Using type analysis in compiler to mitigate integer-overflow-to-buffer-overflow threat
暂无分享,去创建一个
Yu Chen | Tao Wei | Chao Zhang | Wei Zou | Tielei Wang | Tao Wei | Wei Zou | Tielei Wang | Chao Zhang | Yu Chen
[1] Alexander Aiken,et al. A theory of type qualifiers , 1999, PLDI '99.
[2] Dawson R. Engler,et al. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.
[3] Steven S. Muchnick,et al. Advanced Compiler Design and Implementation , 1997 .
[4] Shambhu J. Upadhyaya,et al. ARCHERR: Runtime Environment Driven Program Safety , 2004, ESORICS.
[5] Jun Xu,et al. Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.
[6] Tao Wei,et al. IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution , 2009, NDSS.
[7] Hovav Shacham,et al. On the effectiveness of address-space randomization , 2004, CCS '04.
[8] Alfred V. Aho,et al. Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.
[9] Timothy Wilson,et al. As-If Infinitely Ranged Integer Model , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.
[10] Ravishankar K. Iyer,et al. A data-driven finite state machine model for analyzing security vulnerabilities , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..
[11] David Brumley,et al. RICH: Automatically Protecting Against Integer-Based Vulnerabilities , 2007, NDSS.
[12] Vikram S. Adve,et al. LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..
[13] Chris Lattner,et al. LLVM: AN INFRASTRUCTURE FOR MULTI-STAGE OPTIMIZATION , 2000 .
[14] Koushik Sen,et al. CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.
[15] Alexander Aiken,et al. Flow-sensitive type qualifiers , 2002, PLDI '02.
[16] George C. Necula,et al. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.
[17] Dawson R. Engler,et al. EXE: automatically generating inputs of death , 2006, CCS '06.
[18] user surfaces,et al. Data Execution Prevention , 2011 .
[19] Mark N. Wegman,et al. Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.
[20] Michael Hind,et al. Pointer analysis: haven't we solved this problem yet? , 2001, PASTE '01.
[21] Wayne Luk,et al. Synthesis of saturation arithmetic architectures , 2003, TODE.
[22] Michael Gertz,et al. Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs , 2006, DIMVA.
[23] David A. Wagner,et al. Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs , 2009, USENIX Security Symposium.
[24] Wouter Joosen,et al. PAriCheck: an efficient pointer arithmetic checker for C programs , 2010, ASIACCS '10.
[25] David W. Binkley,et al. Program slicing , 2008, 2008 Frontiers of Software Maintenance.
[26] Koushik Sen,et al. DART: directed automated random testing , 2005, PLDI '05.