{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T23:15:02Z","timestamp":1725491702861},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540736134"},{"type":"electronic","value":"9783540736141"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-3-540-73614-1_13","type":"book-chapter","created":{"date-parts":[[2007,9,13]],"date-time":"2007-09-13T03:09:45Z","timestamp":1189652985000},"page":"213-230","source":"Crossref","is-referenced-by-count":2,"title":["Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks"],"prefix":"10.1007","author":[{"given":"Danilo","family":"Bruschi","sequence":"first","affiliation":[]},{"given":"Lorenzo","family":"Cavallaro","sequence":"additional","affiliation":[]},{"given":"Andrea","family":"Lanzi","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"13_CR1","doi-asserted-by":"publisher","first-page":"340","DOI":"10.1145\/1102120.1102165","volume-title":"CCS 2005: Proceedings of the 12th ACM conference on Computer and communications security","author":"M. Abadi","year":"2005","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: CCS 2005: Proceedings of the 12th ACM conference on Computer and communications security, pp. 340\u2013353. ACM Press, New York (2005)"},{"key":"13_CR2","volume-title":"Modern compiler implementation in c","author":"a.w. appel","year":"2004","unstructured":"appel, a.w.: Modern compiler implementation in c. Cambridge University Press, Cambridge (2004)"},{"key":"13_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1007\/978-3-540-24723-4_2","volume-title":"Compiler Construction","author":"G. Balakrishnan","year":"2004","unstructured":"Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol.\u00a02985, pp. 5\u201323. Springer, Heidelberg (2004)"},{"key":"13_CR4","unstructured":"Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-Variant Systems: A Secretless Framework for Security through Diversity. In: 15th USENIX Security Symposium (2006)"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Bruschi, D., Cavallaro, L., Lanzi, A.: An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks. In: 3rd International Workshop on Information Assurance (WIA 2007) (April 2007)","DOI":"10.1109\/PCCC.2007.358922"},{"key":"13_CR6","unstructured":"Chen, S., Xu, J., Sezer, E., Gauriar, P., Iye, R.K.: Non-Control-Data Attacks Are Realistic Threats. In: 14th USENIX Security Symposium (2005)"},{"key":"13_CR7","unstructured":"Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. of the 7th Usenix Security Symposium, pp. 63\u201378 (January 1998)"},{"issue":"4","key":"13_CR8","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1145\/115372.115320","volume":"13","author":"R. Cytron","year":"1991","unstructured":"Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst.\u00a013(4), 451\u2013490 (1991)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Bruschi, D., Cavallaro, L., Lanzi, A.: Diversified Process Replic\u00e6 for Defeating Memory Error Exploits. In: 3rd International Workshop on Information Assurance (WIA 2007) (April 2007)","DOI":"10.1109\/PCCC.2007.358924"},{"key":"13_CR10","unstructured":"Etoh, H.: GCC extension for protecting applications from stack-smashing attacks (ProPolice) (2003), http:\/\/www.trl.ibm.com\/projects\/security\/ssp\/"},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Feng, H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly Detection using Call Stack Information. In: IEEE Symposium on Security and Privacy, Oakland, California (2003)","DOI":"10.1109\/SECPRI.2003.1199328"},{"key":"13_CR12","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1109\/SECPRI.1996.502675","volume-title":"SP 1996: Proceedings of the 1996 IEEE Symposium on Security and Privacy","author":"S. Forrest","year":"1996","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: SP 1996: Proceedings of the 1996 IEEE Symposium on Security and Privacy, p. 120. IEEE Computer Society Press, Los Alamitos (1996)"},{"issue":"3","key":"13_CR13","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S.A. Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. Journal of Computer Security\u00a06(3), 151\u2013180 (1998)","journal-title":"Journal of Computer Security"},{"key":"13_CR14","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1145\/1030083.1030124","volume-title":"CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security","author":"H. Shacham","year":"2004","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.-J.: On the Effectiveness of Address-Space Randomization. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298\u2013307. ACM Press, New York (2004)"},{"key":"13_CR15","unstructured":"iSec.pl Development\u00a0Team. kNoX - Implementation of non-executable Page Protection Mechanism (February 2005), http:\/\/www.isec.pl\/projects\/knox\/knox.html"},{"key":"13_CR16","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.P.: Secure execution via program shepherding. In: Proceedings of the 11th USENIX Security Symposium, pp. 191\u2013206, Berkeley, CA, USA, USENIX Association (2002)"},{"key":"13_CR17","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating Mimicry Attacks Using Static Binary Analysis. In: Proceedings of the USENIX Security Symposium, Baltimore, MD (August 2005)"},{"key":"13_CR18","unstructured":"Elias Aleph One Levy. Smashing the Stack for Fun and Profit. Phrack Magazine, vol. 0x07(#49), Phile 14\u201316 (December 1998)"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Nielson, F., Nielson, H., Hankin, C.: Principles of Program Analysis (1999)","DOI":"10.1007\/978-3-662-03811-6"},{"key":"13_CR20","unstructured":"Bhatkar, S., DuVarney, D.C., Sekar, R.: Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In: 12th USENIX Security Symposium (2003)"},{"key":"13_CR21","unstructured":"Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient Techniques for Comprehensive Protection from Memory Error Exploits. In: 14th USENIX Security Symposium (2005)"},{"key":"13_CR22","doi-asserted-by":"crossref","unstructured":"Schwarz, B., Debray, S., Andrews, G.: Disassembly of Executable Code Revisited. In: Proceedings of the Ninth Working Conference on Reverse Engineering (2002)","DOI":"10.1109\/WCRE.2002.1173063"},{"key":"13_CR23","doi-asserted-by":"crossref","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. In: IEEE Symposium on Security and Privacy, Oakland, California (2001)","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"13_CR24","unstructured":"De Sutter, B., De Bus, B., De Bosschere, K., Keyngnaert, P., Demoen, B.: the static analysis of indirect control transfers in binaries. In: Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, Las Vegas, Nevada, USA, pp. 1013\u20131019 (June 2000)"},{"key":"13_CR25","doi-asserted-by":"crossref","unstructured":"Tan, K.M.C., Killourhy, K.S., Maxion, R.A.: Undermining an anomaly-based intrusion detection system using common exploits. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (2002)","DOI":"10.1007\/3-540-36084-0_4"},{"key":"13_CR26","doi-asserted-by":"crossref","unstructured":"Tan, K.M.C., McHugh, J., Killourhy, K.S.: Hiding intrusions: From the abnormal to the normal and beyond. In: Information Hiding, pp. 1\u201317 (2002)","DOI":"10.1007\/3-540-36415-3_1"},{"key":"13_CR27","unstructured":"The Linux Kernel 2.6\u00a0Development Team. The Linux Kernel 2.6 (February 2005), http:\/\/lwn.net\/Articles\/121845\/"},{"key":"13_CR28","unstructured":"The OpenWall\u00a0Development Team. The OpenWall Project (February 2005), http:\/\/www.openwall.com"},{"key":"13_CR29","unstructured":"The PaX Team. PaX: Address Space Layout Randomization (ASLR), http:\/\/pax.grsecurity.net"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: IEEE Symposium on Security and Privacy, Oakland, California (2001)","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"13_CR31","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry Attacks on Host Based Intrusion Detection Systems. In: Proc. Ninth ACM Conference on Computer and Communications Security (2002)","DOI":"10.1145\/586110.586145"},{"key":"13_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1007\/978-3-540-30143-1_2","volume-title":"Recent Advances in Intrusion Detection","author":"H. Xu","year":"2004","unstructured":"Xu, H., Du, W., Chapin, S.J.: Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 21\u201338. Springer, Heidelberg (2004)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-73614-1_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,3]],"date-time":"2019-05-03T01:30:52Z","timestamp":1556847052000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-73614-1_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9783540736134","9783540736141"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-73614-1_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2007]]}}}