{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T00:39:01Z","timestamp":1725755941912},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642413827"},{"type":"electronic","value":"9783642413834"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41383-4_2","type":"book-chapter","created":{"date-parts":[[2013,11,11]],"date-time":"2013-11-11T04:37:33Z","timestamp":1384144653000},"page":"19-35","source":"Crossref","is-referenced-by-count":1,"title":["Static Integer Overflow Vulnerability Detection in Windows Binary"],"prefix":"10.1007","author":[{"given":"Yi","family":"Deng","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yang","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liang","family":"Cheng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaoshan","family":"Sun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"Vulnerability type distributions in cev. CVE (2007), \n                    \n                      http:\/\/cve.mitre.org\/docs\/vuln-trends\/vuln-trends.pdf"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Necula, G.C., McPeak, S., Weimer, W.: Ccured: Type-safe retrofitting of legacy code. In: Proceedings of the Principles of Programming Languages, pp. 128\u2013139 (2002)","DOI":"10.1145\/565816.503286"},{"key":"2_CR3","unstructured":"Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of c. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference (2002)"},{"key":"2_CR4","unstructured":"Horovitz, O.: Big loop integer protection. Phrack Inc. (2002), \n                    \n                      http:\/\/www.phrack.org\/issues.html?issue=60&id=9#article"},{"key":"2_CR5","unstructured":"Brumley, D., Chiueh, T., Johnson, R., Lin, H., Song, D.: Rich: Automatically protecting against integer-based vulnerabilities. In: Proceedings of the 14th Annual Network and Distributed System Security, NDSS (2007)"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Evans, D., Guttag, J., Horning, J., Tan, Y.M.: Lclint:a tool for using specification to check code. In: Proceedings of the ACM SIGSOFT 1994 Symposium on the Foundations of Software Engineering, pp. 87\u201396 (1994)","DOI":"10.1145\/195274.195297"},{"key":"2_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-642-15497-3_5","volume-title":"Computer Security \u2013 ESORICS 2010","author":"C. Zhang","year":"2010","unstructured":"Zhang, C., Wang, T., Wei, T., Chen, Y., Zou, W.: IntPatch: Automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol.\u00a06345, pp. 71\u201386. Springer, Heidelberg (2010)"},{"key":"2_CR8","unstructured":"Wang, T., Wei, T., Lin, Z., Zou, W.: Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, NDSS 2009 (2009)"},{"key":"2_CR9","unstructured":"Lin, Z., Zhang, X., Xu, D.: Convicting exploitable software vulnerabilities: An efficient input provenance based approach. In: Proceedings of the 38th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN 2008), Anchorage, Alaska, USA (June 2008)"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Chen, P., Han, H., Wang, Y., Shen, S., Yin, X., Mao, B., Xie, L.: INTFINDER: automatically detecting integer bugs in x86 binary program. In: Proceedings of the International Conference on Information and Communications Security, Beijing, China, pp. 336\u2013345 (December 2009)","DOI":"10.1007\/978-3-642-11145-7_26"},{"key":"2_CR11","unstructured":"Ida pro, \n                    \n                      http:\/\/www.hex-rays.com\/idapro\/"},{"key":"2_CR12","unstructured":"Nethercote, N., Seward, J.: Valgrind: A Program Supervision Framework. In: Third Workshop on Runtime Verification, RV 2003 (2003)"},{"key":"2_CR13","unstructured":"Vine: BitBlaze Static Analysis Component, \n                    \n                      http:\/\/bitblaze.cs.berkeley.edu\/vine.html"},{"key":"2_CR14","unstructured":"BAP: The Next-Generation Binary Analysis Platform, \n                    \n                      http:\/\/bap.ece.cmu.edu\/"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: Techniques and implications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (May 2008)","DOI":"10.1109\/SP.2008.17"},{"key":"2_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1007\/978-3-540-73368-3_52","volume-title":"Computer Aided Verification","author":"V. Ganesh","year":"2007","unstructured":"Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol.\u00a04590, pp. 519\u2013531. Springer, Heidelberg (2007)"},{"key":"2_CR17","unstructured":"Wojtczuk, R.: Uqbtng: a tool capable of automatically finding integer overflows in win32 binaries. In: 22nd Chaos Communication Congress (2005)"},{"key":"2_CR18","unstructured":"UQBT: A Resourceable and Retargetable Binary Translator, \n                    \n                      http:\/\/www.itee.uq.edu.au\/cristina\/uqbt.html"},{"key":"2_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1007\/978-3-540-24730-2_15","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"E. Clarke","year":"2004","unstructured":"Clarke, E., Kroning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol.\u00a02988, pp. 168\u2013176. Springer, Heidelberg (2004)"},{"key":"2_CR20","unstructured":"BitBlaze: The BitBlaze Binary Analysis Platform Project, \n                    \n                      http:\/\/bitblaze.cs.berkeley.edu\/index.html"},{"key":"2_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1007\/978-3-540-31985-6_19","volume-title":"Compiler Construction","author":"G. Balakrishnan","year":"2005","unstructured":"Balakrishnan, G., Gruian, R., Reps, T., Teitelbaum, T.: CodeSurfer\/x86\u2014A platform for analyzing x86 executables. In: Bodik, R. (ed.) CC 2005. LNCS, vol.\u00a03443, pp. 250\u2013254. Springer, Heidelberg (2005)"},{"key":"2_CR22","unstructured":"Microsoft. Phoenix framework, \n                    \n                      http:\/\/research.microsoft.com\/phoenix\/"},{"key":"2_CR23","unstructured":"Automated vulnerability auditing in machine code, \n                    \n                      http:\/\/www.phrack.com\/issues.html?issue=64id=8"},{"key":"2_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1007\/3-540-44898-5_16","volume-title":"Static Analysis","author":"T. Kremenek","year":"2003","unstructured":"Kremenek, T., Engler, D.R.: Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In: Cousot, R. (ed.) SAS 2003. LNCS, vol.\u00a02694, pp. 295\u2013315. Springer, Heidelberg (2003)"},{"key":"2_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"510","DOI":"10.1007\/978-3-642-22655-7_24","volume-title":"ECOOP 2011 \u2013 Object-Oriented Programming","author":"C. Zhang","year":"2011","unstructured":"Zhang, C., Xu, H., Zhang, S., Zhao, J., Chen, Y.: Frequency Estimation of Virtual Call Targets for Object-Oriented Programs. In: Mezini, M. (ed.) ECOOP 2011. LNCS, vol.\u00a06813, pp. 510\u2013532. Springer, Heidelberg (2011)"},{"key":"2_CR26","unstructured":"Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008), San Diego, CA (February 2008)"},{"key":"2_CR27","unstructured":"Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Princiles, Techniques, and Tools, 2nd edn. Addison- Wesley (2006)"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/978-3-540-24723-4_2","volume-title":"Compiler Construction","author":"G. Balakrishnan","year":"2004","unstructured":"Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol.\u00a02985, pp. 5\u201323. Springer, Heidelberg (2004)"},{"key":"2_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-69738-1_1","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"G. Balakrishnan","year":"2007","unstructured":"Balakrishnan, G., Reps, T.: DIVINE: DIscovering Variables IN Executables. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol.\u00a04349, pp. 1\u201328. Springer, Heidelberg (2007)"},{"key":"2_CR30","unstructured":"LeBlanc, D.: Integer handling with the c++ safeint class (2004), \n                    \n                      http:\/\/msdn.microsoft.com\/library\/default.asp?url=\/library\/en-us\/dncode\/html\/secure01142004.asp"},{"key":"2_CR31","unstructured":"Howard, M.: Safe integer arithmetic in c (2006), \n                    \n                      http:\/\/blogs.msdn.com\/michaelhoward\/archive\/2006\/02\/02\/523392.aspx"},{"key":"2_CR32","first-page":"334","volume-title":"Proc. SE","author":"S. Dipanwita","year":"2007","unstructured":"Dipanwita, S., Muthu, J., Jay, T., Ramanathan, V.: Flow-insensitive static analysis for detecting integer anomalies in programs. In: Proc. SE, pp. 334\u2013340. ACTA Press, Anaheim (2007)"}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41383-4_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,24]],"date-time":"2019-05-24T01:03:51Z","timestamp":1558659831000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41383-4_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642413827","9783642413834"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41383-4_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}