{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T18:36:04Z","timestamp":1725474964284},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540360148"},{"type":"electronic","value":"9783540360179"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11790754_1","type":"book-chapter","created":{"date-parts":[[2006,11,27]],"date-time":"2006-11-27T13:02:37Z","timestamp":1164632557000},"page":"1-16","source":"Crossref","is-referenced-by-count":14,"title":["Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs"],"prefix":"10.1007","author":[{"given":"Ebrima N.","family":"Ceesay","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jingmin","family":"Zhou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Gertz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Karl","family":"Levitt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matt","family":"Bishop","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"1_CR1","unstructured":"The ICAT team: Icat vulnerability statistics (2005), http:\/\/icat.nist.gov\/icat.cfm?function=statistics"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Foster, J.S., F\u00e4hndrich, M., Aiken, A.: A theory of type qualifiers. In: Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 1999), Atlanta, Georgia (1999)","DOI":"10.1145\/301618.301665"},{"key":"1_CR3","unstructured":"Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th Usenix Security Symposium, Washington, DC (2001)"},{"key":"1_CR4","unstructured":"Blexim: Basic integer overflows. Phrack Issue 0x3c, Phile 0x0a of 0x10 (2002)"},{"key":"1_CR5","unstructured":"CERT: Apache web server chunk handling vulnerability. Advisory CA-2002-17 (2002)"},{"key":"1_CR6","unstructured":"CERT: Openssh vulnerabilities in challenge response. Advisory CA-2002-18 (2002)"},{"key":"1_CR7","unstructured":"CERT: Integer overflow in sun rpc xdr library routines. Advisory CA-2003-10 (2003)"},{"key":"1_CR8","doi-asserted-by":"crossref","unstructured":"CERT: Apple quicktime contains an integer overflow in the \u201cquicktime.qts\u201d extension. Vulnerability Note VU#782958 (2004)","DOI":"10.1016\/B978-012088401-8\/50012-3"},{"key":"1_CR9","unstructured":"X-Force: Sendmail debugging function signed integer overflow. Vulnerability DB Entry 7016 (2001)"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/978-3-540-30108-0_24","volume-title":"Computer Security \u2013 ESORICS 2004","author":"R. Chinchani","year":"2004","unstructured":"Chinchani, R., Iyer, A., Jayaraman, B., Upadhyaya, S.: ARCHERR: Runtime environment driven program safety. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol.\u00a03193, pp. 385\u2013406. Springer, Heidelberg (2004)"},{"key":"1_CR11","unstructured":"Horovitz, O.: Big loop integer protection. Phrack Issue 0x3c, Phile 0x09 of 0x10 (2002)"},{"key":"1_CR12","unstructured":"Howard, M.: An overlooked construct and an integer overflow redux (2003), http:\/\/msdn.microsoft.com\/library\/en-us\/dncode\/html\/secure09112003.asp"},{"key":"1_CR13","unstructured":"Howard, M.: Reviewing code for integer manipulation vulnerabilities (2003), http:\/\/msdn.microsoft.com\/library\/en-us\/dncode\/html\/secure04102003.asp"},{"key":"1_CR14","unstructured":"LeBlanc, D.: Integer handling with the c++ safeint class (2004), http:\/\/msdn.microsoft.com\/library\/en-us\/dncode\/html\/secure01142004.asp"},{"key":"1_CR15","unstructured":"Biba, K.J.: Integrity considerations for secure computer system. Technical Report ESD-TR-76-372, MTR-3153, The MITRE Corporation, USAF Electronic Systems Division, Bedford, MA (1977)"},{"key":"1_CR16","unstructured":"Johnson, R., Wagner, D.: Finding user\/kernel pointer bugs with type inference. In: Proceedings of the 13th USENIX Security Symposium, San Diego, CA (2004)"},{"key":"1_CR17","unstructured":"Foster, J.S.: Type Qualifiers: Lightweight Specifications to Improve Software Quality. PhD thesis. University of California, Berkeley (2002)"},{"key":"1_CR18","unstructured":"Boutell.com: Gd graphics library (2004), http:\/\/www.boutell.com\/gd\/"},{"key":"1_CR19","unstructured":"Gentoo Linux: Gd: Integer overflow. Security Advisory GLSA 200411-08 (2004)"},{"key":"1_CR20","unstructured":"The rsync project: News for rsync 2.5.7 (2003), http:\/\/rsync.samba.org"},{"key":"1_CR21","unstructured":"Sirainen, T.: Possible security hole (2003), http:\/\/www.mail-archive.com\/rsync.lists.samba.org\/msg08271.html"},{"key":"1_CR22","unstructured":"The GNOME Project: Gnome imaging model - gdkpixbuf (2003), http:\/\/developer.gnome.org\/arch\/imaging\/gdkpixbuf.html"},{"key":"1_CR23","unstructured":"CERT: Gdkpixbuf xpm parser contains a heap overflow vulnerability. Vulnerability Note VU#729894 (2004)"},{"key":"1_CR24","unstructured":"CERT: Gdkpixbuf ico parser contains a integer overflow vulnerability. Vulnerability Note VU#577654 (2004)"},{"key":"1_CR25","unstructured":"CERT: Libtiff contains multiple heap-based buffer overflows. Vulnerability Note VU#948752 (2004)"},{"key":"1_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/978-3-540-24730-2_23","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"Z. Su","year":"2004","unstructured":"Su, Z., Wagner, D.: A class of polynomially solvable range constraints for interval analysis without widenings and narrowings. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol.\u00a02988, pp. 280\u2013295. Springer, Heidelberg (2004)"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Viega, J., Bloch, J.T., Kohno, T., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. ACM Transactions on Information and System Security\u00a05 (2002)","DOI":"10.1145\/545186.545188"},{"key":"1_CR28","unstructured":"Secure Software Inc.: Rats: Rough auditing tool for security (2002), http:\/\/www.securesw.com\/rats.php"},{"key":"1_CR29","unstructured":"Wheeler, D.A.: Flawfinder (2001), http:\/\/www.dwheeler.com\/flawfinder\/"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Evans, D.: Static detection of dynamic memory errors. In: Proceedings of the 1996 ACM Conference on Programming Language Design and Implementation (SIGPLAN), pp. 44\u201353 (1996)","DOI":"10.1145\/231379.231389"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Ashcraft, K., Engler, D.R.: Using programmer-written compiler extensions to catch security holes. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 143\u2013159 (2002)","DOI":"10.1109\/SECPRI.2002.1004368"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware & Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11790754_1.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T07:23:12Z","timestamp":1619508192000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11790754_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540360148","9783540360179"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/11790754_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}