{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T05:48:18Z","timestamp":1743054498643,"version":"3.40.3"},"publisher-location":"Boston, MA","reference-count":33,"publisher":"Springer US","isbn-type":[{"type":"print","value":"9781441901392"},{"type":"electronic","value":"9781441901408"}],"license":[{"start":{"date-parts":[[2009,9,30]],"date-time":"2009-09-30T00:00:00Z","timestamp":1254268800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2009,9,30]],"date-time":"2009-09-30T00:00:00Z","timestamp":1254268800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-1-4419-0140-8_10","type":"book-chapter","created":{"date-parts":[[2009,10,3]],"date-time":"2009-10-03T11:41:32Z","timestamp":1254570092000},"page":"201-223","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Automated Software Vulnerability Analysis"],"prefix":"10.1007","author":[{"given":"Emre C.","family":"Sezer","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chongkyung","family":"Kil","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Ning","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2009,9,30]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"E.D. Berger, K.S. McKinley, R.D. Blumofe, and P.R. Wilson. Hoard: A scalable memory allocator for multithreaded applications. In Ninth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), November 2000.","DOI":"10.1145\/378993.379232"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"David Brumley, James Newsome, Dawn Song, Hao Wang, and Somesh Jha. Towards automatic generation of vulnerability-based signatures. In Proceedings of the IEEE Symposium on Security and Privacy, May 2006.","DOI":"10.21236\/ADA462599"},{"key":"10_CR3","unstructured":"CERT. http:\/\/www.cert.org\/advisories\/CA-2001-19.html."},{"key":"10_CR4","unstructured":"CERT. http:\/\/www.cert.org\/advisories\/CA-2003-04.html."},{"key":"10_CR5","unstructured":"S. Cesare. Shared library call redirection using elf plt infection, April 2007. http:\/\/vx.netlux.org\/lib\/vsc06.html."},{"key":"10_CR6","unstructured":"H. Chen, D. Dean, and D. Wagner. Model checking one million lines of c code. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS), February 2004."},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"H. Chen and D. Wagner. MOPS: an infrastructure for examining security properties of software. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS\u201902), November 2002.","DOI":"10.1145\/586110.586142"},{"key":"10_CR8","unstructured":"Shou Chen, Jun Xu, and Emre C. Sezer. Non-control-data attacks are realistic threats. In Proceedings of 14th USENIX Security Symposium, 2005."},{"key":"10_CR9","unstructured":"E. Chien and P. Szor. Blended attacks exploits, vulnerabilities and buffer-overflow techniques. In Techniques in Computer Viruses, Virus Bulletin Conference, 2002."},{"key":"10_CR10","unstructured":"Tool Interface Standard (TIS) Committee. Executable and linking format (elf) specification, 1995."},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the 37th Annual IEEE\/ACM International Symposium on Microarchitecture, pages 221\u2013232, December 2004.","DOI":"10.1109\/MICRO.2004.26"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"J. R. Crandall, Z. Su, S. F. Wu, and F. T. Chong. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 235\u2013248, 2005.","DOI":"10.1145\/1102120.1102152"},{"key":"10_CR13","unstructured":"H. Feng, J. Giffin, Y. Huang, S. Jha, W. Lee, and B. Miller. Formalizingsensitivity in static analysis for intrusion detection. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, May 2004."},{"key":"10_CR14","unstructured":"Dawn Song James Newsome, David Brumley. Vulnerability-specific execution filtering for exploit prevention on commodity software. In Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS \u201906), Feb 2006."},{"key":"10_CR15","unstructured":"T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, June 2002."},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In Computer Security Applications Conference, 2006. ACSAC \u201906. 22nd Annual, pages 339\u2013348, Dec. 2006.","DOI":"10.1109\/ACSAC.2006.9"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Chongkyung Kil, E.C. Sezer, Peng Ning, and Xiaolan Zhang. Automated security debugging using program structural constraints. In Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, pages 453\u2013462, Dec. 2007.","DOI":"10.1109\/ACSAC.2007.19"},{"issue":"4","key":"10_CR18","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1145\/161494.161501","volume":"1","author":"W. Landi","year":"1992","unstructured":"W. Landi. Undecidability of static analysis. ACM Letters on Programming Languages and Systems, 1(4):323\u2013337, December 1992.","journal-title":"ACM Letters on Programming Languages and Systems"},{"key":"10_CR19","unstructured":"D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, August 2001."},{"key":"10_CR20","unstructured":"Lea. A memory allocator. http:\/\/gee.cs.oswego.edu\/dl\/html\/malloc.html."},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Z. Liang and R. Sekar. Fast and automated generation of attack signatures: a basis for building self-protecting servers. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 213\u2013222, 2005.","DOI":"10.1145\/1102120.1102150"},{"key":"10_CR22","unstructured":"NIST national vulerability database. http:\/\/nvd.nist.gov\/."},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"G. Necula, S. McPeak, and W. Weimer. CCureds: Type-safe retrofitting of legacy software. In Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, pages 128\u2013139, 2002.","DOI":"10.1145\/503272.503286"},{"key":"10_CR24","unstructured":"Nicholas Nethercote. Dynamic binary analysis and instrumentation, 2004. valgrind.org\/docs\/phd2004.pdf."},{"key":"10_CR25","unstructured":"J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of The 12th Annual Network and Distributed System Security Symposium (NDSS \u201905), February 2005."},{"key":"10_CR26","unstructured":"Open group base specifications issue 6, ieee std 1003.1, 2004 edition."},{"key":"10_CR27","unstructured":"The Frame Pointer Overwrite. http:\/\/doc.bughunter.net\/buffer-overflow\/frame-pointer.html."},{"key":"10_CR28","unstructured":"PaX Team. http:\/\/pax.grsecurity.net\/docs\/aslr.txt."},{"issue":"5","key":"10_CR29","doi-asserted-by":"publisher","first-page":"1467","DOI":"10.1145\/186025.186041","volume":"16","author":"G. Ramalingam","year":"1994","unstructured":"G. Ramalingam. The undecidability of aliasing. ACM Transactions on Programming Languages and Systems, 16(5):1467\u20131471, September 1994.","journal-title":"ACM Transactions on Programming Languages and Systems"},{"key":"10_CR30","first-page":"562","volume-title":"CCS \u201907: Proceedings of the 14th ACM conference on Computer and communications security","author":"Sezer C Emre","year":"2007","unstructured":"Emre C. Sezer, Peng Ning, Chongkyung Kil, and Jun Xu. Memsherlock: An automated debugger for unknown memory corruption vulnerabilities. In CCS \u201907: Proceedings of the 14th ACM conference on Computer and communications security, pages 562\u2013572, New York, NY, USA, 2007. ACM."},{"key":"10_CR31","unstructured":"Sumus vulnerability. Common vulnerabilities and exposures (cve) 2005-1110, April 2005. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2005-1110."},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"H. Wang, C. Guo, D. Simon, and A. Zugenmaier. Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In Proceedings of ACM SIGCOMM, August 2004.","DOI":"10.1145\/1015467.1015489"},{"key":"10_CR33","first-page":"269","volume-title":"MICRO 37: Proceedings of the 37th annual International Symposium on Microarchitecture","author":"Pin Zhou","year":"2004","unstructured":"Pin Zhou, Wei Liu, Long Fei, Shan Lu, Feng Qin, Yuanyuan Zhou, Samuel Midkiff, and Josep Torrellas. Accmon: Automatically detecting memory-related bugs via program counter-based invariants. In MICRO 37: Proceedings of the 37th annual International Symposium on Microarchitecture, pages 269\u2013280, Washington, DC, USA, 2004. IEEE Computer Society."}],"container-title":["Advances in Information Security","Cyber Situational Awareness"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4419-0140-8_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T14:22:05Z","timestamp":1739370125000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-1-4419-0140-8_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,9,30]]},"ISBN":["9781441901392","9781441901408"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-1-4419-0140-8_10","relation":{},"ISSN":["1568-2633"],"issn-type":[{"type":"print","value":"1568-2633"}],"subject":[],"published":{"date-parts":[[2009,9,30]]},"assertion":[{"value":"30 September 2009","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}