{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T22:19:44Z","timestamp":1743113984982,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":45,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540494966"},{"type":"electronic","value":"9783540494973"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11935308_27","type":"book-chapter","created":{"date-parts":[[2006,11,15]],"date-time":"2006-11-15T06:26:42Z","timestamp":1163572002000},"page":"379-398","source":"Crossref","is-referenced-by-count":19,"title":["Efficient Protection Against Heap-Based Buffer Overflows Without Resorting to Magic"],"prefix":"10.1007","author":[{"given":"Yves","family":"Younan","sequence":"first","affiliation":[]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[]},{"given":"Frank","family":"Piessens","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"27_CR1","unstructured":"Aleph One: Smashing the stack for fun and profit. Phrack\u00a049 (1996)"},{"key":"27_CR2","unstructured":"Younan, Y., Joosen, W., Piessens, F.: Code injection in C and C++: A survey of vulnerabilities and countermeasures. Technical Report CW386, Departement Computerwetenschappen, Katholieke Universiteit Leuven (2004)"},{"key":"27_CR3","doi-asserted-by":"crossref","unstructured":"Austin, T.M., Breach, S.E., Sohi, G.S.: Efficient detection of all pointer and array access errors. In: Proc. of the ACM 1994 Conf. on Programming Language Design and Implementation, Orlando, FL (1994)","DOI":"10.1145\/178243.178446"},{"key":"27_CR4","unstructured":"Jones, R.W.M., Kelly, P.H.J.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Proc. of the 3rd Int. Workshop on Automatic Debugging, Link\u00f6ping, Sweden (1997)"},{"key":"27_CR5","unstructured":"Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Proc. of the 11th Network and Distributed System Security Symp., San Diego, CA (2004)"},{"key":"27_CR6","doi-asserted-by":"crossref","unstructured":"Xu, W., DuVarney, D.C., Sekar, R.: An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In: Proc. of the 12th ACM Int. Symp. on Foundations of Software Engineering, Newport Beach, CA (2004)","DOI":"10.1145\/1041685.1029913"},{"key":"27_CR7","unstructured":"Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. of the 7th USENIX Security Symp., San Antonio, TX (1998)"},{"key":"27_CR8","unstructured":"Etoh, H., Yoda, K.: Protecting from stack-smashing attacks. Technical report, IBM Research Divison, Tokyo Research Laboratory (2000)"},{"key":"27_CR9","unstructured":"Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: USENIX 2000 Technical Conf. Proc., San Diego, CA (2000)"},{"key":"27_CR10","unstructured":"Xu, J., Kalbarczyk, Z., Patel, S., Ravishankar, K.I.: Architecture support for defending against buffer overflow attacks. In: Second Workshop on Evaluating and Architecting System dependabilitY, San Jose, CA (2002)"},{"key":"27_CR11","doi-asserted-by":"crossref","unstructured":"Younan, Y., Pozza, D., Joosen, W., Piessens, F.: Extended protection against stack smashing attacks without performance loss. In: Proc. of the Annual Computer Security Apps. Conf., Miami, FL (2006)","DOI":"10.1109\/ACSAC.2006.27"},{"key":"27_CR12","unstructured":"Robertson, W., Kruegel, C., Mutz, D., Valeur, F.: Run-time detection of heap-based overflows. In: Proc. of the 17th Large Installation Systems Administrators Conf., San Diego, CA (2003)"},{"key":"27_CR13","unstructured":"Krennmair, A.: ContraPolice: a libc extension for protecting applications from heap-smashing attacks (2003), \n                    \n                      http:\/\/www.synflood.at\/contrapolice\/"},{"key":"27_CR14","unstructured":"Perens, B.: Electric fence 2.0.5 (1999), \n                    \n                      http:\/\/perens.com\/FreeSoftware\/"},{"key":"27_CR15","unstructured":"Free Software Foundation: GNU C library (2004), \n                    \n                      http:\/\/www.gnu.org\/software\/libc"},{"key":"27_CR16","unstructured":"Younan, Y.: Dnmalloc 1.0 (2005), \n                    \n                      http:\/\/www.fort-knox.org"},{"key":"27_CR17","unstructured":"Kamp, P.H.: Malloc(3) revisted. In: Proc. of the USENIX 1998 Anual technical conference, New Orleans, LA (1998)"},{"key":"27_CR18","unstructured":"Summit, S.: Re: One of your c.l.c faq question. Comp.lang.C newsgroup (2001)"},{"key":"27_CR19","unstructured":"Bulba, Kil3r: Bypassing Stackguard and stackshield. Phrack 56 (2000)"},{"key":"27_CR20","unstructured":"anonymous: Once upon a free(). Phrack 57 (2001)"},{"key":"27_CR21","unstructured":"Kaempf, M.: Vudo - an object superstitiously believed to embody magical powers. Phrack 57 (2001)"},{"key":"27_CR22","unstructured":"Solar Designer: JPEG COM marker processing vulnerability in netscape browsers (2000), \n                    \n                      http:\/\/www.openwall.com\/advisories\/OW-002-netscape-jpeg.txt"},{"key":"27_CR23","unstructured":"Lea, D., Gloger, W.: malloc-2.7.2.c. Comments in source code (2001)"},{"key":"27_CR24","unstructured":"Gloger, W.: ptmalloc (1999), \n                    \n                      http:\/\/www.malloc.de\/en\/"},{"key":"27_CR25","unstructured":"Dobrovitski, I.: Exploit for CVS double free() for linux pserver (2003), \n                    \n                      http:\/\/seclists.org\/lists\/bugtraq\/2003\/Feb\/0042.html"},{"key":"27_CR26","volume-title":"Advanced Programming in the UNIX env.","author":"W.R. Stevens","year":"1993","unstructured":"Stevens, W.R.: Advanced Programming in the UNIX env. Addison-Wesley, Reading (1993)"},{"key":"27_CR27","unstructured":"The PaX Team: Documentation for PaX (2000), \n                    \n                      http:\/\/pax.grsecurity.net"},{"key":"27_CR28","doi-asserted-by":"crossref","unstructured":"Henning, J.L.: Spec cpu2000: Measuring cpu performance in the new millennium. Computer\u00a033(7) (2000)","DOI":"10.1109\/2.869367"},{"key":"27_CR29","doi-asserted-by":"crossref","unstructured":"Grunwald, D., Zorn, B., Henderson, R.: Improving the cache locality of memory allocation. In: Proc. of the ACM 1993 Conf. on Programming Language Design and Implementation, New York, NY (1993)","DOI":"10.1145\/155090.155107"},{"key":"27_CR30","doi-asserted-by":"crossref","unstructured":"Johnstone, M.S., Wilson, P.R.: The memory fragmentation problem: Solved? In: Proc. of the 1st ACM Int. Symp. on Memory Management, Vancouver, BC (1998)","DOI":"10.1145\/286860.286864"},{"key":"27_CR31","doi-asserted-by":"crossref","unstructured":"Berger, E.D., Zorn, B.G., McKinley, K.S.: Composing high-performance memory allocators. In: Proc. of the ACM Conf. on Programming Language Design and Implementation, Snowbird, UT (2001)","DOI":"10.1145\/378795.378821"},{"key":"27_CR32","doi-asserted-by":"crossref","unstructured":"Berger, E.D., Zorn, B.G., McKinley, K.S.: Reconsidering custom memory allocation. In: Proc. of the ACM Conf. on Object-Oriented Programming Systems, Languages and Apps., Seattle, WA (2002)","DOI":"10.1145\/582419.582421"},{"key":"27_CR33","unstructured":"van der Pas, R.: Memory hierarchy in cache-based systems. Technical Report 817-0742-10, Sun Microsystems, Sant a Clara, CA (2002)"},{"key":"27_CR34","unstructured":"Zen-parse: Wu-ftpd 2.6.1 exploit. Vuln-dev mailinglist (2001)"},{"key":"27_CR35","unstructured":"Kaempf, M.: Sudo exploit. Bugtraq mailinglist (2001)"},{"key":"27_CR36","unstructured":"Phantasmagoria, P.: The malloc maleficarum. Bugtraq mailinglist (2005)"},{"key":"27_CR37","unstructured":"Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: protecting pointers from buffer overflow vulnerabilities. In: Proc. of the 12th USENIX Security Symp., Washington, DC (2003)"},{"key":"27_CR38","unstructured":"Alexander, S.: Defeating compiler-level buffer overflow protection. The USENIX Magazine\u00a030 (2005)"},{"key":"27_CR39","unstructured":"Solar Designer: Non-executable stack patch (1998), \n                    \n                      http:\/\/www.openwall.com"},{"key":"27_CR40","unstructured":"Wojtczuk, R.: Defeating Solar Designer\u2019s Non-executable Stack Patch. Bugtraq mailinglist (1998)"},{"key":"27_CR41","unstructured":"Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proc. of the 12th USENIX Security Symp., Washington, DC (2003)"},{"key":"27_CR42","doi-asserted-by":"crossref","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the Effectiveness of Address-Space Randomization. In: Proc. of the 11th ACM Conf. on Computer and communications security, Washington, DC (2004)","DOI":"10.1145\/1030083.1030124"},{"key":"27_CR43","unstructured":"Avijit, K., Gupta, P., Gupta, D.: Tied, libsafeplus: Tools for runtime buffer overflow protection. In: Proc. of the 13th USENIX Security Symp., San Diego, CA (2004)"},{"key":"27_CR44","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proc. of the 11th USENIX Security Symp., San Francisco, CA (2002)"},{"key":"27_CR45","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proc. of the 12th ACM Conf. on Computer and Communications Security, Alexandria, VA (2005)","DOI":"10.1145\/1102120.1102165"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11935308_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,25]],"date-time":"2019-08-25T20:09:39Z","timestamp":1566763779000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11935308_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540494966","9783540494973"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/11935308_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}