{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,5]],"date-time":"2025-04-05T19:23:40Z","timestamp":1743881020254},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319454764"},{"type":"electronic","value":"9783319454771"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45477-1_19","type":"book-chapter","created":{"date-parts":[[2016,9,3]],"date-time":"2016-09-03T05:34:41Z","timestamp":1472880881000},"page":"238-249","source":"Crossref","is-referenced-by-count":2,"title":["Exploiting Trust in Deterministic Builds"],"prefix":"10.1007","author":[{"given":"Christopher","family":"J\u00e4mthagen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Patrik","family":"Lantz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Hell","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,9,4]]},"reference":[{"key":"19_CR1","unstructured":"Edge, J.: A backdoor in UnrealIRCd (2010). https:\/\/lwn.net\/Articles\/392201\/"},{"key":"19_CR2","unstructured":"Posted by corbet. An attempt to backdoor the kernel (2003). https:\/\/lwn.net\/Articles\/57135\/"},{"key":"19_CR3","unstructured":"Evans, C.: Alert: vsftpd download backdoored (2011). http:\/\/scarybeastsecurity.blogspot.com\/2011\/07\/alert-vsftpd-download-backdoored.html"},{"key":"19_CR4","unstructured":"SecurityFocus.com. ProFTPD Backdoor Unauthorized Access Vulnerability (2010). http:\/\/www.securityfocus.com\/bid\/45150"},{"key":"19_CR5","unstructured":"welivesecurity.com. Linux\/SSHDoor.A Backdoored SSH daemon that steals passwords (2013). http:\/\/www.welivesecurity.com\/2013\/01\/24\/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords\/"},{"key":"19_CR6","unstructured":"Coverity: Software Testing and Static Analysis Tools. http:\/\/www.coverity.com\/"},{"key":"19_CR7","unstructured":"Flawfinder. http:\/\/www.dwheeler.com\/flawfinder\/"},{"key":"19_CR8","unstructured":"Splint. http:\/\/www.splint.org\/"},{"issue":"4","key":"19_CR9","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1109\/MSP.2006.84","volume":"4","author":"MA Howard","year":"2006","unstructured":"Howard, M.A.: A process for performing security code reviews. IEEE Secur. Priv. 4(4), 74\u201379 (2006)","journal-title":"IEEE Secur. Priv."},{"key":"19_CR10","doi-asserted-by":"crossref","unstructured":"Asundi, J., Jayant, R.: Patch review processes in open source software development communities: a comparative case study. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, HICSS 2007, p. 166c. IEEE Computer Society, Washington, DC (2007)","DOI":"10.1109\/HICSS.2007.426"},{"key":"19_CR11","doi-asserted-by":"crossref","unstructured":"Rigby, P.C., Storey, M.-A.: Understanding broadcast based peer review on open source software projects. In: Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, pp. 541\u2013550. ACM, New York (2011)","DOI":"10.1145\/1985793.1985867"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Bosu, A., Carver, J.C.: Impact of developer reputation on code review outcomes in OSS projects: an empirical investigation. In: Proceedings of the 8th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2014, pp. 33:1\u201333:10. ACM, New York (2014)","DOI":"10.1145\/2652524.2652544"},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Bosu, A., Carver, J.C.: Peer code review to prevent security vulnerabilities: an empirical evaluation. In: 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C), pp. 229\u2013230, June 2013","DOI":"10.1109\/SERE-C.2013.22"},{"key":"19_CR14","series-title":"Lecture Notes in Computer Science","first-page":"210","volume-title":"Computer Security \u2013 ESORICS 2011","author":"Z Wang","year":"2011","unstructured":"Wang, Z., Ming, J., Jia, C., Gao, D.: Linear obfuscation to combat symbolic execution. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 210\u2013226. Springer, Heidelberg (2011)"},{"key":"19_CR15","unstructured":"Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS) (2008)"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Schuster, F., Holz, T.: Towards reducing the attack surface of software backdoors. In: Proceedings of the ACM SIGSAC Conference on Computer Communications Security, CCS 2013, pp. 851\u2013862. ACM, New York (2013)","DOI":"10.1145\/2508859.2516716"},{"key":"19_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1007\/978-3-319-08509-8_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Andriesse","year":"2014","unstructured":"Andriesse, D., Bos, H.: Instruction-level steganography for covert trigger-based malware. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 41\u201350. Springer, Heidelberg (2014)"},{"key":"19_CR18","unstructured":"Gitian. https:\/\/gitian.org\/"},{"key":"19_CR19","unstructured":"Debian: Reproducible builds. https:\/\/wiki.debian.org\/ReproducibleBuilds"},{"key":"19_CR20","unstructured":"Tor: Deterministic builds. https:\/\/blog.torproject.org\/category\/tags\/deterministic-builds"},{"key":"19_CR21","unstructured":"Intel 64 and IA-32 Architectures Software Developer\u2019s Manual. https:\/\/www-ssl.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/manuals\/64-ia-32-architectures-software-developer-manual-325462.pdf"},{"key":"19_CR22","unstructured":"Bitcoin core. https:\/\/bitcoincore.org"},{"key":"19_CR23","unstructured":"Lagarias, J.C., Rains, E., Vanderbei, R.J.: The Kruskal Count (2001). http:\/\/arxiv.org\/abs\/math\/0110143"},{"key":"19_CR24","doi-asserted-by":"crossref","unstructured":"Jamthagen, C., Lantz, P., Hell, M.: A new instruction overlapping technique for anti-disassembly and obfuscation of x86 binaries. In: 2013 Workshop on Anti-malware Testing Research (WATeR), pp. 1\u20139, October 2013","DOI":"10.1109\/WATeR.2013.6707878"},{"key":"19_CR25","unstructured":"Hiding code in deterministically built binaries - Proof-of-Concept - Linux\/x86. https:\/\/github.com\/cjamthagen\/backdoor_deterministic_code"},{"key":"19_CR26","unstructured":"shell_bind_tcp.asm. https:\/\/github.com\/geyslan\/SLAE\/blob\/master\/1st.assignment\/shell_bind_tcp.asm"},{"key":"19_CR27","unstructured":"Wang, T., Lu, K., Lu, L., Chung, S., Lee, W.: Jekyll on iOS: when benign apps become evil. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 559\u2013572. USENIX Association, Berkeley (2013)"},{"key":"19_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"413","DOI":"10.1007\/978-3-319-13257-0_25","volume-title":"Information Security","author":"C Jamthagen","year":"2014","unstructured":"Jamthagen, C., Karlsson, L., Stankovski, P., Hell, M.: eavesROP: listening for ROP Payloads in data streams. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 413\u2013424. Springer International Publishing, Heidelberg (2014)"},{"key":"19_CR29","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 552\u2013561. ACM, New York (2007)","DOI":"10.1145\/1315245.1315313"}],"container-title":["Lecture Notes in Computer Science","Computer Safety, Reliability, and Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45477-1_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,24]],"date-time":"2017-06-24T21:58:08Z","timestamp":1498341488000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-45477-1_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319454764","9783319454771"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45477-1_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}