{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T19:22:27Z","timestamp":1742930547642,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":38,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642001987"},{"type":"electronic","value":"9783642001994"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-00199-4_7","type":"book-chapter","created":{"date-parts":[[2009,3,26]],"date-time":"2009-03-26T09:26:36Z","timestamp":1238059596000},"page":"75-90","source":"Crossref","is-referenced-by-count":10,"title":["Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations"],"prefix":"10.1007","author":[{"given":"Munawar","family":"Hafiz","sequence":"first","affiliation":[]},{"given":"Paul","family":"Adamczyk","sequence":"additional","affiliation":[]},{"given":"Ralph","family":"Johnson","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","volume-title":"Core J2EE Patterns: Best Practices and Design Strategies","author":"D. Alur","year":"2001","unstructured":"Alur, D., Crupi, J., Malks, D.: Core J2EE Patterns: Best Practices and Design Strategies. Pearson Education, London (2001)"},{"key":"7_CR2","first-page":"12","volume-title":"CCS 2007: Proceedings of the 14th ACM conference on Computer and Communications Security","author":"S. Bandhakavi","year":"2007","unstructured":"Bandhakavi, S., Bisht, P., Madhusudan, P., Venkatakrishnan, V.: CANDID: Preventing SQL injection attacks using dynamic candidate evaluations. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and Communications Security, pp. 12\u201324. ACM Press, New York (2007)"},{"key":"7_CR3","unstructured":"Blakley, B., Heath, C.: Security design patterns technical guide - version 1. Open Group (OG), led by Bob Blakley and Craig Heath (2004)"},{"key":"7_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-540-24852-1_21","volume-title":"Applied Cryptography and Network Security","author":"S.W. Boyd","year":"2004","unstructured":"Boyd, S.W., Keromytis, A.D.: SQLrand: Preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol.\u00a03089, pp. 292\u2013302. Springer, Heidelberg (2004)"},{"key":"7_CR5","unstructured":"Bugtraq Vulnerabilities List, \n                    \n                      http:\/\/www.securityfocus.com\/vulnerabilities"},{"key":"7_CR6","first-page":"280","volume-title":"ICCL","author":"J. Cordy","year":"1988","unstructured":"Cordy, J., Halpern-Hamu, C., Promislow, E.: TXL: A rapid prototyping system for programming language dialects. In: ICCL, pp. 280\u2013285. IEEE, Los Alamitos (1988)"},{"key":"7_CR7","unstructured":"Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Seventh USENIX Security Symposium proceedings, San Antonio, Texas (1998)"},{"key":"7_CR8","unstructured":"CVE-2006-5864, \n                    \n                      http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006-5864"},{"key":"7_CR9","unstructured":"CVE-2007-1614, \n                    \n                      http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2007-1614"},{"key":"7_CR10","first-page":"323","volume-title":"WCRE 2003","author":"C. Dahn","year":"2003","unstructured":"Dahn, C., Mancoridis, S.: Using program transformation to secure C programs against buffer overflows. In: WCRE 2003, Washington DC, USA, p. 323. IEEE Computer Society Press, Los Alamitos (2003)"},{"key":"7_CR11","unstructured":"Cavalier III., F.: Libmib allocated string functions, \n                    \n                      http:\/\/www.mibsoftware.com\/libmib\/astring\/"},{"key":"7_CR12","volume-title":"Refactoring: Improving The Design of Existing Code","author":"M. Fowler","year":"1999","unstructured":"Fowler, M.: Refactoring: Improving The Design of Existing Code. Addison-Wesley, Reading (1999)"},{"key":"7_CR13","volume-title":"Design Patterns","author":"E. Gamma","year":"1995","unstructured":"Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns. Addison-Wesley, Reading (1995)"},{"key":"7_CR14","volume-title":"OOPSLA 2008: Companion to the 23rd annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications","author":"M. Hafiz","year":"2008","unstructured":"Hafiz, M.: Security oriented program transformations (Or how to add security on demand). In: OOPSLA 2008: Companion to the 23rd annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, ACM, New York (2008)"},{"issue":"15","key":"7_CR15","doi-asserted-by":"publisher","first-page":"1569","DOI":"10.1002\/spe.880","volume":"38","author":"M. Hafiz","year":"2008","unstructured":"Hafiz, M., Johnson, R.: Evolution of the MTA architecture: The impact of security. Software\u2014Practice and Experience\u00a038(15), 1569\u20131599 (2008)","journal-title":"Software\u2014Practice and Experience"},{"key":"7_CR16","first-page":"795","volume-title":"ICSE 2006: Proceedings of the 28th International Conference on Software Engineering","author":"W. Halfond","year":"2006","unstructured":"Halfond, W., Orso, A.: Preventing SQL injection attacks using AMNESIA. In: ICSE 2006: Proceedings of the 28th International Conference on Software Engineering, pp. 795\u2013798. ACM, New York (2006)"},{"key":"7_CR17","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1145\/1181775.1181797","volume-title":"SIGSOFT\u201906\/FSE-14: Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of Software Engineering","author":"W. Halfond","year":"2006","unstructured":"Halfond, W., Orso, A., Manolios, P.: Using positive tainting and syntax-aware evaluation to counter SQL injection attacks. In: SIGSOFT\u201906\/FSE-14: Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of Software Engineering, pp. 175\u2013185. ACM Press, New York (2006)"},{"key":"7_CR18","unstructured":"Haugh, E., Bishop, M.: Testing C programs for buffer overflow vulnerabilities. In: NDSS. The Internet Society (2003)"},{"key":"7_CR19","unstructured":"International Organization for Standardization. ISO\/IEC 9899:1999: Programming Languages \u2014 C (December 1999)"},{"key":"7_CR20","unstructured":"International Organization for Standardization. ISO\/IEC 24731: Specification For Secure C Library Functions (2004)"},{"key":"7_CR21","unstructured":"ISO\/IEC 14882. C++ std:string"},{"key":"7_CR22","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1145\/1134744.1134751","volume-title":"PLAS 2006: Proceedings of the 2006 workshop on Programming Languages and Analysis for Security","author":"N. Jovanovic","year":"2006","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Precise alias analysis for static detection of web application vulnerabilities. In: PLAS 2006: Proceedings of the 2006 workshop on Programming Languages and Analysis for Security, pp. 27\u201336. ACM Press, New York (2006)"},{"key":"7_CR23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-27777-4_54","volume-title":"Refactoring to Patterns","author":"J. Kerievsky","year":"2004","unstructured":"Kerievsky, J.: Refactoring to Patterns. Addison-Wesley, Reading (2004)"},{"key":"7_CR24","unstructured":"Messier, M., Viega, J.: Safe C string library v1.0.3"},{"key":"7_CR25","unstructured":"Miller, T., de Raadt, T.: strlcpy and strlcat \u2014 Consistent, safe, string copy and concatenation. In: 1999 Usenix Annual Technical Conference, Monterey, California, USA (1999)"},{"issue":"6","key":"7_CR26","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1002\/spe.4380240604","volume":"24","author":"A. Narayanan","year":"1994","unstructured":"Narayanan, A.: Design of a safe string library for\u00a0C. Software\u2014Practice and Experience\u00a024(6), 565\u2013578 (1994)","journal-title":"Software\u2014Practice and Experience"},{"key":"7_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1007\/3-540-45937-5_16","volume-title":"Compiler Construction","author":"G. Necula","year":"2002","unstructured":"Necula, G., McPeak, S., Rahul, S., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol.\u00a02304, pp. 213\u2013228. Springer, Heidelberg (2002)"},{"key":"7_CR28","unstructured":"OWASP. Categories of injection attacks (2008)"},{"key":"7_CR29","doi-asserted-by":"crossref","unstructured":"Rinard, M.: Living in the comfort zone. In: OOPSLA 2007: Proceedings of the 22nd annual ACM SIGPLAN conference on Object oriented programming systems and applications, pp. 611\u2013622 (2007)","DOI":"10.1145\/1297027.1297072"},{"issue":"4","key":"7_CR30","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1002\/(SICI)1096-9942(1997)3:4<253::AID-TAPO3>3.0.CO;2-T","volume":"3","author":"D. Roberts","year":"1997","unstructured":"Roberts, D., Brant, J., Johnson, R.: A refactoring tool for Smalltalk. Theory and Practice of Object Systems\u00a03(4), 253\u2013263 (1997)","journal-title":"Theory and Practice of Object Systems"},{"key":"7_CR31","unstructured":"SourceForge.net. Most active projects - all time (February 2008)"},{"key":"7_CR32","volume-title":"Core Security Patterns : Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management","author":"C. Steel","year":"2005","unstructured":"Steel, C., Nagappan, R., Lai, R.: Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management. Prentice Hall PTR, Englewood Cliffs (2005)"},{"key":"7_CR33","doi-asserted-by":"publisher","first-page":"372","DOI":"10.1145\/1111037.1111070","volume-title":"POPL 2006: Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages","author":"Z. Su","year":"2006","unstructured":"Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. In: POPL 2006: Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 372\u2013382. ACM Press, New York (2006)"},{"key":"7_CR34","first-page":"54","volume-title":"ICSEW 2007: Proceedings of the 29th International Conference on Software Engineering Workshops","author":"S. Thomas","year":"2007","unstructured":"Thomas, S., Williams, L.: Using automated fix generation to secure SQL statements. In: ICSEW 2007: Proceedings of the 29th International Conference on Software Engineering Workshops, Washington, DC, USA, p. 54. IEEE Computer Society, Los Alamitos (2007)"},{"key":"7_CR35","volume-title":"16th Annual Computer Security Applications Conference","author":"J. Viega","year":"2000","unstructured":"Viega, J., Bloch, J., Kohno, T., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. In: 16th Annual Computer Security Applications Conference. ACM, New York (2000)"},{"key":"7_CR36","volume-title":"Building Secure Software: How to Avoid Security Problems The Right Way","author":"J. Viega","year":"2002","unstructured":"Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems The Right Way. Addison-Wesley, Reading (2002)"},{"key":"7_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1007\/3-540-45127-7_27","volume-title":"Rewriting Techniques and Applications","author":"E. Visser","year":"2001","unstructured":"Visser, E.: Stratego: A language for program transformation based on rewriting strategies. In: Middeldorp, A. (ed.) RTA 2001. LNCS, vol.\u00a02051, pp. 357\u2013361. Springer, Heidelberg (2001)"},{"key":"7_CR38","unstructured":"Wagner, D., Foster, J., Brewer, E., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: NDSS. The Internet Society (2000)"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-00199-4_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,29]],"date-time":"2020-01-29T14:06:52Z","timestamp":1580306812000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-00199-4_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642001987","9783642001994"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-00199-4_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}