{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T19:30:15Z","timestamp":1743103815392,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030142339"},{"type":"electronic","value":"9783030142346"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-14234-6_22","type":"book-chapter","created":{"date-parts":[[2019,2,20]],"date-time":"2019-02-20T08:02:08Z","timestamp":1550649728000},"page":"404-423","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A Light-Weight and Accurate Method of Static Integer-Overflow-to-Buffer-Overflow Vulnerability Detection"],"prefix":"10.1007","author":[{"given":"Mingjie","family":"Xu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shengnan","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lili","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Feng","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei","family":"Huo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jing","family":"Ma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinhua","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qingjia","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,2,21]]},"reference":[{"key":"22_CR1","unstructured":"Common vulnerabilities and exposures (CVE). http:\/\/cve.mitre.org\/"},{"key":"22_CR2","unstructured":"Christey, S., Martin, R.A.: Vulnerability Type Distributions in CVE, May 2007. http:\/\/cve.mitre.org\/docs\/vuln-trends\/vuln-trends.pdf"},{"key":"22_CR3","unstructured":"CWE-680: IO2BO vulnerabilities. http:\/\/cwe.mitre.org\/data\/definitions\/680.html"},{"key":"22_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-642-15497-3_5","volume-title":"Computer Security \u2013 ESORICS 2010","author":"C Zhang","year":"2010","unstructured":"Zhang, C., Wang, T., Wei, T., Chen, Y., Zou, W.: IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 71\u201386. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15497-3_5"},{"key":"22_CR5","unstructured":"Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: Proceedings of the 14th Conference on USENIX Security Symposium, p. 12 (2005)"},{"key":"22_CR6","unstructured":"Sotirov, A.: Heap feng shui in javascript. In: Proceedings of Blackhat Europe (2007)"},{"key":"22_CR7","unstructured":"National vulnerability database. http:\/\/nvd.nist.gov\/"},{"key":"22_CR8","unstructured":"Lattner, C.: LLVM: An Infrastructure for Multi-Stage Optimization. Master\u2019s thesis, Computer Science Dept., University of Illinois at Urbana-Champaign, Urbana, IL, December 2002"},{"key":"22_CR9","unstructured":"Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: Proceedings of the 2004 International Symposium on Code Generation and Optimization (CGO 2004), Palo Alto, California, March 2004"},{"key":"22_CR10","unstructured":"Clang C language family frontend for LLVM. http:\/\/clang.llvm.org\/"},{"key":"22_CR11","unstructured":"CVE-2005-1141. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2005-1141"},{"key":"22_CR12","unstructured":"CVE-2011-4517. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-4517"},{"key":"22_CR13","unstructured":"CVE-2014-9112. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-9112"},{"key":"22_CR14","unstructured":"CVE-2016-9601. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-9601"},{"key":"22_CR15","unstructured":"CVE-2016-6328. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-6328"},{"key":"22_CR16","unstructured":"CVE-2017-16868. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-16868"},{"key":"22_CR17","unstructured":"Wang, X., Chen, H., Jia, Z., Zeldovich, N., Kaashoek, M.F.: Improving integer security for systems with KINT. In: Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation, pp. 163\u2013177 (2012)"},{"key":"22_CR18","unstructured":"Dietz, W., Li, P., Regehr, J., Adve, V.: Understanding integer overflow in C\/C\u2009++. In: Proceedings of the 34th International Conference on Software Engineering, ICSE 2012, pp. 760\u2013770. IEEE Press, Zurich (2012)"},{"key":"22_CR19","doi-asserted-by":"crossref","unstructured":"Pomonis, M., Petsios, T., Jee, K., Polychronakis, M., Keromytis, A.D.: IntFlow: improving the accuracy of arithmetic error detection using information flow tracking. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 416\u2013425. ACM, New Orleans (2014)","DOI":"10.1145\/2664243.2664282"},{"key":"22_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-642-11145-7_26","volume-title":"Information and Communications Security","author":"P Chen","year":"2009","unstructured":"Chen, P., et al.: IntFinder: automatically detecting integer bugs in x86 binary program. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 336\u2013345. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-11145-7_26"},{"key":"22_CR21","unstructured":"Wang, T., Wei, T., Lin, Z., Zou, W.: IntScope: automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In: Proceedings of the Network and Distributed System Security Symposium (2009)"},{"key":"22_CR22","unstructured":"Vreugdenhil, P.: Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit (2010). http:\/\/vreugdenhilresearch.nl\/Pwn2Own-2010-Windows7-InternetExplorer8.pdf"},{"key":"22_CR23","unstructured":"Moy, Y., Bj\u00f8rner, N., Sielaff, D.: Modular bug-finding for integer overflows in the large: sound, efficient, bit-precise static analysis. Technical report MSR-TR-2009-57, Microsoft Research (2009)"},{"key":"22_CR24","unstructured":"Brummayer, R.: Efficient SMT Solving for Bit-Vectors and the Extensional Theory of Arrays. Ph.D thesis, Johannes Kepler University, Linz, Austria, November 2009"},{"key":"22_CR25","unstructured":"Brumley, D., Chiueh, T.c, Johnson, R., Lin, H., Song, D.: Rich: automatically protecting against integer-based vulnerabilities. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium, NDSS 2007 (2007)"},{"key":"22_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-319-26362-5_12","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Y Zhang","year":"2015","unstructured":"Zhang, Y., et al.: Improving accuracy of static integer overflow detection in binary. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 247\u2013269. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26362-5_12"},{"key":"22_CR27","unstructured":"National Institute of Standard and Technology (NIST). SAMATE-software assurance metrics and tool evaluation. http:\/\/samate.nist.gov\/SARD\/testsuite.php"},{"key":"22_CR28","doi-asserted-by":"crossref","unstructured":"Sun, H., Zhang, X., Su, C., Zeng, Q.: Efficient dynamic tracking technique for detecting integer-overflow-to-buffer-overflow vulnerability. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 483\u2013494. ACM (2015)","DOI":"10.1145\/2714576.2714605"},{"key":"22_CR29","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/978-3-642-23602-0_9","volume-title":"Forensics in Telecommunications, Information, and Multimedia","author":"Y Wang","year":"2011","unstructured":"Wang, Y., Gu, D., Xu, J., Wen, M., Deng, L.: RICB: integer overflow vulnerability dynamic analysis via buffer overflow. In: Lai, X., Gu, D., Jin, B., Wang, Y., Li, H. (eds.) e-Forensics 2010. LNICST, vol. 56, pp. 99\u2013109. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23602-0_9"},{"issue":"5","key":"22_CR30","doi-asserted-by":"publisher","first-page":"898","DOI":"10.3724\/SP.J.1016.2012.00898","volume":"35","author":"K Chen","year":"2012","unstructured":"Chen, K., Feng, D., Su, P.: Dynamic overflow vulnerability detection method based on finite CSP. Chin. J. Comput. 35(5), 898\u2013909 (2012). (in Chinese)","journal-title":"Chin. J. Comput."},{"key":"22_CR31","unstructured":"Jia, X., Zhang, C., Su, P., Yang, Y., Huang, H., Feng, D.: Towards efficient heap overflow discovery. In: Proceedings of the 26th USENIX Conference on Security Symposium (2017)"}],"container-title":["Lecture Notes in Computer Science","Information Security and Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-14234-6_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T15:04:45Z","timestamp":1709823885000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-14234-6_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030142339","9783030142346"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-14234-6_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"21 February 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Inscrypt","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security and Cryptology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Fuzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 December 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cisc2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/xxhb.fjnu.edu.cn\/inscrypt2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"32","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}