{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,29]],"date-time":"2025-05-29T20:40:02Z","timestamp":1748551202796,"version":"3.41.0"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319223476"},{"type":"electronic","value":"9783319223483"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-22348-3_12","type":"book-chapter","created":{"date-parts":[[2015,7,30]],"date-time":"2015-07-30T06:26:43Z","timestamp":1438237603000},"page":"204-221","source":"Crossref","is-referenced-by-count":1,"title":["ABOR: An Automatic Framework for Buffer Overflow Removal in C\/C++Programs"],"prefix":"10.1007","author":[{"given":"Sun","family":"Ding","sequence":"first","affiliation":[]},{"given":"Hee Beng Kuan","family":"Tan","sequence":"additional","affiliation":[]},{"given":"Hongyu","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,7,31]]},"reference":[{"key":"12_CR1","unstructured":"US-CERT (2014). http:\/\/www.us-cert.gov\/"},{"key":"12_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2187671.2187679","volume":"44","author":"Y Younan","year":"2012","unstructured":"Younan, Y., Joosen, W., Piessens, F.: Runtime countermeasures for code injection attacks against C and C\u00a0++\u00a0programs. ACM Comput. Surv. 44, 1\u201328 (2012)","journal-title":"ACM Comput. Surv."},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"Nagarakatte, S., Zhao, J., Martin, M.M.K., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 245\u2013258. ACM, Dublin, Ireland (2009)","DOI":"10.1145\/1542476.1542504"},{"key":"12_CR4","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1145\/1323293.1294295","volume":"41","author":"J Criswell","year":"2007","unstructured":"Criswell, J., Lenharth, A., Dhurjati, D., Adve, V.: Secure virtual architecture: a safe execution environment for commodity operating systems. SIGOPS Oper. Syst. Rev. 41, 351\u2013366 (2007)","journal-title":"SIGOPS Oper. Syst. Rev."},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Dhurjati, D., Adve, V.: Backwards-compatible array bounds checking for C with very low overhead. In: Proceedings of the 28th international conference on Software engineering, pp. 162\u2013171. ACM, Shanghai, China (2006)","DOI":"10.1145\/1134285.1134309"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Hafiz, M., Johnson, R.E.: Security-oriented program transformations. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, pp. 1\u20134. ACM, Oak Ridge, Tennessee (2009)","DOI":"10.1145\/1558607.1558622"},{"key":"12_CR7","volume-title":"On the Evolution of Buffer Overflows","author":"M Vallentin","year":"2007","unstructured":"Vallentin, M.: On the Evolution of Buffer Overflows. Addison-Wesley Longman Publishing Co., Boston (2007)"},{"key":"12_CR8","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1145\/367008.367022","volume":"10","author":"S Sinha","year":"2001","unstructured":"Sinha, S., Harrold, M.J., Rothermel, G.: Interprocedural control dependence. ACM Trans. Softw. Eng. Methodol. 10, 209\u2013254 (2001)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"12_CR9","unstructured":"en.wikipedia.org\/wiki\/Abstract_syntax_tree"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Lei, W., Qiang, Z., Pengchao, Z.: Automated detection of code vulnerabilities based on program analysis and model checking. In: Eighth IEEE International Working Conference on Source Code Analysis and Manipulation 2008, pp. 165\u2013173 (2008)","DOI":"10.1109\/SCAM.2008.24"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Lin, Z., Jiang, X., Xu, D., Mao, B., Xie, L.: AutoPaG: towards automated software patch generation with source code root cause identification and repair. In: Proceedings of the 2nd ACM symposium on Information, Computer and Communications Security, pp. 329\u2013340. ACM, Singapore (2007)","DOI":"10.1145\/1229285.1267001"},{"key":"12_CR12","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1002\/spe.515","volume":"33","author":"K-S Lhee","year":"2003","unstructured":"Lhee, K.-S., Chapin, S.J.: Buffer overflow and format string overflow vulnerabilities. Softw. Pract. Exper. 33, 423\u2013460 (2003)","journal-title":"Softw. Pract. Exper."},{"key":"12_CR13","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1145\/1065887.1065892","volume":"27","author":"GC Necula","year":"2005","unstructured":"Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27, 477\u2013526 (2005)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Kundu, A., Bertino, E.: A new class of buffer overflow attacks. In: Proceedings of the 2011 31st International Conference on Distributed Computing Systems, pp. 730\u2013739. IEEE Computer Society (2011)","DOI":"10.1109\/ICDCS.2011.63"},{"key":"12_CR15","unstructured":"C\u00a0++\u00a0Ref (2014). http:\/\/www.cplusplus.com\/reference\/"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Le, W., Soffa, M.L.: Marple: a demand-driven path-sensitive buffer overflow detector. In: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 272\u2013282. ACM, Atlanta, Georgia (2008)","DOI":"10.1145\/1453101.1453137"},{"key":"12_CR17","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1145\/1041685.1029911","volume":"29","author":"M Zitser","year":"2004","unstructured":"Zitser, M., Lippmann, R., Leek, T.: Testing static analysis tools using exploitable buffer overflows from open source code. SIGSOFT Softw. Eng. Notes 29, 97\u2013106 (2004)","journal-title":"SIGSOFT Softw. Eng. Notes"},{"key":"12_CR18","unstructured":"Lu, S., Li, Z., Qin, F., Tan, L., Zhou, P., Zhou, Y.: Bugbench: benchmarks for evaluating bug detection tools. In: Workshop on the Evaluation of Software Defect Detection Tools. (2005)"},{"key":"12_CR19","unstructured":"Miller, T.C., Raadt, T.D.: Strlcpy and strlcat: consistent, safe, string copy and concatenation. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, pp. 41\u201341. USENIX Association, Monterey, California (1999)"},{"key":"12_CR20","unstructured":"GrammaTech (2014). http:\/\/www.grammatech.com\/products\/codesurfer"},{"key":"12_CR21","unstructured":"Xie, Y., Chou, A., Engler, D.: ARCHER: using symbolic, path-sensitive analysis to detect memory access errors. In: ESEC\/FSE-11: Proceedings of the 9th European Software Engineering Conference Held Jointly with 11th ACM SIGSOFT International Symposium On Foundations Of Software Engineering, pp. 327\u2013336. ACM, (2004)"},{"key":"12_CR22","unstructured":"Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: Proceedings of the 10th Conference on USENIX Security Symposium, vol. 10, pp. 14\u201314. USENIX Association, Washington, D.C. (2001)"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Dor, N., Rodeh, M., Sagiv, M.: CSSV: towards a realistic tool for statically detecting all buffer overflows in C. In: PLDI 2003: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp. 155\u2013167. ACM, (2003)","DOI":"10.1145\/781131.781149"},{"key":"12_CR24","unstructured":"Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Network and Distributed System Security Symposium (NDSS), pp. 149\u2013162 (2003)"},{"key":"12_CR25","unstructured":"Xu, J., Kalbarczyk, Z., Patel, S., Ravishankar, I.: Architecture support for defending against buffer overflow attacks. In: Second Workshop on Evaluating and Architecting System Dependability, pp. 55\u201362 (2002)"},{"key":"12_CR26","doi-asserted-by":"publisher","first-page":"1271","DOI":"10.1109\/TC.2006.166","volume":"55","author":"H Ozdoganoglu","year":"2006","unstructured":"Ozdoganoglu, H., Vijaykumar, T.N., Brodley, C.E., Kuperman, B.A., Jalote, A.: SmashGuard: a hardware solution to prevent security attacks on the function return address. IEEE Trans. Comput. 55, 1271\u20131285 (2006)","journal-title":"IEEE Trans. Comput."},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Padmanabhuni, B., Tan, H.: Techniques for Defending from Buffer Overflow Vulnerability Security Exploits. Internet Computing, IEEE PP, 1\u20131 (2011)","DOI":"10.1109\/MIC.2011.109"},{"key":"12_CR28","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the Network and Distributed System Security Symposium (2005)"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Smirnov, A., Tzi-cker, C.: Automatic patch generation for buffer overflow attacks. In: Third International Symposium on Information Assurance and Security, IAS 2007, pp. 165\u2013170 (2007)","DOI":"10.1109\/IAS.2007.87"},{"key":"12_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1455258.1455259","volume":"26","author":"M Costa","year":"2008","unstructured":"Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: end-to-end containment of internet worm epidemics. ACM Trans. Comput. Syst. 26, 1\u201368 (2008)","journal-title":"ACM Trans. Comput. Syst."},{"key":"12_CR31","unstructured":"Automatic Buffer Overflow Repairing (2014). http:\/\/sunshine-nanyang.com\/index.html"}],"container-title":["Lecture Notes in Business Information Processing","Enterprise Information Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-22348-3_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,29]],"date-time":"2025-05-29T20:22:14Z","timestamp":1748550134000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-22348-3_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319223476","9783319223483"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-22348-3_12","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2015]]}}}