs 171\u2013183. DOI: 10.1109\/SecDev56634.2023.00031","DOI":"10.1109\/SecDev56634.2023.00031"},{"key":"e_1_3_3_18_2","unstructured":"The Linux-Foundation. 2024. eBPF. Retrieved from https:\/\/ebpf.foundation\/home\/"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560589"},{"key":"e_1_3_3_20_2","unstructured":"Microsoft. 2024. Adding Event Tracing to Kernel-Mode Drivers. Retrieved from https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/adding-event-tracing-to-kernel-mode-drivers"},{"key":"e_1_3_3_21_2","unstructured":"Microsoft. 2024. File Server Resource Manager Module. Retrieved from https:\/\/learn.microsoft.com\/en-us\/powershell\/module\/fileserverresourcemanager\/?view=windowsserver2022-ps"},{"key":"e_1_3_3_22_2","unstructured":"Microsoft. 2024. Impersonation Tokens - Win32 Apps. Retrieved from https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/com\/impersonation"},{"key":"e_1_3_3_23_2","unstructured":"Microsoft. 2024. Local Service Account. Retrieved from https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/services\/localservice-account"},{"key":"e_1_3_3_24_2","unstructured":"Microsoft. 2024. Microsoft Security Response Center (MSRC) Security Update Guide. Retrieved from https:\/\/msrc.microsoft.com\/update-guide\/vulnerability"},{"key":"e_1_3_3_25_2","unstructured":"Microsoft. 2024. Minifiler - Filter Manager Concepts. Retrieved from https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/ifs\/filter-manager-concepts"},{"key":"e_1_3_3_26_2","unstructured":"Microsoft. 2024. Securable Objects. Retrieved from https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/secauthz\/securable-objects"},{"key":"e_1_3_3_27_2","unstructured":"Microsoft. 2024. Xbox Gaming Services Elevation of Privilege Vulnerability. Retrieved from https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-28916"},{"key":"e_1_3_3_28_2","unstructured":"Microsoft. 2025. fileapi.h Header. Retrieved from https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/api\/fileapi\/"},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815422"},{"key":"e_1_3_3_30_2","unstructured":"MITRE. 1999. CVE-1999-1386. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-1999-1386"},{"key":"e_1_3_3_31_2","unstructured":"MITRE. 2020. CVE-2020-7523. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-7523"},{"key":"e_1_3_3_32_2","unstructured":"MITRE. 2022. CVE-2022-32223. Retrieved from https:\/\/www.cve.org\/CVERecord?id=CVE-2022-32223"},{"key":"e_1_3_3_33_2","unstructured":"MITRE. 2022. CVE-2022-38730. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-38730"},{"key":"e_1_3_3_34_2","unstructured":"MITRE. 2022. CVE-2022-39845. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2022-39845"},{"key":"e_1_3_3_35_2","unstructured":"MITRE. 2022. CVE-2022-4149. Retrieved from https:\/\/www.cve.org\/CVERecord?id=CVE-2022-4149"},{"key":"e_1_3_3_36_2","unstructured":"MITRE. 2022. Local Clone Optimization Dereferences Symbolic Links by Default. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-39253"},{"key":"e_1_3_3_37_2","unstructured":"MITRE. 2023. CVE-2023-27323. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-27323"},{"key":"e_1_3_3_38_2","unstructured":"MITRE. 2023. CVE-2023-39464. Retrieved from https:\/\/www.cve.org\/CVERecord?id=CVE-2023-39464"},{"key":"e_1_3_3_39_2","unstructured":"MITRE. 2023. CVE-2023-45159. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-45159"},{"key":"e_1_3_3_40_2","unstructured":"MITRE. 2023. Git Clone Remote Code Execution Vulnerability in Git-for-Windows. Retrieved from https:\/\/www.cve.org\/CVERecord?id=CVE-2022-41953"},{"key":"e_1_3_3_41_2","unstructured":"MITRE. 2024. CVE-2024-26158. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2024-26158"},{"key":"e_1_3_3_42_2","unstructured":"MITRE. 2024. CVE-2024-3829. Retrieved from https:\/\/www.cve.org\/CVERecord?id=CVE-2024-3829"},{"key":"e_1_3_3_43_2","unstructured":"MITRE .2024. CVE Database. Retrieved from https:\/\/cve.mitre.org\/"},{"key":"e_1_3_3_44_2","unstructured":"MITRE. 2024. CWE-250: Execution with Unnecessary Privileges. Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/250.html"},{"key":"e_1_3_3_45_2","unstructured":"MITRE. 2024. CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition. Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/367"},{"key":"e_1_3_3_46_2","unstructured":"MITRE. 2024. CWE-426: Untrusted Search Path. Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/426.html"},{"key":"e_1_3_3_47_2","unstructured":"MITRE. 2024. CWE-427: Uncontrolled Search Path Element. Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/427.html"},{"key":"e_1_3_3_48_2","unstructured":"MITRE. 2024. CWE-428: Unquoted Search Path or Element. Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/428.html"},{"key":"e_1_3_3_49_2","unstructured":"MITRE. 2024. CWE-441: Unintended Proxy or Intermediary (\u2018Confused Deputy\u2019). Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/441"},{"key":"e_1_3_3_50_2","unstructured":"MITRE. 2024. CWE-862: Missing Authorization. Retrieved from https:\/\/cwe.mitre.org\/data\/definitions\/862.html"},{"key":"e_1_3_3_51_2","unstructured":"National Institute of Standards and Technology (NIST). 2024. National Vulnerability Database. Retrieved from https:\/\/nvd.nist.gov\/search"},{"key":"e_1_3_3_52_2","unstructured":"Pksecurity. 2024. Elevation of Privilege in Google Update with Windows. Retrieved from https:\/\/issues.chromium.org\/issues\/40946325"},{"key":"e_1_3_3_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_3_54_2","doi-asserted-by":"publisher","DOI":"10.1109\/32.799955"},{"key":"e_1_3_3_55_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0317-1"},{"key":"e_1_3_3_56_2","first-page":"409","volume-title":"32nd USENIX Security Symposium (USENIX Security \u201923)","author":"Shen Bingyu","year":"2023","unstructured":"Bingyu Shen, Tianyi Shan, and Yuanyuan Zhou. 2023. Improving logging to reduce permission over-granting mistakes. In 32nd USENIX Security Symposium (USENIX Security \u201923). USENIX Association, Anaheim, CA, 409\u2013426. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/shen-bingyu-logging"},{"key":"e_1_3_3_57_2","first-page":"4913","volume-title":"32nd USENIX Security Symposium (USENIX Security \u201923)","author":"Stone Leo","year":"2023","unstructured":"Leo Stone, Rishi Ranjan, Stefan Nagy, and Matthew Hicks. 2023. No Linux, no problem: Fast and correct Windows binary fuzzing via target-embedded snapshotting. In 32nd USENIX Security Symposium (USENIX Security \u201923). USENIX Association, Anaheim, CA, 4913\u20134929. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/stone"},{"key":"e_1_3_3_58_2","unstructured":"Sysinternals. 2023. Open Source Process Monitor. Retrieved from https:\/\/github.com\/progmboy\/openprocmon"},{"key":"e_1_3_3_59_2","unstructured":"Sysinternals. 2023. Process Monitor. Retrieved from https:\/\/learn.microsoft.com\/en-us\/sysinternals\/downloads\/procmon"},{"key":"e_1_3_3_60_2","unstructured":"Sysinternals. 2024. The Linux Port of the Sysinternals Sysmon Tool. Retrieved from https:\/\/github.com\/Sysinternals\/SysinternalsEBPF"},{"key":"e_1_3_3_61_2","unstructured":"Pavel Tsakalidis and Wdormann. 2023. Crassus Windows Privilege Escalation Discovery Tool. Retrieved from https:\/\/github.com\/vu-ls\/Crassus"},{"key":"e_1_3_3_62_2","volume-title":"12th USENIX Security Symposium (USENIX Security 03)","author":"Tsyrklevich Eugene","year":"2003","unstructured":"Eugene Tsyrklevich and Bennet Yee. 2003. Dynamic detection and prevention of race conditions in file accesses. In 12th USENIX Security Symposium (USENIX Security 03). USENIX Association, Washington, D.C. Retrieved from https:\/\/www.usenix.org\/conference\/12th-usenix-security-symposium\/dynamic-detection-and-prevention-race-conditions-file"},{"key":"e_1_3_3_63_2","doi-asserted-by":"publisher","DOI":"10.1145\/2613087.2613111"},{"key":"e_1_3_3_64_2","first-page":"973","volume-title":"23rd USENIX Security Symposium (USENIX Security \u201914)","author":"Vijayakumar Hayawardh","year":"2014","unstructured":"Hayawardh Vijayakumar, Xinyang Ge, Mathias Payer, and Trent Jaeger. 2014. JIGSAW: Protecting resource access by inferring programmer expectations. In 23rd USENIX Security Symposium (USENIX Security \u201914). USENIX Association, San Diego, CA, 973\u2013988. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/vijaykumar"},{"key":"e_1_3_3_65_2","first-page":"1","article-title":"A rose by any other name or an insane root? Adventures in name resolution","author":"Vijayakumar Hayawardh","year":"2011","unstructured":"Hayawardh Vijayakumar, Joshua Schiffman, and Trent Jaeger. 2011. A rose by any other name or an insane root? Adventures in name resolution. In 2011 7th European Conference on Computer Network Defense, 1\u20138. Retrieved from https:\/\/api.semanticscholar.org\/CorpusID:12418430","journal-title":"2011 7th European Conference on Computer Network Defense"},{"key":"e_1_3_3_66_2","volume-title":"USENIX Security Symposium","author":"Vijayakumar Hayawardh","year":"2012","unstructured":"Hayawardh Vijayakumar, Joshua Schiffman, and Trent Jaeger. 2012. STING: Finding name resolution vulnerabilities in programs. In USENIX Security Symposium. Retrieved from https:\/\/api.semanticscholar.org\/CorpusID:16848346"},{"key":"e_1_3_3_67_2","first-page":"1919","volume-title":"32nd USENIX Security Symposium (USENIX Security \u201923)","author":"Wang Dawei","year":"2023","unstructured":"Dawei Wang, Ying Li, Zhiyu Zhang, and Kai Chen. 2023. CarpetFuzz: Automatic program option constraint extraction from documentation for fuzzing. In 32nd USENIX Security Symposium (USENIX Security \u201923). USENIX Association, Anaheim, CA, 1919\u20131936. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/wang-dawei"},{"key":"e_1_3_3_68_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"e_1_3_3_69_2","volume-title":"4th USENIX Conference on File and Storage Technologies (FAST \u201905). USENIX Association","author":"Wei Jinpeng","year":"2005","unstructured":"Jinpeng Wei and Calton Pu. 2005. TOCTTOU vulnerabilities in UNIX-style file systems: An anatomical study. In 4th USENIX Conference on File and Storage Technologies (FAST \u201905). USENIX Association, San Francisco, CA. Retrieved from https:\/\/www.usenix.org\/conference\/fast-05\/tocttou-vulnerabilities-unix-style-file-systems-anatomical-study"},{"key":"e_1_3_3_70_2","unstructured":"Wikipedia. 2024. Attribute-Based Access Control. Retrieved from https:\/\/en.wikipedia.org\/wiki\/Attribute-based_access_control"},{"key":"e_1_3_3_71_2","unstructured":"Kaisheng Yin. 2024. Python-UIAutomation-for-Windows. Retrieved from https:\/\/github.com\/yinkaisheng\/Python-UIAutomation-for-Windows"},{"key":"e_1_3_3_72_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.23038"},{"key":"e_1_3_3_73_2","first-page":"1205","volume-title":"28th USENIX Security Symposium (USENIX Security \u201919)","author":"Zhang Tong","year":"2019","unstructured":"Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed M. Azab, and Ruowen Wang. 2019. PeX: A permission check analysis framework for Linux Kernel. In 28th USENIX Security Symposium (USENIX Security \u201919). USENIX Association, Santa Clara, CA, 1205\u20131220. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/zhang-tong"},{"key":"e_1_3_3_74_2","unstructured":"Simon Zuckerbraun. 2022. Abusing Arbitrary File Deletes To Escalate Privilege And Other Great Tricks. Retrieved from https:\/\/www.zerodayinitiative.com\/blog\/2022\/3\/16\/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3744901","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T15:08:45Z","timestamp":1773328125000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3744901"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,12]]},"references-count":73,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2026,4,30]]}},"alternative-id":["10.1145\/3744901"],"URL":"https:\/\/doi.org\/10.1145\/3744901","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,12]]},"assertion":[{"value":"2024-12-28","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-05-28","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-03-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}