A runtime-testing method for integer overflow detection based on metamorphic relations

[1]  Brian A. Wichmann,et al.  Industrial perspective on static analysis , 1995, Softw. Eng. J..

[2]  Jacob West,et al.  Secure Programming with Static Analysis , 2007 .

[3]  Tsong Yueh Chen,et al.  Proportional sampling strategy: guidelines for software testing practitioners , 1996, Inf. Softw. Technol..

[4]  Michael Gertz,et al.  Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs , 2006, DIMVA.

[5]  Robert C. Seacord,et al.  Secure coding in C and C , 2005 .

[6]  Wang Jinfeng,et al.  Application of Automated Testing Tool in GIS Modeling , 2009, 2009 WRI World Congress on Software Engineering.

[7]  Tsong Yueh Chen,et al.  On the statistical properties of the F-measure , 2004 .

[8]  Gregg Rothermel,et al.  Supporting Controlled Experimentation with Testing Techniques: An Infrastructure and its Potential Impact , 2005, Empirical Software Engineering.

[9]  Song Huang,et al.  A taxonomy of software security defects for SST , 2010, 2010 International Conference on Intelligent Computing and Integrated Systems.

[10]  Yi Wang,et al.  BRICK: A Binary Tool for Run-Time Detecting and Locating Integer-Based Vulnerability , 2009, 2009 International Conference on Availability, Reliability and Security.

[11]  Elaine J. Weyuker,et al.  On Testing Non-Testable Programs , 1982, Comput. J..

[12]  Huai Liu,et al.  Does Adaptive Random Testing Deliver a Higher Confidence than Random Testing? , 2008, 2008 The Eighth International Conference on Quality Software.

[13]  Peng Ning,et al.  Memsherlock: an automated debugger for unknown memory corruption vulnerabilities , 2007, CCS '07.

[14]  Michael D. Ernst Invited Talk Static and dynamic analysis: synergy and duality , 2004, PASTE '04.

[15]  Johannes Mayer,et al.  An Empirical Study on the Selection of Good Metamorphic Relations , 2006, 30th Annual International Computer Software and Applications Conference (COMPSAC'06).

[16]  Ying Liu,et al.  Metamorphic Testing and Testing with Special Values , 2004, SNPD.

[17]  Brent Hailpern,et al.  Software debugging, testing, and verification , 2002, IBM Syst. J..

[18]  Song Huang,et al.  Metamorphic Testing Integer Overflow Faults of Mission Critical Program: A Case Study , 2013 .

[19]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[20]  Gregg Rothermel,et al.  An experimental evaluation of selective mutation , 1993, Proceedings of 1993 15th International Conference on Software Engineering.

[21]  Sandro Morasca,et al.  On the analytical comparison of testing techniques , 2004, ISSTA '04.

[22]  David A. Wagner,et al.  Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs , 2009, USENIX Security Symposium.

[23]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[24]  Song Huang,et al.  A Formal Model for Metamorphic Relation Decomposition , 2013, 2013 Fourth World Congress on Software Engineering.

[25]  Stephen McCamant,et al.  Statically-directed dynamic automated test generation , 2011, ISSTA '11.