{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:11:05Z","timestamp":1772039465738,"version":"3.50.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031976193","type":"print"},{"value":"9783031976209","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97620-9_3","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:33:59Z","timestamp":1752140039000},"page":"46-65","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Making (Only) the\u00a0Right Calls: Preventing Remote Code Execution Attacks in\u00a0PHP Applications with\u00a0Contextual, State-Sensitive System Call Filtering"],"prefix":"10.1007","author":[{"given":"Yunsen","family":"Lei","sequence":"first","affiliation":[]},{"given":"Craig A.","family":"Shue","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"3_CR1","unstructured":"Ambionics Security: PHPGGC: PHP Generic Gadget Chains. https:\/\/github.com\/ambionics\/phpggc (2023), gitHub repository"},{"key":"3_CR2","doi-asserted-by":"publisher","unstructured":"Backes, M., Rieck, K., Skoruppa, M., Stock, B., Yamaguchi, F.: Efficient and flexible discovery of php application vulnerabilities. In: 2017 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 334\u2013349 (2017). https:\/\/doi.org\/10.1109\/EuroSP.2017.14","DOI":"10.1109\/EuroSP.2017.14"},{"key":"3_CR3","unstructured":"Bergmann, S.: php-code-coverage: Library for collecting test coverage statistics for php code. https:\/\/github.com\/sebastianbergmann\/php-code-coverage (2023), gitHub repository"},{"key":"3_CR4","unstructured":"Bulekov, A., Jahanshahi, R., Egele, M.: Saphire: sandboxing PHP applications with tailored system call allowlists. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 2881\u20132898. USENIX Association, August 2021"},{"key":"3_CR5","unstructured":"Canella, C., Dorn, S., Gruss, D., Schwarz, M.: Sfip: coarse-grained syscall-flow-integrity protection in modern systems (2022)"},{"key":"3_CR6","unstructured":"DeMarinis, N., Williams-King, K., Jin, D., Fonseca, R., Kemerlis, V.P.: sysfilter: automated system call filtering for commodity software. In: International Symposium on Research in Attacks, Intrusions and Defenses (RAID) (2020)"},{"key":"3_CR7","unstructured":"Rethans, D.: Xdebug: debugger and profiler tool for php. https:\/\/xdebug.org\/ (2023), available: Xdebug Official Website"},{"key":"3_CR8","unstructured":"DynamoRIO Contributors: DynamoRIO: Dynamic Instrumentation Tool Platform. https:\/\/dynamorio.org\/, Accessed 17 Dec 2023"},{"key":"3_CR9","unstructured":"Engineering, D.: PHP 8 observability (2021), https:\/\/www.datadoghq.com\/blog\/engineering\/php-8-observability-baked-right-in\/, Accessed 01 Dec 2024"},{"key":"3_CR10","unstructured":"Esser, S.: Utilizing code reuse or return oriented programming in php application exploits. In: Proceedings of the Black Hat Conference. Las Vegas, NV, USA (2010)"},{"key":"3_CR11","doi-asserted-by":"publisher","unstructured":"Gaidis, A.J., Atlidakis, V., Kemerlis, V.P.: Sysxchg: refining privilege with adaptive system call filters. In: Conference on Computer and Communications Security, p. 1964 1978. CCS 2023, Association for Computing Machinery (2023). https:\/\/doi.org\/10.1145\/3576915.3623137","DOI":"10.1145\/3576915.3623137"},{"key":"3_CR12","unstructured":"Ghavamnia, S., Palit, T., Benameur, A., Polychronakis, M.: Confine: automated system call policy generation for container attack surface reduction. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), pp. 443\u2013458. USENIX Association, San Sebastian, October 2020. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/ghavanmnia"},{"key":"3_CR13","unstructured":"Ghavamnia, S., Palit, T., Mishra, S., Polychronakis, M.: Temporal system call specialization for attack surface reduction. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1749\u20131766. USENIX Association, August 2020, https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/ghavamnia"},{"key":"3_CR14","doi-asserted-by":"publisher","unstructured":"Hawkins, B., Demsky, B.: Zenids: introspective intrusion detection for php applications. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE), pp. 232\u2013243 (2017). https:\/\/doi.org\/10.1109\/ICSE.2017.29","DOI":"10.1109\/ICSE.2017.29"},{"key":"3_CR15","doi-asserted-by":"publisher","unstructured":"Huang, J., Li, Y., Zhang, J., Dai, R.: Uchecker: automatically detecting php-based unrestricted file upload vulnerabilities. In: 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 581\u2013592 (2019). https:\/\/doi.org\/10.1109\/DSN.2019.00064","DOI":"10.1109\/DSN.2019.00064"},{"key":"3_CR16","doi-asserted-by":"publisher","unstructured":"Huang, Y.W., et al.: Securing web application code by static analysis and runtime protection. In: Proceedings of the International Conference on World Wide Web, p. 40 52. WWW 2004, ACM, New York, NY, USA (2004). https:\/\/doi.org\/10.1145\/988672.988679","DOI":"10.1145\/988672.988679"},{"key":"3_CR17","unstructured":"ircmaxell: php-cfg: a library to build and work with a control flow graph in php. https:\/\/github.com\/ircmaxell\/php-cfg (2023), Accessed 19 Nov 2023"},{"key":"3_CR18","unstructured":"Jia, J., et al.: Programmable system call security with ebpf (2023). https:\/\/arxiv.org\/abs\/2302.10366"},{"key":"3_CR19","unstructured":"National Vulnerability Database (NVD): Cve-2022-1329 detail: Elementor website builder plugin for wordpress vulnerability. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-1329, April 2022, Accessed 19 Nov 2023"},{"key":"3_CR20","unstructured":"Park, S., Kim, D., Jana, S., Son, S.: FUGIO: automatic exploit generation for PHP object injection vulnerabilities. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 197\u2013214. USENIX Association, Boston, MA, August 2022. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/park-sunnyeo"},{"key":"3_CR21","unstructured":"Quarkslab: defeating ebpf uprobe monitoring. (2024). https:\/\/blog.quarkslab.com\/defeating-ebpf-uprobe-monitoring.html, Accessed 20 Apr 2025"},{"key":"3_CR22","unstructured":"Red Hat, IBM, Intel: SystemTap Language Reference (2023), https:\/\/lrita.github.io\/images\/posts\/systemtap\/langref.pdf, Accessed 05 Feb 2024"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., et al.: SoK: (State of) the art of war: offensive techniques in binary analysis. In: IEEE Symposium on Security and Privacy (2016)","DOI":"10.1109\/SP.2016.17"},{"key":"3_CR24","unstructured":"Symfony: home - twig - the flexible, fast, and secure php template engine. https:\/\/twig.symfony.com\/, Accessed 19 Nov 2023"},{"key":"3_CR25","unstructured":"The Linux Kernel Documentation: Seccomp BPF (SECure COMPuting with filters) (2024), https:\/\/docs.kernel.org\/userspace-api\/seccomp_filter.html, Accessed 07 Jul 2024"},{"key":"3_CR26","unstructured":"The smarty project contributors: smarty: a template engine for php. https:\/\/www.smarty.net\/ (2023), Accessed 07 Feb 2024"},{"key":"3_CR27","unstructured":"W3Techs: usage statistics and market share of php for websites. https:\/\/w3techs.com\/technologies\/details\/pl-php (2024), Accessed 2 Dec 2024"},{"key":"3_CR28","unstructured":"W3Techs: usage statistics and market share of wordpress. https:\/\/w3techs.com\/technologies\/details\/cm-wordpress (2024), Accessed 2 Dec 2024"},{"key":"3_CR29","doi-asserted-by":"publisher","unstructured":"Wagner, D., Dean, R.: Intrusion detection via static analysis. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S &P 2001, pp. 156\u2013168 (2001). https:\/\/doi.org\/10.1109\/SECPRI.2001.924296","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"3_CR30","unstructured":"WordPress: Blog tool, publishing platform, and cms wordpress.org. https:\/\/wordpress.org (2023), Accessed 19 Nov 2023"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97620-9_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:34:07Z","timestamp":1752140047000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97620-9_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976193","9783031976209"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97620-9_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}