{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T06:40:25Z","timestamp":1762324825428,"version":"3.37.3"},"reference-count":19,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,9,27]],"date-time":"2020-09-27T00:00:00Z","timestamp":1601164800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61702540","2018JJ3615"],"award-info":[{"award-number":["61702540","2018JJ3615"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004735","name":"Natural Science Foundation of Hunan Province","doi-asserted-by":"publisher","award":["61702540","2018JJ3615"],"award-info":[{"award-number":["61702540","2018JJ3615"]}],"id":[{"id":"10.13039\/501100004735","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Scientific Programming"],"published-print":{"date-parts":[[2020,9,27]]},"abstract":"<jats:p>In recent years, increased attention is being given to software quality assurance and protection. With considerable verification and protection schemes proposed and deployed, today\u2019s software unfortunately still fails to be protected from cyberattacks, especially in the presence of insecure organization of heap metadata. In this paper, we aim to explore whether heap metadata could be corrupted and exploited by cyberattackers, in an attempt to assess the exploitability of vulnerabilities and ensure software quality. To this end, we propose <jats:italic>RELAY<\/jats:italic>, a software testing framework to simulate human exploitation behavior for metadata corruption at the machine level. <jats:italic>RELAY<\/jats:italic> employs the heap layout serialization method to construct exploit patterns from human expertise and decomposes complex exploit-solving problems into a series of intermediate state-solving subproblems. With the heap layout procedural method, <jats:italic>RELAY<\/jats:italic> makes use of the fewer resources consumed to solve a layout problem according to the exploit pattern, activates the intermediate state, and generates the final exploit. Additionally, <jats:italic>RELAY<\/jats:italic> can be easily extended and can continuously assimilate human knowledge to enhance its ability for exploitability evaluation. Using 20 CTF&amp;RHG programs, we then demonstrate that <jats:italic>RELAY<\/jats:italic> has the ability to evaluate the exploitability of metadata corruption vulnerabilities and works more efficiently compared with other state-of-the-art automated tools.<\/jats:p>","DOI":"10.1155\/2020\/8883746","type":"journal-article","created":{"date-parts":[[2020,9,27]],"date-time":"2020-09-27T23:31:11Z","timestamp":1601249471000},"page":"1-21","source":"Crossref","is-referenced-by-count":3,"title":["A Pattern-Based Software Testing Framework for Exploitability Evaluation of Metadata Corruption Vulnerabilities"],"prefix":"10.1155","volume":"2020","author":[{"given":"Fenglei","family":"Deng","sequence":"first","affiliation":[{"name":"College of Electronic Science, National University of Defense Technology, Changsha 410073, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3737-4175","authenticated-orcid":true,"given":"Jian","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Electronic Science, National University of Defense Technology, Changsha 410073, China"}]},{"given":"Bin","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Electronic Science, National University of Defense Technology, Changsha 410073, China"}]},{"given":"Chao","family":"Feng","sequence":"additional","affiliation":[{"name":"College of Electronic Science, National University of Defense Technology, Changsha 410073, China"}]},{"given":"Zhiyuan","family":"Jiang","sequence":"additional","affiliation":[{"name":"College of Electronic Science, National University of Defense Technology, Changsha 410073, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3698-9389","authenticated-orcid":true,"given":"Yunfei","family":"Su","sequence":"additional","affiliation":[{"name":"College of Electronic Science, National University of Defense Technology, Changsha 410073, China"}]}],"member":"311","reference":[{"volume":"2020","journal-title":"Mathematical Problems in Engineering","year":"2020","key":"1"},{"volume":"2018","journal-title":"Journal of Systems & Software","year":"2018","key":"2"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1109\/mc.2011.229"},{"key":"6","first-page":"1","volume":"1","year":"2020","journal-title":"Software Quality Control"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1049\/iet-sen.2015.0039"},{"volume":"10","journal-title":"Wireless Personal Communications","year":"2018","key":"8"},{"volume":"10","journal-title":"IEEE Transactions on Reliability","year":"2018","key":"9"},{"volume":"10","journal-title":"Computer Architecture News","year":"2006","key":"12"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1587\/transinf.e97.d.601"},{"volume":"10","journal-title":"Journal of Computer Security","year":"2016","key":"17"},{"volume":"10","journal-title":"Information & Software Technology","year":"2018","key":"19"},{"year":"2009","key":"21"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1109\/msp.2018.1870858"},{"key":"36","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"issue":"5","key":"38","first-page":"489","volume":"45","year":"2017","journal-title":"IEEE Transactions on Software Engineering"},{"volume":"22","journal-title":"Advances in Computers","year":"2018","key":"41"},{"issue":"3","key":"61","first-page":"162","volume":"27","year":"2017","journal-title":"Information Security Journal: A Global Perspective"},{"key":"62","first-page":"13758","volume":"7","year":"2017","journal-title":"IEEE Access"},{"key":"63","doi-asserted-by":"publisher","DOI":"10.1109\/tetc.2016.2606384"}],"container-title":["Scientific Programming"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/sp\/2020\/8883746.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/sp\/2020\/8883746.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/sp\/2020\/8883746.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,27]],"date-time":"2020-09-27T23:31:22Z","timestamp":1601249482000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/sp\/2020\/8883746\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,27]]},"references-count":19,"alternative-id":["8883746","8883746"],"URL":"https:\/\/doi.org\/10.1155\/2020\/8883746","relation":{},"ISSN":["1058-9244","1875-919X"],"issn-type":[{"type":"print","value":"1058-9244"},{"type":"electronic","value":"1875-919X"}],"subject":[],"published":{"date-parts":[[2020,9,27]]}}}