{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T20:32:22Z","timestamp":1761597142216},"publisher-location":"Berlin, Heidelberg","reference-count":21,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642012433"},{"type":"electronic","value":"9783642012440"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-01244-0_6","type":"book-chapter","created":{"date-parts":[[2009,5,23]],"date-time":"2009-05-23T04:53:02Z","timestamp":1243054382000},"page":"63-75","source":"Crossref","is-referenced-by-count":9,"title":["Discovering Application-Level Insider Attacks Using Symbolic Execution"],"prefix":"10.1007","author":[{"given":"Karthik","family":"Pattabiraman","sequence":"first","affiliation":[]},{"given":"Nithin","family":"Nakka","sequence":"additional","affiliation":[]},{"given":"Zbigniew","family":"Kalbarczyk","sequence":"additional","affiliation":[]},{"given":"Ravishankar","family":"Iyer","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","first-page":"25","volume-title":"Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector","author":"M.R. Randazzo","year":"2004","unstructured":"Randazzo, M.R., et al.: Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, p. 25. ERT Coordination Center\/Software Engineering Institute, Philadelphia, PA (2004)"},{"key":"6_CR2","volume-title":"Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors","author":"M.M. Keeney","year":"2005","unstructured":"Keeney, M.M., Kowalski, E.F.: Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. CERT\/CC, Philadelphia, PA (2005)"},{"key":"6_CR3","volume-title":"Proceedings of the 2005 International Conference on Dependable Systems and Networks","author":"R. Chinchani","year":"2005","unstructured":"Chinchani, R., et al.: Towards a Theory of Insider Threat Assessment. In: Proceedings of the 2005 International Conference on Dependable Systems and Networks. IEEE Computer Society, Los Alamitos (2005)"},{"key":"6_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-540-75227-1_9","volume-title":"Formal Aspects in Security and Trust","author":"C.W. Probst","year":"2007","unstructured":"Probst, C.W., Hansen, R.R., Nielson, F.: Where Can an Insider Attack? In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol.\u00a04691, pp. 127\u2013142. Springer, Heidelberg (2007)"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Pattabiraman, K., Nakka, N., Kalbarczyk, Z.: SymPLFIED: Symbolic Program Level Fault-Injection and Error-Detection Framework. In: International Conference on Dependable Systems and Networks (DSN) (2008)","DOI":"10.1109\/DSN.2008.4630118"},{"key":"6_CR6","unstructured":"OpenSSH Development Team., OpenSSH 4.21 (2004)"},{"key":"6_CR7","unstructured":"Clavel, M., et al.: The Maude 2.0 System. In: Rewriting Technologies and Applications. Springer, Heidelberg (2001)"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Pattabiraman, K., et al.: Discovering Application-level Insider Attacks using Symbolic Execution, CRHC Technical Report, UIUC, Champaign, IL (2008)","DOI":"10.1007\/978-3-642-01244-0_6"},{"key":"6_CR9","volume-title":"Proceedings of the 1998 workshop on New security paradigms","author":"C. Phillips","year":"1998","unstructured":"Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on New security paradigms. ACM, Charlottesville (1998)"},{"key":"6_CR10","volume-title":"Proceedings of the 9th ACM conference on Computer and communications security","author":"P. Ammann","year":"2002","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on Computer and communications security. ACM, Washington (2002)"},{"key":"6_CR11","volume-title":"Proceedings of the 2002 IEEE Symposium on Security and Privacy","author":"O. Sheyner","year":"2002","unstructured":"Sheyner, O., et al.: Automated Generation and Analysis of Attack Graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos (2002)"},{"issue":"7","key":"6_CR12","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1145\/360248.360252","volume":"19","author":"J.C. King","year":"1976","unstructured":"King, J.C.: Symbolic execution and program testing. Commun. ACM\u00a019(7), 385\u2013394 (1976)","journal-title":"Commun. ACM"},{"key":"6_CR13","volume-title":"Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles","author":"M. Costa","year":"2007","unstructured":"Costa, M., et al.: Bouncer: securing software by blocking bad input. In: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles. ACM, Stevenson (2007)"},{"key":"6_CR14","volume-title":"Proceedings of the 14th conference on USENIX Security Symposium","author":"C. Kruegel","year":"2005","unstructured":"Kruegel, C., et al.: Automating mimicry attacks using static binary analysis. In: Proceedings of the 14th conference on USENIX Security Symposium, vol.\u00a014. USENIX, Baltimore (2005)"},{"key":"6_CR15","unstructured":"Molnar, D.A., Wagner, D.: Catchconv: Symbolic execution and run-time type inference for integer conversion errors, EECS Department, University of California, Berkeley (2007)"},{"key":"6_CR16","volume-title":"Proceedings of the 13th ACM conference on Computer and communications security","author":"C. Cadar","year":"2006","unstructured":"Cadar, C., et al.: EXE: automatically generating inputs of death. In: Proceedings of the 13th ACM conference on Computer and communications security. ACM, Virginia (2006)"},{"issue":"4","key":"6_CR17","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1109\/2.585157","volume":"30","author":"M.-C. Hsueh","year":"1997","unstructured":"Hsueh, M.-C., Tsai, T.K., Iyer, R.K.: Fault Injection Techniques and Tools. IEEE Computer\u00a030(4), 75\u201382 (1997)","journal-title":"IEEE Computer"},{"key":"6_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/3-540-69053-0_4","volume-title":"Advances in Cryptology - EUROCRYPT \u201997","author":"D. Boneh","year":"1997","unstructured":"Boneh, D., DeMillo, R., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol.\u00a01233, pp. 37\u201351. Springer, Heidelberg (1997)"},{"key":"6_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/3-540-48405-1_25","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"P.C. Kocher","year":"1999","unstructured":"Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, p. 388. Springer, Heidelberg (1999)"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Xu, J., et al.: An Experimental Study of Security Vulnerabilities Caused by Errors. In: Proceedings of International Conference on Dependable Systems and Networks (DSN) (2001)","DOI":"10.1109\/DSN.2001.941426"},{"key":"6_CR21","volume-title":"Proceedings of the 2003 IEEE Symposium on Security and Privacy","author":"S. Govindavajhala","year":"2003","unstructured":"Govindavajhala, S., Appel, A.W.: Using Memory Errors to Attack a Virtual Machine. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos (2003)"}],"container-title":["IFIP Advances in Information and Communication Technology","Emerging Challenges for Security, Privacy and Trust"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-01244-0_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T05:26:45Z","timestamp":1558330005000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-01244-0_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642012433","9783642012440"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-01244-0_6","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2009]]}}}