Towards designing an extendable vulnerability detection method for executable codes
暂无分享,去创建一个
[1] Babak Sadeghiyan,et al. A Smart Fuzzing Method for Detecting Heap-Based Buffer Overflow in Executable Codes , 2015, 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC).
[2] Dawson R. Engler,et al. EXE: Automatically Generating Inputs of Death , 2008, TSEC.
[3] Dawson R. Engler,et al. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.
[4] Somesh Jha,et al. Buffer overrun detection using linear programming and static analysis , 2003, CCS '03.
[5] Ting Chen,et al. State of the art: Dynamic symbolic execution for automated test generation , 2013, Future Gener. Comput. Syst..
[6] Thomas W. Reps,et al. WYSINWYX: What you see is not what you eXecute , 2005, TOPL.
[7] Carl E. Landwehr,et al. Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.
[8] Nahid Shahmehri,et al. Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs , 2006, 2006 22nd IEEE International Conference on Software Maintenance.
[9] John Grundy,et al. Supporting automated vulnerability analysis using formalized vulnerability signatures , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.
[10] Koushik Sen,et al. DART: directed automated random testing , 2005, PLDI '05.
[11] Babak Sadeghiyan,et al. Smart fuzzing method for detecting stack-based buffer overflow in binary codes , 2016, IET Softw..
[12] George Candea,et al. Cloud9: a software testing service , 2010, OPSR.
[13] Zhihua Cai,et al. Evaluation Measures of the Classification Performance of Imbalanced Data Sets , 2009 .
[14] Junfeng Yang,et al. MECA: an extensible, expressive system and language for statically checking security properties , 2003, CCS '03.
[15] Benjamin Livshits,et al. Fast and Precise Sanitizer Analysis with BEK , 2011, USENIX Security Symposium.
[16] Erik Meijer. Your mouse is a database , 2012, CACM.
[17] Amel Mammar,et al. VDC-Based Dynamic Code Analysis: Application to C Programs , 2011, J. Internet Serv. Inf. Secur..
[18] John A. Hamilton,et al. Static analysis of anomalies and security vulnerabilities in executable files , 2006, ACM-SE 44.
[19] Herbert Bos,et al. Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations , 2013, USENIX Security Symposium.
[20] David A. Wagner,et al. Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs , 2009, USENIX Security Symposium.
[21] David A. Wagner,et al. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.
[22] Patrice Godefroid,et al. SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.
[23] David A. Wagner,et al. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .
[24] Giovanni Vigna,et al. Multi-module vulnerability analysis of web-based applications , 2007, CCS '07.
[25] George Candea,et al. S2E: a platform for in-vivo multi-path analysis of software systems , 2011, ASPLOS XVI.
[26] Benjamin Livshits,et al. Securing web applications with static and dynamic information flow tracking , 2008, PEPM '08.
[27] Michael Rodeh,et al. CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.
[28] Nicholas Nethercote,et al. Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.
[29] Tihamer Levendovszky,et al. An Incremental OCL Compiler for Modeling Environments , 2008, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..