{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T13:46:10Z","timestamp":1773236770535,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":46,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540705413","type":"print"},{"value":"9783540705420","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-70542-0_8","type":"book-chapter","created":{"date-parts":[[2008,8,12]],"date-time":"2008-08-12T16:07:43Z","timestamp":1218557263000},"page":"143-163","source":"Crossref","is-referenced-by-count":75,"title":["On the Limits of Information Flow Techniques for Malware Analysis and Containment"],"prefix":"10.1007","author":[{"given":"Lorenzo","family":"Cavallaro","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Prateek","family":"Saxena","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"R.","family":"Sekar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically Hardening Web Applications Using Precise Tainting. In: 20th IFIP International Information Security Conference (2005)","DOI":"10.1007\/0-387-25660-1_20"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"Bala, V., Duesterwald, E., Banerjia, S.: Dynamo: a transparent dynamic optimization system. SIGPLAN Not.\u00a035(5) (2000)","DOI":"10.1145\/358438.349303"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"Barthe, G., Pichardie, D., Rezk, T.: A certified lightweight non-interference java bytecode verifier. Programming Languages and Systems (2007)","DOI":"10.1007\/978-3-540-71316-6_10"},{"key":"8_CR5","unstructured":"Barthe, G., Rezk, T., Warnier, M.: Preventing timing leaks through transactional branching instructions. In: Proceedings of 3rd Workshop on Quantitative Aspects of Programming Languages (QAPL 2005) (2005)"},{"key":"8_CR6","unstructured":"Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, vol.\u00a01, MITRE Corp. (1973)"},{"key":"8_CR7","unstructured":"Bellard, F.: Qemu, a fast and portable dynamic translator. In: ATEC 2005: Proceedings of the USENIX Annual Technical Conference 2005 on USENIX Annual Technical Conference (2005)"},{"key":"8_CR8","unstructured":"Biba, K.J.: Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Hanscom Air Force Base, Bedford, Massachusetts (1977)"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: Exe: automatically generating inputs of death. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security (2006)","DOI":"10.1145\/1180405.1180445"},{"key":"8_CR10","unstructured":"Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., Iyer, R.K.: Defeating memory corruption attacks via pointer taintedness detection. In: IEEE International Conference on Dependable Systems and Networks (DSN) (2005)"},{"key":"8_CR11","unstructured":"Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., Iyer, R.K.: Defeating Memory Corruption Attacks via Pointer Taintedness Detection. In: DSN 2005: Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN 2005) (2005)"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM\u00a020(7) (1977)","DOI":"10.1145\/359636.359712"},{"key":"8_CR13","unstructured":"Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic spyware analysis. In: Usenix Tech Conference (2007)"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Fenton, J.S.: Memoryless subsystems. Computing Journal\u00a017(2) (1974)","DOI":"10.1093\/comjnl\/17.2.143"},{"key":"8_CR15","unstructured":"Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2005) (2005)"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Kong, J., Zou, C.C., Zhou, H.: Improving Software Security via Runtime Instruction-level Taint Checking. In: ASID 2006: Proceedings of the 1st workshop on Architectural and sys tem support for improving software dependability (2006)","DOI":"10.1145\/1181309.1181313"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Luk, C., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Janapa Reddi, V., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. SIGPLAN Not.\u00a040(6) (2005)","DOI":"10.1145\/1064978.1065034"},{"key":"8_CR18","unstructured":"McAfee. W32\/hiv. virus information library (2000)"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"McAfee. W32\/mydoom@mm. virus information library (2004)","DOI":"10.1016\/S1353-4858(04)00036-4"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: IEEE Symposium on Security and Privacy (1994)","DOI":"10.1109\/RISP.1994.296590"},{"key":"8_CR21","unstructured":"Medel, R.: Typed Assembly Languages for Software Security. PhD thesis, Department of Computer Science, Stevens Institute of Technology (2006)"},{"key":"8_CR22","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"A. Moser","year":"2007","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol.\u00a04697. Springer, Heidelberg (2007)"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Myers, A.C.: JFlow: Practical mostly-static information flow control. In: ACM POPL, pp. 228\u2013241 (1999)","DOI":"10.1145\/292540.292561"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Nanda, S., Li, W., Lam, L., Chiueh, T.: BIRD: Binary interpretation using runtime disassembly. In: IEEE\/ACM Conference on Code Generation and Optimization (CGO) (2006)","DOI":"10.1109\/CGO.2006.6"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL 1997) (1997)","DOI":"10.1145\/263699.263712"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. In: ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI 2007) (2007)","DOI":"10.1145\/1250734.1250746"},{"key":"8_CR27","unstructured":"Perl. Perl taint mode, http:\/\/www.perl.org"},{"key":"8_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1007\/11663812_7","volume-title":"Recent Advances in Intrusion Detection","author":"T. Pietraszek","year":"2006","unstructured":"Pietraszek, T., Berghe, C.V.: Defending against injection attacks through context-sensitive string evaluation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 124\u2013145. Springer, Heidelberg (2006)"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. SIGOPS Oper. Syst. Rev.\u00a040(4) (2006)","DOI":"10.1145\/1218063.1217938"},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Qin, F., Wang, C., Li, Z., Kim, H., Zhou, Y., Wu, Y.: LIFT: A low-overhead practical information flow tracking system for detecting general security attacks. In: IEEE\/ACM International Symposium on Microarchitecture (2006)","DOI":"10.1109\/MICRO.2006.29"},{"key":"8_CR31","unstructured":"Wojtczuk, R.N.: The Advanced return-into-lib(c) Exploits: PaX Case Study. Phrack Magazine\u00a00x0b(0x3a). Phile #0x04 of 0x0e (2001)"},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications\u00a021(1) (2003)","DOI":"10.1109\/JSAC.2002.806121"},{"key":"8_CR33","unstructured":"Saxena, P., Sekar, R., Puranik, V.: A practical technique for integrity protection from untrusted plug-ins. Technical Report SECLAB08-01, Stony Brook University (2008)"},{"key":"8_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-540-73614-1_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"E. Stinson","year":"2007","unstructured":"Stinson, E., Mitchell, J.C.: Characterizing bots\u2019 remote control behavior. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol.\u00a04579, pp. 89\u2013108. Springer, Heidelberg (2007)"},{"key":"8_CR35","unstructured":"Clad \u201cRORIV\u201d Strife and Xdream ROJIV Blue. Ret onto Ret into Vsyscalls"},{"key":"8_CR36","doi-asserted-by":"crossref","unstructured":"Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure Program Execution via Dynamic Information Flow Tracking. In: ASPLOS-XI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems (2004)","DOI":"10.1145\/1024393.1024404"},{"key":"8_CR37","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Symantec Press (2005)"},{"key":"8_CR38","unstructured":"TrendMicro. Bkdr.surila.g (w32\/ratos). virus encyclopedia (2004)"},{"key":"8_CR39","unstructured":"Vasudevan, A.: WiLDCAT: An Integrated Stealth Environment for Dynamic Malware Analysis. PhD thesis, The University of Texas at Arlington, USA (2007)"},{"key":"8_CR40","unstructured":"Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In: Proceeding of the Network and Distributed System Security Symposium (NDSS) (2007)"},{"key":"8_CR41","doi-asserted-by":"crossref","unstructured":"Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security (JCS)\u00a04(3) (1996)","DOI":"10.3233\/JCS-1996-42-304"},{"key":"8_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48294-6_20","volume-title":"Static Analysis","author":"D.M. Volpano","year":"1999","unstructured":"Volpano, D.M.: Safety versus secrecy. In: Cortesi, A., Fil\u00e9, G. (eds.) SAS 1999. LNCS, vol.\u00a01694. Springer, Heidelberg (1999)"},{"key":"8_CR43","unstructured":"Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In: USENIX Security Symposium (2006)"},{"key":"8_CR44","unstructured":"Yin, H., Liang, Z., Song, D.: Hookfinder: Identifying and understanding malware hooking behaviors. In: NDSS (2008)"},{"key":"8_CR45","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Manuel, E., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conferences on Computer and Communication Security (CCS 2007) (2007)","DOI":"10.1145\/1315245.1315261"},{"key":"8_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1007\/11693024_12","volume-title":"Programming Languages and Systems","author":"D. Yu","year":"2006","unstructured":"Yu, D., Islam, N.: A typed assembly language for confidentiality. In: Sestoft, P. (ed.) ESOP 2006 and ETAPS 2006. LNCS, vol.\u00a03924, pp. 162\u2013179. Springer, Heidelberg (2006)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-70542-0_8.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,19]],"date-time":"2020-11-19T05:07:33Z","timestamp":1605762453000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-70542-0_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540705413","9783540705420"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-70542-0_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}