{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T10:15:16Z","timestamp":1777371316706,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":43,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642041167","type":"print"},{"value":"9783642041174","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-04117-4_30","type":"book-chapter","created":{"date-parts":[[2010,2,22]],"date-time":"2010-02-22T16:44:00Z","timestamp":1266857040000},"page":"633-658","source":"Crossref","is-referenced-by-count":16,"title":["Low-Level Software Security by Example"],"prefix":"10.1007","author":[{"given":"\u00dalfar","family":"Erlingsson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yves","family":"Younan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Frank","family":"Piessens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"30_CR1","volume-title":"The Security Development Lifecycle","author":"M. Howard","year":"2006","unstructured":"M. Howard, S. Lipner: The Security Development Lifecycle (Microsoft Press, Redmond, Washington 2006)"},{"issue":"1","key":"30_CR2","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1145\/66093.66095","volume":"19","author":"E.H. Spafford","year":"1989","unstructured":"E.H. Spafford: The Internet worm program: An analysis, SIGCOMM Comput. Commun. Rev. 19(1), 17\u201357 (1989)","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"30_CR3","unstructured":"Intel Corporation: Intel IA-32 Architecture, Software Developer's Manual, Volumes 1\u20133, available at http:\/\/developer.intel.com\/design\/Pentium\/documentation.htm (2007)"},{"key":"30_CR4","unstructured":"C. Cowan, M. Barringer, S. Beattie, G. Kroah-Hartman, M. Frantzen, J. Lokier: FormatGuard: Automatic protection from printf format string vulnerabilities, Proc. 10th USENIX Security Symp. (2001) pp. 191\u2013200"},{"key":"30_CR5","unstructured":"D. Brumley, T. Chiueh, R. Johnson, H. Lin, D. Song: Efficient and accurate detection of integer-based attacks, Proc. 14th Annual Network and Distributed System Security Symp. (NDSS'07) (2007)"},{"issue":"4","key":"30_CR6","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MSP.2004.36","volume":"2","author":"J. Pincus","year":"2004","unstructured":"J. Pincus, B. Baker: Beyond stack smashing: recent advances in exploiting buffer overruns, IEEE Secur. Privacy 2(4), 20\u201327 (2004)","journal-title":"IEEE Secur. Privacy"},{"issue":"4","key":"30_CR7","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/MSP.2005.106","volume":"03","author":"M. Bailey","year":"2005","unstructured":"M. Bailey, E. Cooke, F. Jahanian, D. Watson, J. Nazario: The blaster worm: Then and now, IEEE Secur. Privacy 03(4), 26\u201331 (2005)","journal-title":"IEEE Secur. Privacy"},{"key":"30_CR8","volume-title":"Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research","author":"J.C. Foster","year":"2007","unstructured":"J.C. Foster: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research (Syngress Publishing, Burlington, MA 2007)"},{"key":"30_CR9","unstructured":"klog: The Frame Pointer Overwrite, Phrack 55 (1999)"},{"key":"30_CR10","unstructured":"D. Litchfield: Defeating the stack buffer overflow prevention mechanism of Microsoft Windows 2003 Server, available at http:\/\/www.nextgenss.com\/papers\/defeating-win-stack-protection.pdf (2003)"},{"key":"30_CR11","unstructured":"rix: Smashing C++ VPTRs, Phrack 56 (2000)"},{"key":"30_CR12","doi-asserted-by":"crossref","unstructured":"H. Shacham: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86), Proc. 14th ACM Conf. on Computer and Communications Security (CCS'07) (2007) pp. 552\u2013561","DOI":"10.1145\/1315245.1315313"},{"key":"30_CR13","unstructured":"M. Howard: Lessons learned from the Animated Cursor Security Bug, available at http:\/\/blogs.msdn.com\/sdl\/archive\/2007\/04\/26\/lessonslearned-from-the-animated-cursor-securitybug.aspx (2007)"},{"key":"30_CR14","unstructured":"S. Chen, J. Xu, E.C. Sezer, P. Gauriar, R. Iyer: Noncontrol-data attacks are realistic threats, Proc. 14th USENIX Security Symp. (2005) pp. 177\u2013192"},{"key":"30_CR15","unstructured":"E. Florio: GDIPLUS VULN \u2013 MS04-028 \u2013 CRASH TEST JPEG, full-disclosure at lists.netsys.com (2004)"},{"key":"30_CR16","doi-asserted-by":"crossref","unstructured":"G.S. Kc, A.D. Keromytis, V. Prevelakis: Countering code-injection attacks with instruction-set randomization, Proc. 10th ACM Conf. on Computer and Communications Security (CCS'03) (2003) pp. 272\u2013280","DOI":"10.1145\/948109.948146"},{"key":"30_CR17","unstructured":"M. Castro, M. Costa, T. Harris: Securing software by enforcing data-flow integrity, Proc. 7th Symp. on Operating Systems Design and Implementation (OSDI'06) (2006) pp. 147\u2013160"},{"key":"30_CR18","unstructured":"J. Newsome, D. Song: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software, Proc. 12th Annual Network and Distributed System Security Symp. (NDSS'07) (2005)"},{"key":"30_CR19","unstructured":"Y. Younan, W. Joosen, F. Piessens: Code injection in C and C++: a survey of vulnerabilities and countermeasures, Technical Report CW386 (Departement Computerwetenschappen, Katholieke Universiteit Leuven, 2004)"},{"key":"30_CR20","unstructured":"Y. Younan: Efficient countermeasures for software vulnerabilities due to memory management errors, Ph.D. Thesis (2008)"},{"key":"30_CR21","unstructured":"C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks, Proc. 7th USENIX Security Symp. (1998) pp. 63\u201378"},{"key":"30_CR22","unstructured":"B. Bray: Compiler security checks in depth, available at http:\/\/msdn2.microsoft.com\/en-us\/library\/aa290051(vs.71).aspx (2002)"},{"key":"30_CR23","unstructured":"M. Howard, M. Thomlinson: Windows Vista ISV Security, available at http:\/\/msdn2.microsoft.com\/en-us\/library\/bb430720.aspx (2007)"},{"issue":"12","key":"30_CR24","first-page":"4034","volume":"43","author":"H. Etoh","year":"2002","unstructured":"H.Etoh,K.Yoda:ProPolice:improvedstack smashing attack detection, Trans. Inform. Process. Soc. Japan 43(12), 4034\u20134041 (2002)","journal-title":"Trans. Inform. Process. Soc. Japan"},{"key":"30_CR25","unstructured":"M. Howard: Hardening stack-based buffer overrun detection in VC++ 2005 SP1, available at http:\/\/blogs.msdn.com\/michael_howard\/archive\/2007\/04\/03\/hardening-stack-based-bufferoverrun-detection-in-vc-2005-sp1.aspx (2007)"},{"key":"30_CR26","doi-asserted-by":"crossref","unstructured":"M. Abadi, M. Budiu, \u00da. Erlingsson, J. Ligatti: Control-flow integrity, Proc. 12th ACM Conf. on Computer and Communications Security (CCS'05) (2005) pp. 340\u2013353","DOI":"10.1145\/1102120.1102165"},{"key":"30_CR27","doi-asserted-by":"crossref","unstructured":"M. Abadi, M. Budiu, \u00da. Erlingsson, J. Ligatti: A theory of secure control flow, Proc. 7th Int. Conf. on Formal Engineering Methods (ICFEM'05) (2005) pp. 111\u2013124","DOI":"10.1007\/11576280_9"},{"key":"30_CR28","doi-asserted-by":"crossref","unstructured":"C. Small: A tool for constructing safe extensible C++ systems, Proc. 3rd Conf. on Object-Oriented Technologies and Systems (COOTS'97) (1997)","DOI":"10.1109\/4434.708254"},{"key":"30_CR29","unstructured":"V. Kiriansky, D. Bruening, S. Amarasinghe: Secure execution via program shepherding, Proc. 11th USENIX Security Symp. (2002) pp. 191\u2013206"},{"key":"30_CR30","volume-title":"Security Engineering: A Guide to Building Dependable Distributed Systems","author":"R.J. Anderson","year":"2001","unstructured":"R.J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems (John Wiley and Sons, New York, 2001)"},{"key":"30_CR31","unstructured":"PaX Project: The PaX Project, http:\/\/pax.grsecurity.net\/ (2004)"},{"key":"30_CR32","unstructured":"M. Howard: Alleged bugs in Windows Vista's ASLR implementation, available at http:\/\/blogs.msdn.com\/michael_howard\/archive\/2006\/10\/04\/Alleged-Bugs-in-Windows-Vista_1920_s-ASLR-Implementation.aspx (2006)"},{"key":"30_CR33","doi-asserted-by":"crossref","unstructured":"H. Shacham, M. Page, B. Pfaff, E-J. Goh, N. Modadugu, D. Boneh: On the effectiveness of address-space randomization, Proc. 11th ACM Conf. on Computer and Communications Security (CCS'04) (2004) pp. 298\u2013307","DOI":"10.1145\/1030083.1030124"},{"key":"30_CR34","unstructured":"Wikipedia: x86-64, http:\/\/en.wikipedia.org\/wiki\/X86-64 (2007)"},{"issue":"2","key":"30_CR35","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1145\/384192.384195","volume":"33","author":"B. Littlewood","year":"2001","unstructured":"B. Littlewood, P. Popov, L. Strigini: Modeling software design diversity: A review, ACM Comput. Surv. 33(2), 177\u2013208 (2001)","journal-title":"ACM Comput. Surv."},{"key":"30_CR36","doi-asserted-by":"crossref","unstructured":"S. Blazy, Z. Dargaye, X. Leroy: Formal verification of a C compiler front-end, Proc. 14th Int. Symp. on Formal Methods (FM'06), Vol.4085 (2006) pp. 460\u2013475","DOI":"10.1007\/11813040_31"},{"key":"30_CR37","doi-asserted-by":"crossref","unstructured":"X. Leroy: Formal certification of a compiler backend, or: programming a compiler with a proof assistant, Proc. 33rd Symp. on Principles of Programming Languages (POPL'06) (2006) pp. 42\u201354","DOI":"10.1145\/1111037.1111042"},{"key":"30_CR38","unstructured":"R. Jones, P. Kelly: Backwards-compatible bounds checking for arrays and pointers in C programs, Proc. 3rd Int. Workshop on Automatic Debugging (1997) pp. 13\u201326"},{"key":"30_CR39","doi-asserted-by":"crossref","unstructured":"D. Dhurjati, V. Adve: Backwards-compatible array bounds checking for C with very low overhead, Proc. 28th Int. Conf. on Software Engineering (ICSE '06) (2006) pp. 162\u2013171","DOI":"10.1145\/1134285.1134309"},{"key":"30_CR40","doi-asserted-by":"crossref","unstructured":"P. Akritidis, C. Cadar, C. Raiciu, M. Costa, M. Castro: Preventing memory error exploits with WIT, Proc. 2008 IEEE Symp. on Security and Privacy (2008) pp. 263\u2013277","DOI":"10.1109\/SP.2008.30"},{"key":"30_CR41","unstructured":"T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, Y. Wang: Cyclone: a safe dialect of C, USENIX Annual Technical Conf. (2002) pp. 275\u2013288"},{"key":"30_CR42","doi-asserted-by":"crossref","unstructured":"G.C. Necula, S. McPeak, W. Weimer: CCured: Type-safe retrofitting of legacy code, Proc. 29th ACM Symp. on Principles of Programming Languages (POPL'02) (2002) pp. 128\u2013139","DOI":"10.1145\/503272.503286"},{"key":"30_CR43","unstructured":"F. Zhou, J. Condit, Z. Anderson, I. Bagrak, R. Ennals, M. Harren, G.C. Necula, E. Brewer: SafeDrive: Safe and recoverable extensions using languagebased techniques, Proc. 7th conference on USENIX Symp. on Operating Systems Design and Implementation (OSDI'06) (2006) pp. 45\u201360"}],"container-title":["Handbook of Information and Communication Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04117-4_30.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,18]],"date-time":"2025-02-18T18:58:18Z","timestamp":1739905098000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04117-4_30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642041167","9783642041174"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04117-4_30","relation":{},"subject":[],"published":{"date-parts":[[2010]]}}}