{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T20:58:12Z","timestamp":1725829092324},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319242545"},{"type":"electronic","value":"9783319242552"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-24255-2_32","type":"book-chapter","created":{"date-parts":[[2015,9,5]],"date-time":"2015-09-05T13:51:13Z","timestamp":1441461073000},"page":"441-456","source":"Crossref","is-referenced-by-count":7,"title":["Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT"],"prefix":"10.1007","author":[{"given":"Paul","family":"Muntean","sequence":"first","affiliation":[]},{"given":"Vasantha","family":"Kommanapalli","sequence":"additional","affiliation":[]},{"given":"Andreas","family":"Ibing","sequence":"additional","affiliation":[]},{"given":"Claudia","family":"Eckert","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,11,25]]},"reference":[{"issue":"4","key":"32_CR1","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1137\/0201022","volume":"1","author":"AV Aho","year":"1972","unstructured":"Aho, A.V., et al.: A minimum-distance error-correcting parser for context-free languages. SIAM J. Comput. 1(4), 305\u2013312 (1972)","journal-title":"SIAM J. Comput."},{"key":"32_CR2","unstructured":"Chen, L., et al.: R2Fix: automatically generating bug fixes from bug reports. In: Proceedings of the 2013 IEEE 6th ICST"},{"key":"32_CR3","unstructured":"Crispin, C., et al.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX SSYM 1998"},{"key":"32_CR4","unstructured":"Crispin, C., et al.: Buffer overflows: attacks and defenses for the vulnerability of the decade*. In: DARPA Discex 2000"},{"key":"32_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/978-3-540-78800-3_24","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"L Moura de","year":"2008","unstructured":"de Moura, L., Bj\u00f8rner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337\u2013340. Springer, Heidelberg (2008)"},{"key":"32_CR6","unstructured":"Deepak, G., et al.: TIED, LibsafePlus: tools for runtime buffer overflow protection. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004"},{"key":"32_CR7","doi-asserted-by":"crossref","unstructured":"DeMarco, F., et al.: Automatic repair of buggy if conditions and missing preconditions with SMT. In: Proceedings of the CSTVA 2014","DOI":"10.1145\/2593735.2593740"},{"key":"32_CR8","doi-asserted-by":"crossref","unstructured":"Demsky, B., Rinard, M.: Automatic detection and repair of errors in data structures. In: Proceedings of the ACM SIGPLAN OOPSLA 2003","DOI":"10.1145\/949313.949314"},{"key":"32_CR9","unstructured":"Emery, D.B.: HeapShield: library-based heap overflow protection for free. UMass CS TR 06-28 (2006)"},{"key":"32_CR10","doi-asserted-by":"crossref","unstructured":"Gu, Z., et al.: Has the bug really been fixed? In: Proceedings of the ICSE 2010","DOI":"10.1145\/1806799.1806812"},{"key":"32_CR11","doi-asserted-by":"crossref","unstructured":"Haddad, H.M., Shahriar, H.: Rule-based source level patching of buffer overflow vulnerabilities. In: Proceedings of the 10th ITNG 2013","DOI":"10.1109\/ITNG.2013.96"},{"key":"32_CR12","unstructured":"Harrold, M.J., et al.: Fault prediction, localization, and repair. Dagstuhl Seminar 13061, February 2013"},{"key":"32_CR13","doi-asserted-by":"crossref","unstructured":"Ibing, A.: SMT-constrained symbolic execution for eclipse CDT\/Codan. In: Proceedings of the 3th WS-FMDS 2013","DOI":"10.1007\/978-3-642-41707-8_13"},{"key":"32_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"311","DOI":"10.1007\/978-3-319-15201-1_20","volume-title":"Software Engineering and Formal Methods","author":"A Ibing","year":"2015","unstructured":"Ibing, A.: Path-sensitive race detection with partial order reduced symbolic execution. In: Canal, C., Idani, A. (eds.) SEFM 2014 Workshops. LNCS, vol. 8938, pp. 311\u2013322. Springer, Heidelberg (2015)"},{"key":"32_CR15","doi-asserted-by":"crossref","unstructured":"Ibing, A., Mai, A.: A fixed-point algorithm for automated static detection of infinite loops. In: Proceedings of the 16th IEEE HASE 2015","DOI":"10.1109\/HASE.2015.16"},{"key":"32_CR16","doi-asserted-by":"crossref","unstructured":"Jacobs, M., Lewis, E.C.: SMART C: a semantic macro replacement translator for C. In: Proceedings of the Sixth IEEE SCAM 2006","DOI":"10.1109\/SCAM.2006.28"},{"issue":"6","key":"32_CR17","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1109\/TDSC.2013.25","volume":"10","author":"H Jin","year":"2013","unstructured":"Jin, H., et al.: SafeStack: automatically patching stack-based buffer overflow vulnerabilities. IEEE Trans. Dependable Secure Comput. 10(6), 368\u2013379 (2013)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"32_CR18","doi-asserted-by":"crossref","unstructured":"Kim, D., et al.: Automatic patch generation learned from human-written patches. In: Proceedings of the International Conference on Software Engineering, ICSE 2013","DOI":"10.1109\/ICSE.2013.6606626"},{"issue":"1","key":"32_CR19","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/TSE.2011.104","volume":"38","author":"C Goues Le","year":"2012","unstructured":"Le Goues, C., et al.: Genprog: a generic method for automatic software repair. IEEE Trans. Softw. Eng. 38(1), 54\u201372 (2012)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"32_CR20","unstructured":"Lin, Z.: LibsafeXP: a practical and transparent tool for run-time buffer overflow preventions. In: Proceedings of the 7th Annual IEEE Information Assurance Workshop, IAW 2006"},{"key":"32_CR21","doi-asserted-by":"crossref","unstructured":"Lin, Z., et al.: AutoPaG: towards automated software patch generation with source code root cause identification and repair. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS 2007","DOI":"10.1145\/1229285.1267001"},{"key":"32_CR22","unstructured":"Mitre: CWE-121. http:\/\/cwe.mitre.org\/data\/definitions\/121.html"},{"key":"32_CR23","unstructured":"Mitre: 2011 CWE\/SANS Top 25. http:\/\/cwe.mitre.org\/top25\/"},{"key":"32_CR24","unstructured":"Mitre: Heartbleed Bug. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0160"},{"key":"32_CR25","doi-asserted-by":"crossref","unstructured":"Monperrus, M.: A critical review of automatic patch generation learned from human-written patches: essay on the problem statement and the evaluation of automatic software repair. In: Proceedings of the 36th International Conference on Software Engineering, ICSE 2014","DOI":"10.1145\/2568225.2568324"},{"key":"32_CR26","doi-asserted-by":"crossref","unstructured":"Muntean, P., et al.: Context-sensitive detection of information exposure bugs with symbolic execution. In: Innovative Software Development Methodologies and Practices, InnoSWDev 2014","DOI":"10.1145\/2666581.2666591"},{"key":"32_CR27","unstructured":"NIST: Juliet Test Suite v1.2 for C\/C++"},{"key":"32_CR28","unstructured":"Satish, C., et al.: SemFix: program repair via semantic analysis. In: Proceedings of the International Conference on Software Engineering, ICSE 2013, pp. 772\u2013781"},{"key":"32_CR29","unstructured":"Sauciuc, R., Necula, G.: Reverse execution with constraint solving. Technical report No. UCB\/EECS-2011-67, May 2011"},{"key":"32_CR30","doi-asserted-by":"crossref","unstructured":"Shaw, A., et al.: Automatically fixing C buffer overflows using program transformations. In: Proceedings of the IEEE\/IFIP Conference on Dependable Systems and Networks, DSN 2013","DOI":"10.1109\/DSN.2014.25"},{"key":"32_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11556992_1","volume-title":"Information Security","author":"S Sidiroglou","year":"2005","unstructured":"Sidiroglou, S., Giovanidis, G., Keromytis, A.D.: A dynamic mechanism for recovering from buffer overflow attacks. In: Zhou, J., L\u00f3pez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 1\u201315. Springer, Heidelberg (2005)"},{"key":"32_CR32","doi-asserted-by":"crossref","unstructured":"Smirnov, A., et al.: Automatic patch generation for buffer overflow attacks. In: Proceedings of the Third International Symposium on Information Assurance and Security, IAS 2007, pp. 165\u2013170","DOI":"10.1109\/ISIAS.2007.4299769"},{"key":"32_CR33","unstructured":"Westley, W.: Patches as better bug reports. In: International Conference on Generative Programming and Component Engineering, GPCE 2006"},{"key":"32_CR34","unstructured":"Westley, W., et al.: Automatically finding patches using genetic programming $$^*$$ . In: International Conference on Software Engineering, ICSE 2009"}],"container-title":["Lecture Notes in Computer Science","Computer Safety, Reliability, and Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-24255-2_32","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,13]],"date-time":"2023-08-13T20:19:17Z","timestamp":1691957957000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-24255-2_32"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319242545","9783319242552"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-24255-2_32","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}