{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,3,30]],"date-time":"2022-03-30T17:59:27Z","timestamp":1648663167746},"reference-count":39,"publisher":"Oxford University Press (OUP)","issue":"6","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Logic Jnl IGPL"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1093\/jigpal\/jzw049","type":"journal-article","created":{"date-parts":[[2016,8,3]],"date-time":"2016-08-03T01:13:30Z","timestamp":1470186810000},"page":"899-915","source":"Crossref","is-referenced-by-count":0,"title":["An analysis on the impact and detection of kernel stack infoleaks"],"prefix":"10.1093","volume":"24","author":[{"given":"S.","family":"Peir\u00f3","sequence":"first","affiliation":[]},{"given":"M.","family":"Munoz","sequence":"additional","affiliation":[]},{"given":"A.","family":"Crespo","sequence":"additional","affiliation":[]}],"member":"286","published-online":{"date-parts":[[2016,8,2]]},"reference":[{"key":"2016120907301100000_24.6.899.1","unstructured":"Bypassing PaX ASLR protection. Tyler Durden, 2009. http:\/\/www.phrack.com\/issues.html?issue=5&id=9."},{"key":"2016120907301100000_24.6.899.2","doi-asserted-by":"crossref","unstructured":"Chen H , Mao Y. , Wang X. , Zhou D. , Zeldovich N. and Kaashoek M. F. Linux kernel vulnerabilities: State-of-the-art defenses and open problems. In Proceedings of the Second Asia-Pacific Workshop on Systems, p. 5. ACM, 2011.","DOI":"10.1145\/2103799.2103805"},{"key":"2016120907301100000_24.6.899.3","unstructured":"Cook K. Linux Kernel ASLR (KASLR). In Linux Security Summit, October 2013."},{"key":"2016120907301100000_24.6.899.4","unstructured":"Intel Corp. IA-32 Architecture Software Developer\u2019s Manual - Volume 3A, 2007."},{"key":"2016120907301100000_24.6.899.5","first-page":"63","article-title":"Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks.","volume":"98","author":"Cowan","year":"1998","journal-title":"Usenix Security"},{"key":"2016120907301100000_24.6.899.6","unstructured":"MITRE. Common Weakness Enumeration. CWE-121: Stack-based Buffer Overflow., 2008. http:\/\/cwe.mitre.org\/data\/definitions\/121.html."},{"key":"2016120907301100000_24.6.899.7","unstructured":"MITRE. Common Weakness Enumeration. CWE-200: Information Exposure., 2008. http:\/\/cwe.mitre.org\/data\/definitions\/200.html."},{"key":"2016120907301100000_24.6.899.8","unstructured":"Carpenter D. Smatch, Static analysis for C, 2013. http:\/\/repo.or.cz\/w\/smatch.git."},{"key":"2016120907301100000_24.6.899.9","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"2016120907301100000_24.6.899.10","doi-asserted-by":"crossref","unstructured":"Strackx R. Breaking the memory secrecy assumption. In Proceedings of the Second European Workshop on System Security, EUROSEC \u201909, pp. 1\u20138, New York, NY, USA. ACM, 2009.","DOI":"10.1145\/1519144.1519145"},{"key":"2016120907301100000_24.6.899.11","doi-asserted-by":"crossref","unstructured":"Hund R. . Practical timing side channel attacks against kernel space ASLR. In IEEE SSP, 2013.","DOI":"10.1109\/SP.2013.23"},{"key":"2016120907301100000_24.6.899.12","unstructured":"Gorman M. Understanding the Linux Virtual Memory Manager. Prentice Hall Upper Saddle River, 2004."},{"key":"2016120907301100000_24.6.899.13","unstructured":"Hopcroft J. E. . Introduction to Automata Theory, Languages, and Computation. Pearson Education, 2008."},{"key":"2016120907301100000_24.6.899.14","unstructured":"ISO. The ANSI C standard (C99). Technical Report WG14 N1124, ISO\/IEC, 1999."},{"key":"2016120907301100000_24.6.899.15","unstructured":"Jones D. The Trinity System Call Fuzzer, Linux Kernel, 2013."},{"key":"2016120907301100000_24.6.899.16","doi-asserted-by":"crossref","unstructured":"Johnson R. and Wagner D. Finding user\/kernel pointer bugs with type inference. In USENIX Security Symposium, Vol. 2, 2004.","DOI":"10.1109\/MSP.2004.9"},{"key":"2016120907301100000_24.6.899.17","unstructured":"Kohavi R. and Provost F. Special Issue on Applications of Machine Learning and the Knowledge Discovery Process. 1998. http:\/\/robotics.stanford.edu\/ronnyk\/glossary.pdf."},{"key":"2016120907301100000_24.6.899.18","doi-asserted-by":"crossref","unstructured":"Lawall J. L. , Brunel J. , Palix N. , Hansen R. R. , Stuart H. and Muller G. WYSIWIB: a declarative approach to finding API protocols and bugs in Linux code. In Dependable Systems & Networks, 2009 (DSN\u201909), International Conference on IEEE\/IFIP, pp.43\u201352. DSN\u201909, IEEE, 2009.","DOI":"10.1109\/DSN.2009.5270354"},{"key":"2016120907301100000_24.6.899.19","unstructured":"MISRA. MISRA C:2012. Guidelines for the use of the C language in critical systems, March 2013."},{"key":"2016120907301100000_24.6.899.20","unstructured":"MITRE. CVE-2010-4525. kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak, 2010. CVE-2010-4525."},{"key":"2016120907301100000_24.6.899.21","unstructured":"MITRE. CVE-2012-0053: Apache information disclosure on response to Bad HTTP Request, 2012. CVE-2012-0053."},{"key":"2016120907301100000_24.6.899.22","unstructured":"MITRE. CVE-2013-2147. fix info leak in cciss_ioctl32_passthru()., 2013. https:\/\/git.kernel.org."},{"key":"2016120907301100000_24.6.899.23","unstructured":"Peir S. CVE request: Assorted Kernel infoleak security fixes, 2014. CVE-2014-1444."},{"key":"2016120907301100000_24.6.899.24","unstructured":"Peir S. CVE Request: Linux Kernel ioctl infoleaks fixes, 2015. CVE-2014-1739 and CVE-2015-7884."},{"key":"2016120907301100000_24.6.899.25","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361073"},{"key":"2016120907301100000_24.6.899.26","unstructured":"Palix N. , Lawall J. and Muller G. Using Coccinelle on the Linux kernel. 2010. http:\/\/www.kernel.org\/doc\/Documentation\/coccinelle.txt."},{"key":"2016120907301100000_24.6.899.27","unstructured":"The GNU Project. The GNU C Compiler Collection (GCC) gcc-4.7, 2014. http:\/\/gcc.gnu.org\/gcc-4.7\/."},{"key":"2016120907301100000_24.6.899.28","doi-asserted-by":"crossref","unstructured":"Robin J. S. and Irvine C. E. Analysis of the Intel Pentium\u2019s Ability to Support a Secure Virtual Machine Monitor. In Proceedings of the 9th USENIX Security Symposium, pp.3\u20134, 2000.","DOI":"10.21236\/ADA423654"},{"key":"2016120907301100000_24.6.899.29","unstructured":"Rosenberg D. and Oberheide J. Stackjacking: A PaX exploit framework, 2011. https:\/\/github.com\/jonoberheide\/stackjacking\/."},{"key":"2016120907301100000_24.6.899.30","unstructured":"Rosenberg D. kptr_restrict for hiding kernel pointers, 2010. http:\/\/lwn.net\/Articles\/420403\/."},{"key":"2016120907301100000_24.6.899.31","unstructured":"Serna F. J. The info leak era on software exploitation. Black Hat USA, 2012."},{"key":"2016120907301100000_24.6.899.32","doi-asserted-by":"crossref","unstructured":"Sheskin D. J. Handbook of Parametric and Nonparametric Statistical Procedures, 4th edn. CRC Press, 2004.","DOI":"10.4324\/9780203489536"},{"key":"2016120907301100000_24.6.899.33","unstructured":"Snchez J. , Peir S. , Masmano M. , Sim J. and Balbastre P. Linux porting to the XtratuM Hypervisor for x86 processors. In 14th Real Time Linux Workshop, 2012."},{"key":"2016120907301100000_24.6.899.34","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"2016120907301100000_24.6.899.35","unstructured":"Stuart H. Hunting Bugs with Coccinelle. PhD Thesis, Diku, 2008."},{"key":"2016120907301100000_24.6.899.36","unstructured":"Tanenbaum A. S. Modern Operating Systems, 3rd edn. Prentice Hall, 2007."},{"key":"2016120907301100000_24.6.899.37","unstructured":"PAX Team. PaX address space layout randomization (ASLR), 2001. http:\/\/pax.grsecurity.net\/docs\/aslr.txt."},{"key":"2016120907301100000_24.6.899.38","unstructured":"Tool Interface Standards Committee. Executable and Linkable Format (ELF). Specification, Unix System Laboratories, 2001. version 1.2."},{"key":"2016120907301100000_24.6.899.39","unstructured":"Linus Torvalds. Sparse: A semantic parser for C, 2006. http:\/\/sparse.wiki.kernel.org."}],"container-title":["Logic Journal of IGPL"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/jigpal\/article-pdf\/24\/6\/899\/8357691\/jzw049.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,12]],"date-time":"2019-09-12T02:55:14Z","timestamp":1568256914000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article-lookup\/doi\/10.1093\/jigpal\/jzw049"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,8,2]]},"references-count":39,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2016,12,9]]},"published-print":{"date-parts":[[2016,12]]}},"alternative-id":["10.1093\/jigpal\/jzw049"],"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzw049","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"value":"1367-0751","type":"print"},{"value":"1368-9894","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,8,2]]}}}