{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T02:52:49Z","timestamp":1767495169785,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030570422"},{"type":"electronic","value":"9783030570439"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-57043-9_11","type":"book-chapter","created":{"date-parts":[[2020,8,20]],"date-time":"2020-08-20T12:03:10Z","timestamp":1597924990000},"page":"113-124","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Mismorphism: The Heart of the Weird Machine"],"prefix":"10.1007","author":[{"given":"Prashant","family":"Anantharaman","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vijay","family":"Kothari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J. Peter","family":"Brady","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ira Ray","family":"Jenkins","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sameed","family":"Ali","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael C.","family":"Millian","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ross","family":"Koppel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jim","family":"Blythe","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sergey","family":"Bratus","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sean W.","family":"Smith","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,8,21]]},"reference":[{"key":"11_CR1","unstructured":"CVE-2009-3555 The Mozilla Network Security Services (NSS) fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Available from Vulners. \nhttps:\/\/vulners.com\/exploitdb\/EDB-ID:26703"},{"key":"11_CR2","unstructured":"CVE-2013-2028 Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow. Available from Rapid 7. \nhttps:\/\/www.rapid7.com\/db\/modules\/exploit\/linux\/http\/nginx_chunked_size"},{"key":"11_CR3","unstructured":"CVE-2013-2729 Adobe Reader X 10.1.4.38 - BMP\/RLE heap corruption. Available from Vulners. \nhttps:\/\/vulners.com\/exploitdb\/EDB-ID:26703"},{"key":"11_CR4","unstructured":"CVE-2015-1427 The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. Available from Vulners. \nhttps:\/\/vulners.com\/cve\/CVE-2015-1427"},{"key":"11_CR5","unstructured":"OpenBSD\u2019s IPv6 mbufs remote kernel buffer overflow. Available from Vulners. \nhttps:\/\/vulners.com\/cert\/VU:986425"},{"key":"11_CR6","unstructured":"Aho, A., Ullman, J.: Foundations of Computer Science: C Edition, Chapter 14, July 1994. \nhttp:\/\/infolab.stanford.edu\/~ullman\/focs.html"},{"key":"11_CR7","unstructured":"Bratus, S.: LANGSEC: Language-theoretic Security: \u201cThe View from the Tower of Babel\u201d. \nhttp:\/\/langsec.org"},{"issue":"6","key":"11_CR8","first-page":"13","volume":"36","author":"S Bratus","year":"2011","unstructured":"Bratus, S., Locasto, M., Patterson, M., Sassaman, L., Shubina, A.: Exploit programming: from buffer overflows to \u201cWeird Machines\u201d and theory of computation. Login USENIX Mag. 36(6), 13\u201321 (2011)","journal-title":"Login USENIX Mag."},{"issue":"2","key":"11_CR9","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1515\/itit-2016-0038","volume":"59","author":"S Bratus","year":"2017","unstructured":"Bratus, S., Shubina, A.: Exploitation as code reuse: on the need of formalization. IT-Inf. Technol. 59(2), 93\u2013100 (2017). \nhttps:\/\/doi.org\/10.1515\/itit-2016-0038","journal-title":"IT-Inf. Technol."},{"key":"11_CR10","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2017.2785299","author":"TF Dullien","year":"2017","unstructured":"Dullien, T.F.: Weird machines, exploitability, and provable unexploitability. IEEE Trans. Emerg. Top. Comput. (2017). \nhttps:\/\/doi.org\/10.1109\/TETC.2017.2785299","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"11_CR11","doi-asserted-by":"publisher","unstructured":"Durumeric, Z., et al.: The Matter of Heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475\u2013488. ACM (2014). \nhttps:\/\/doi.org\/10.1145\/2663716.2663755","DOI":"10.1145\/2663716.2663755"},{"key":"11_CR12","unstructured":"Ethereum: Pythonic Smart Contract Language for the EVM. \nhttps:\/\/github.com\/ethereum\/vyper"},{"key":"11_CR13","unstructured":"Fitting, M.: Kleene\u2019s three valued logics and their children. Fundam. Inf. 20(1\u20133), 113\u2013131 (1994). \nhttp:\/\/dl.acm.org\/citation.cfm?id=183529.183533"},{"key":"11_CR14","unstructured":"Freeman, J.: Exploit ( & Fix) Android \u201cMaster Key\u201d. \nhttp:\/\/www.saurik.com\/id\/17"},{"key":"11_CR15","unstructured":"Hermerschmidt, L.: McHammerCoder: a binary capable parser and unparser generator, \nhttps:\/\/github.com\/McHammerCoder\/McHammerCoder"},{"key":"11_CR16","unstructured":"Kleene, S.C.: Introduction to metamathematics (1954)"},{"issue":"8","key":"11_CR17","first-page":"1322","volume":"2","author":"C Mary","year":"2015","unstructured":"Mary, C.: Shellshock attack on linux systems-bash. Int. Res. J. Eng. Technol. 2(8), 1322\u20131325 (2015)","journal-title":"Int. Res. J. Eng. Technol."},{"key":"11_CR18","doi-asserted-by":"publisher","unstructured":"Momot, F., Bratus, S., Hallberg, S.M., Patterson, M.L.: The seven turrets of babel: a taxonomy of LangSec errors and how to expunge them. In: 2016 IEEE Cybersecurity Development (SecDev), pp. 45\u201352, November 2016. \nhttps:\/\/doi.org\/10.1109\/SecDev.2016.019","DOI":"10.1109\/SecDev.2016.019"},{"key":"11_CR19","volume-title":"The Meaning of Meaning: A Study of the Influence of Language upon Thought and of the Science of Symbolism","author":"CK Ogden","year":"1927","unstructured":"Ogden, C.K., Richards, I.A.: The Meaning of Meaning: A Study of the Influence of Language upon Thought and of the Science of Symbolism. Harcourt Brace and Company, San Diego (1927)"},{"key":"11_CR20","unstructured":"Patterson, M.: Parser combinators for binary formats, in C. \nhttps:\/\/github.com\/UpstandingHackers\/hammer"},{"key":"11_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/978-3-319-62033-6_9","volume-title":"Security Protocols XXIV","author":"O Pieczul","year":"2017","unstructured":"Pieczul, O., Foley, S.N.: The evolution of a security control. In: Anderson, J., Maty\u00e1\u0161, V., Christianson, B., Stajano, F. (eds.) Security Protocols 2016. LNCS, vol. 10368, pp. 67\u201384. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-62033-6_9"},{"key":"11_CR22","doi-asserted-by":"publisher","unstructured":"Poll, E.: LangSec revisited: input security flaws of the second kind. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 329\u2013334. IEEE (2018). \nhttps:\/\/doi.org\/10.1109\/SPW.2018.00051","DOI":"10.1109\/SPW.2018.00051"},{"key":"11_CR23","unstructured":"Rezvina, S.: Rails\u2019 Remote Code Execution Vulnerability Explained. \nhttps:\/\/codeclimate.com\/blog\/rails-remote-code-execution-vulnerability-explained"},{"key":"11_CR24","unstructured":"Shapiro, R., Bratus, S., Smith, S.W.: \u201cWeird Machines\u201d in ELF: a spotlight on the underappreciated metadata. In: Proceedings of the 7th USENIX Conference on Offensive Technologies. WOOT 2013, USENIX Association, Berkeley, CA, USA (2013). \nhttp:\/\/dl.acm.org\/citation.cfm?id=2534748.2534763"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Smith, S.W., Koppel, R., Blythe, J., Kothari, V.: Mismorphism: a semiotic model of computer security circumvention. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, p. 25. ACM (2015)","DOI":"10.1145\/2746194.2746219"},{"key":"11_CR26","unstructured":"Spagnuolo, M.: Abusing JSONP with rosetta flash. \nhttps:\/\/miki.it\/blog\/2014\/7\/8\/abusing-jsonp-with-rosetta-flash\/"},{"key":"11_CR27","unstructured":"Torpey, K.: The DAO disaster illustrates differing philosophies in bitcoin and ethereum. \nhttps:\/\/www.coingecko.com\/buzz\/dao-disaster-differing-philosophies-bitcoin-ethereum"}],"container-title":["Lecture Notes in Computer Science","Security Protocols XXVII"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-57043-9_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,8,20]],"date-time":"2020-08-20T12:22:41Z","timestamp":1597926161000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-57043-9_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030570422","9783030570439"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-57043-9_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"21 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Security Protocols","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge International Workshop on Security Protocols","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 April 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 April 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"spw2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cl.cam.ac.uk\/events\/spw\/2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}