{"id":"https://openalex.org/W4387321736","doi":"https://doi.org/10.1145/3607199.3607229","title":"All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and Detectability","display_name":"All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and Detectability","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387321736","doi":"https://doi.org/10.1145/3607199.3607229"},"language":"en","primary_location":{"is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607229","pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false},"type":"article","type_crossref":"proceedings-article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://vtechworks.lib.vt.edu/bitstreams/0da0f941-f8ca-4d7f-bcbb-fed10259421a/download","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102897104","display_name":"Zeyu Chen","orcid":"https://orcid.org/0009-0003-8910-0242"},"institutions":[{"id":"https://openalex.org/I86501945","display_name":"University of Delaware","ror":"https://ror.org/01sbq1a82","country_code":"US","type":"education","lineage":["https://openalex.org/I86501945"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zeyu Chen","raw_affiliation_strings":["University of Delaware, USA"],"affiliations":[{"raw_affiliation_string":"University of Delaware, USA","institution_ids":["https://openalex.org/I86501945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053996887","display_name":"Daiping Liu","orcid":"https://orcid.org/0000-0002-9660-4444"},"institutions":[{"id":"https://openalex.org/I86501945","display_name":"University of Delaware","ror":"https://ror.org/01sbq1a82","country_code":"US","type":"education","lineage":["https://openalex.org/I86501945"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daiping Liu","raw_affiliation_strings":["University of Delaware, United States of America"],"affiliations":[{"raw_affiliation_string":"University of Delaware, United States of America","institution_ids":["https://openalex.org/I86501945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076503447","display_name":"Jidong Xiao","orcid":"https://orcid.org/0000-0001-6807-9999"},"institutions":[{"id":"https://openalex.org/I165799507","display_name":"Rensselaer Polytechnic Institute","ror":"https://ror.org/01rtyzb94","country_code":"US","type":"education","lineage":["https://openalex.org/I165799507"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jidong Xiao","raw_affiliation_strings":["Rensselaer Polytechnic Institute, USA"],"affiliations":[{"raw_affiliation_string":"Rensselaer Polytechnic Institute, USA","institution_ids":["https://openalex.org/I165799507"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059795206","display_name":"Haining Wang","orcid":"https://orcid.org/0000-0002-4174-3009"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haining Wang","raw_affiliation_strings":["Virginia Tech, United States of America"],"affiliations":[{"raw_affiliation_string":"Virginia Tech, United States of America","institution_ids":["https://openalex.org/I859038795"]}]}],"institution_assertions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.208,"has_fulltext":true,"fulltext_origin":"pdf","cited_by_count":3,"citation_normalized_percentile":{"value":0.626095,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":85,"max":88},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9974,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9971,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.44897217},{"id":"https://openalex.org/keywords/python","display_name":"Python","score":0.44811234},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical Research","score":0.41812256},{"id":"https://openalex.org/keywords/root","display_name":"Root (linguistics)","score":0.41629416}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.708562},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6750895},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5918981},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.509051},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.44897217},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.44811234},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.41812256},{"id":"https://openalex.org/C171078966","wikidata":"https://www.wikidata.org/wiki/Q111029","display_name":"Root (linguistics)","level":2,"score":0.41629416},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.38378385},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21070081},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1893745},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08794421},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607229","pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false},{"is_oa":true,"landing_page_url":"https://hdl.handle.net/10919/116595","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/0da0f941-f8ca-4d7f-bcbb-fed10259421a/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":["Virginia Tech"],"type":"repository"},"license":"mit","license_id":"https://openalex.org/licenses/mit","version":"publishedVersion","is_accepted":true,"is_published":true}],"best_oa_location":{"is_oa":true,"landing_page_url":"https://hdl.handle.net/10919/116595","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/0da0f941-f8ca-4d7f-bcbb-fed10259421a/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":["Virginia Tech"],"type":"repository"},"license":"mit","license_id":"https://openalex.org/licenses/mit","version":"publishedVersion","is_accepted":true,"is_published":true},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, justice, and strong institutions","score":0.47}],"grants":[],"datasets":[],"versions":[],"referenced_works_count":45,"referenced_works":["https://openalex.org/W1546956568","https://openalex.org/W1599830632","https://openalex.org/W1984471991","https://openalex.org/W1985679169","https://openalex.org/W1997394198","https://openalex.org/W2002934700","https://openalex.org/W2028820179","https://openalex.org/W2043811931","https://openalex.org/W2059278087","https://openalex.org/W2078186835","https://openalex.org/W2089750484","https://openalex.org/W2101161997","https://openalex.org/W2127321265","https://openalex.org/W2130745898","https://openalex.org/W2134028114","https://openalex.org/W2144706305","https://openalex.org/W2145458045","https://openalex.org/W2146649139","https://openalex.org/W2146878883","https://openalex.org/W2149263382","https://openalex.org/W2152519028","https://openalex.org/W2154557525","https://openalex.org/W2156858199","https://openalex.org/W2165266180","https://openalex.org/W2243109068","https://openalex.org/W2315953879","https://openalex.org/W2327265941","https://openalex.org/W2508576555","https://openalex.org/W2534728012","https://openalex.org/W2606752733","https://openalex.org/W2613534458","https://openalex.org/W2766540688","https://openalex.org/W2773223713","https://openalex.org/W2777430404","https://openalex.org/W2790465281","https://openalex.org/W2794889478","https://openalex.org/W2890363035","https://openalex.org/W2902381500","https://openalex.org/W2947565728","https://openalex.org/W3024830775","https://openalex.org/W4251707615","https://openalex.org/W4251803824","https://openalex.org/W4254616799","https://openalex.org/W4366324995","https://openalex.org/W71566816"],"related_works":["https://openalex.org/W4386541577","https://openalex.org/W4312814274","https://openalex.org/W4306406268","https://openalex.org/W3207760230","https://openalex.org/W2886678613","https://openalex.org/W2789551765","https://openalex.org/W2537809616","https://openalex.org/W17155033","https://openalex.org/W1590307681","https://openalex.org/W1496222301"],"abstract_inverted_index":{"Over":[0],"the":[1,10,25,43,47,79,109,121,141,176,199,224],"past":[2],"decade,":[3],"use-after-free":[4],"(UaF)":[5],"has":[6],"become":[7],"one":[8],"of":[9,14,50,72,84,144,183,198,226],"most":[11],"exploited":[12],"types":[13],"vulnerabilities.":[15,135,236],"To":[16],"address":[17],"this":[18],"increasing":[19],"threat,":[20],"we":[21,210,231],"need":[22],"to":[23,57,107,128,193],"advance":[24],"defense":[26],"in":[27,46,63,214,245],"multiple":[28,93],"directions,":[29],"such":[30,97],"as":[31,98,252,254],"UaF":[32,35,39,51,74,85,117,134,145,165,201,235,250],"vulnerability":[33],"detection,":[34,251],"exploit":[36],"defense,":[37],"and":[38,60,102,113,132,149,247,256],"bug":[40,217,241],"fix.":[41],"Unfortunately,":[42],"intricacy":[44],"rooted":[45],"temporal":[48],"nature":[49],"vulnerabilities":[52,202],"makes":[53],"it":[54],"quite":[55],"challenging":[56],"develop":[58],"effective":[59],"efficient":[61],"defenses":[62],"these":[64],"directions.":[65],"This":[66,76,160],"calls":[67],"for":[68,249],"an":[69,170],"in-depth":[70],"understanding":[71],"real-world":[73,116],"characteristics.":[75],"paper":[77],"presents":[78],"first":[80],"comprehensive":[81],"empirical":[82,122],"study":[83],"vulnerabilities,":[86],"with":[87,203,238],"150":[88,200],"cases":[89],"randomly":[90],"sampled":[91],"from":[92,115],"representative":[94],"software":[95],"suites,":[96],"Linux":[99],"kernel,":[100],"Python,":[101],"Mozilla":[103],"Firefox.":[104],"We":[105,173],"aim":[106],"identify":[108],"commonalities,":[110],"root":[111,142,177],"causes,":[112],"patterns":[114],"bugs,":[118],"so":[119],"that":[120,140,162],"results":[123],"can":[124,185],"provide":[125],"operational":[126],"guidance":[127],"avoid,":[129],"detect,":[130],"deter,":[131],"fix":[133],"Our":[136],"main":[137],"finding":[138],"is":[139,167],"causes":[143,178],"bugs":[146],"are":[147,151],"diverse,":[148],"they":[150],"not":[152,169],"evenly":[153],"or":[154],"equally":[155],"distributed":[156],"among":[157],"different":[158],"software.":[159],"implies":[161],"a":[163,195,215],"generic":[164],"detector/fuzzer":[166],"probably":[168],"optimal":[171],"solution.":[172],"further":[174],"categorize":[175],"into":[179,188],"11":[180,212],"patterns,":[181],"several":[182],"which":[184],"be":[186],"translated":[187],"simple":[189],"static":[190,216,240],"detection":[191],"rules":[192],"cover":[194],"large":[196],"portion":[197],"high":[204],"accuracy.":[205],"Motivated":[206],"by":[207],"our":[208],"findings,":[209],"implement":[211],"checkers":[213],"detector":[218],"called":[219],"Palfrey.":[220],"Running":[221],"Palfrey":[222,243],"on":[223],"code":[225],"popular":[227],"open":[228],"source":[229],"software,":[230],"detect":[232],"9":[233],"new":[234],"Compared":[237],"state-of-the-art":[239],"detectors,":[242],"outperforms":[244],"coverage":[246],"accuracy":[248],"well":[253],"time":[255],"memory":[257],"overhead.":[258]},"cited_by_api_url":"https://api.openalex.org/works?filter=cites:W4387321736","counts_by_year":[{"year":2024,"cited_by_count":3}],"updated_date":"2024-12-06T12:50:34.579835","created_date":"2023-10-04"}