{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T17:29:14Z","timestamp":1725470954727},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540383413"},{"type":"electronic","value":"9783540383437"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11836810_2","type":"book-chapter","created":{"date-parts":[[2006,10,3]],"date-time":"2006-10-03T10:36:57Z","timestamp":1159871817000},"page":"17-31","source":"Crossref","is-referenced-by-count":0,"title":["Transparent Run-Time Prevention of Format-String Attacks Via Dynamic Taint and Flexible Validation"],"prefix":"10.1007","author":[{"given":"Zhiqiang","family":"Lin","sequence":"first","affiliation":[]},{"given":"Nai","family":"Xia","sequence":"additional","affiliation":[]},{"given":"Guole","family":"Li","sequence":"additional","affiliation":[]},{"given":"Bing","family":"Mao","sequence":"additional","affiliation":[]},{"given":"Li","family":"Xie","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"tf8. Wu-Ftpd Remote Format String Stack Overwrite Vulnerability (2000), At:\n                    \n                      http:\/\/www.securityfocus.com\/bid\/1387"},{"key":"2_CR2","unstructured":"NIST National Vunerability Database (2006), At: \n                    \n                      http:\/\/nvd.nist.gov"},{"key":"2_CR3","unstructured":"Scut, team teso: Exploiting Format String Vulnerabilities (2001), At: \n                    \n                      http:\/\/www.team-teso.net\/releases\/formatstring-1.2.tar.gz"},{"key":"2_CR4","unstructured":"Riq and Gera: Advances in format string exploitation. Phrack Magazine\u00a059(7) (2002), At: \n                    \n                      http:\/\/www.phrack.org\/phrack\/59\/p59-0x07"},{"issue":"5","key":"2_CR5","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1002\/spe.515","volume":"33","author":"K. Lhee","year":"2003","unstructured":"Lhee, K., Chapin, S.: Buffer overflow and format string overflow vulnerabilities. Software-Practice & Experience\u00a033(5), 423\u2013460 (2003)","journal-title":"Software-Practice & Experience"},{"key":"2_CR6","unstructured":"Anley, C.: Advanced SQL Injection In SQL Server Applications. Technical Report, NGSSoftware Insight Security Research (2002)"},{"key":"2_CR7","unstructured":"Jacobowitz, D.: Multiple Linux Vendor rpc.statd Remote Format String Vulnerability (2000), At: \n                    \n                      http:\/\/www.securityfocus.com\/bid\/1480"},{"key":"2_CR8","unstructured":"Kaempf, M.: Splitvt Format String Vulnerability (2001), At: \n                    \n                      http:\/\/www.securityfocus.com\/bid\/2210\/"},{"key":"2_CR9","unstructured":"NSI Rwhoisd Remote Format String Vulnerability (2001), At: \n                    \n                      http:\/\/www.securityfocus.com\/bid\/3474"},{"key":"2_CR10","unstructured":"Pelat, G.: PFinger Format String Vulnerability (2001), At: \n                    \n                      http:\/\/www.securityfocus.com\/bid\/3725"},{"key":"2_CR11","unstructured":"Goldsmith, D.: TCPflow Format String Vulnerability (2003), At: \n                    \n                      http:\/\/www.securityfocus.com\/bid\/8366"},{"key":"2_CR12","unstructured":"Xiao, Z.: An Automated Approach to Software Reliability and Security. Department of Computer Science, University of California at Berkeley (2003) (invited Talk)"},{"key":"2_CR13","unstructured":"Robbins, T.: Libformat (2001), At: \n                    \n                      http:\/\/www.wiretapped.net\/~fyre\/software\/libformat.html"},{"key":"2_CR14","unstructured":"Tsai, T., Singh, N.: Libsafe 2.0: Detection of Format String Vulnerability Exploits (2001), At: \n                    \n                      http:\/\/www.research.avayalabs.com\/project\/libsafe\/doc\/whitepaper-20.pdf"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Ringenburg, M., Grossman, D.: Preventing Format-String Attacks via Automatic and Efficient Dynamic Checking. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, Virginia (2005)","DOI":"10.1145\/1102120.1102166"},{"key":"2_CR16","unstructured":"Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G.: FormatGuard: Automatic protection from printf format string vulnerabilities. In: Proceedings of the 10th USENIX Security Symposium (Security 2001), Washington DC (2001)"},{"key":"2_CR17","unstructured":"Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th USENIX Security Symposium (Security 2001), Washington DC (2001)"},{"key":"2_CR18","unstructured":"TIS. Executable and Linkable Format Version 1.1, At: \n                    \n                      ftp:\/\/download.intel.com\/perftool\/tis\/elf11g.zip"},{"key":"2_CR19","volume-title":"Introduction to Algorithms","author":"T. Cormen","year":"2002","unstructured":"Cormen, T., Stein, C., Rivest, R., Leiserson, C.: Introduction to Algorithms, 2nd edn. MIT Press, Cambridge (2002)","edition":"2"},{"key":"2_CR20","unstructured":"Smirnov, A., Chiueh, T.: DIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005), San Jose, CA (2005)"},{"key":"2_CR21","unstructured":"Avijit, K., Gupta, P., Gupta, D.: TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection. In: Proceedings of the 13th USENIX Security Symposium (Security 2004) (2004)"},{"key":"2_CR22","unstructured":"DeKok, A.: PScan: A limited problem scanner for C source files (2000), At: \n                    \n                       http:\/\/www.striker.ottawa.on.ca\/~aland\/pscan\/"},{"key":"2_CR23","unstructured":"The GNU Compiler Collection. Free Software Foundation, At: \n                    \n                      http:\/\/gnu.gcc.org\/"},{"key":"2_CR24","unstructured":"Perl security manual page, At: \n                    \n                      http:\/\/www.perldoc.com"},{"key":"2_CR25","unstructured":"Zhang, X., Edwards, A., Jaeger, T.: Using CQual for static analysis of authorization hook placement. In: Proceedings of the 11th USENIX Security Symposium (Security 2002) (2002)"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Foster, J., Fahndrich, M., Aiken, A.: A theory of type qualifiers. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 1999) (1999)","DOI":"10.1145\/301618.301665"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Evans, D., Larochelle, D.: Improving Security Using Extensible Lightweight Static Analysis. In: IEEE Software (January\/February 2002)","DOI":"10.1109\/52.976940"},{"key":"2_CR28","unstructured":"Tuong, A.N., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically hardening web applications using precise tainting. In: Proceedings of the 20th IFIP International Information Security Conference (SEC 2005) (2005)"},{"key":"2_CR29","doi-asserted-by":"crossref","unstructured":"Suh, G., Lee, J., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2004), Boston, MA (2004)","DOI":"10.1145\/1024393.1024404"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., Iyer, R.K.: Defeating memory corruption attacks via pointer taintedness detection. In: Proceedings of IEEE International Conference on Dependable Systems and Networks (DSN 2005) (2005)","DOI":"10.1109\/DSN.2005.36"},{"key":"2_CR31","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005), San Jose, CA (2005)"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11836810_2.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T07:14:42Z","timestamp":1619507682000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11836810_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540383413","9783540383437"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/11836810_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}