{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T15:11:07Z","timestamp":1773155467051,"version":"3.50.1"},"reference-count":30,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2014,3,1]],"date-time":"2014-03-01T00:00:00Z","timestamp":1393632000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Rel."],"published-print":{"date-parts":[[2014,3]]},"DOI":"10.1109\/tr.2014.2299198","type":"journal-article","created":{"date-parts":[[2014,1,31]],"date-time":"2014-01-31T17:44:00Z","timestamp":1391190240000},"page":"270-289","source":"Crossref","is-referenced-by-count":28,"title":["Software Crash Analysis for Automatic Exploit Generation on Binary Programs"],"prefix":"10.1109","volume":"63","author":[{"given":"Shih-Kun","family":"Huang","sequence":"first","affiliation":[]},{"given":"Min-Hsiang","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Po-Yen","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Han-Lin","family":"Lu","sequence":"additional","affiliation":[]},{"given":"Chung-Wei","family":"Lai","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/SERE.2013.26"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"ref11","author":"team","year":"2003","journal-title":"PaX address space layout randomization (ASLR)"},{"key":"ref12","first-page":"552","article-title":"The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)","author":"shacham","year":"2007","journal-title":"Proc 14th ACM Conf Comput Commun Security"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73368-3_52"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/BF01019459"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010000313106"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"ref18","first-page":"209","article-title":"KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs","author":"cadar","year":"2008","journal-title":"Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation (OSDI)"},{"key":"ref19","first-page":"41","article-title":"QEMU, a fast and portable dynamic translator","author":"bellard","year":"2005","journal-title":"Proc FREENIX Track 2005 USENIX Annu Technical Conf"},{"key":"ref4","article-title":" ${\\rm Q}$<\/tex><\/formula>: Exploit hardening made easy","author":"schwartz","year":"2011","journal-title":"Proc 20th USENIX Security Symp (USENIX'11)"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/358198.358210"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2010.5634434"},{"key":"ref3","author":"heelan","year":"2009","journal-title":"Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities"},{"key":"ref6","article-title":"Crash analysis using BitBlaze","author":"miller","year":"2010","journal-title":"Proceedings of Black Hat"},{"key":"ref5","first-page":"31","article-title":"Automatic generation of XSS and SQL injection attacks with goal-directed model checking","author":"martin","year":"2008","journal-title":"Proc 17th Conf Security Symp"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"ref8","year":"0","journal-title":"Exploitable Crash Analyzer ? MSEC Debugger Extensions"},{"key":"ref7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/978-3-540-89862-7_1","author":"song","year":"2008","journal-title":"Information Systems Security"},{"key":"ref2","first-page":"59","article-title":"AEG: Automatic exploit generation","author":"avgerinos","year":"2011","journal-title":"Proc Netw Distributed Syst Security Symp (NDSS'11)"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.20"},{"key":"ref1","author":"sutton","year":"2007","journal-title":"Fuzzing Brute Force Vulnerability Discovery"},{"key":"ref20","author":"molnar","year":"2007","journal-title":"Catchconv Symbolic Execution and Run-time the Type Inference for Integer Conversion Errors"},{"key":"ref22","author":"moore","year":"0","journal-title":"The Metasploit Project"},{"key":"ref21","author":"hocevar","year":"0","journal-title":"ZZUF ? Multi-Purpose Fuzzer"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"263","DOI":"10.1145\/1081706.1081750","article-title":"CUTE: A concolic unit testing engine for C","author":"sen","year":"2005","journal-title":"Proc 10th Eur Software Eng Conf Held Jointly 13th ACM SIGSOFT Int Symp Foundat Software Engin (ESEC\/SIGSOFT FSE'05)"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2008.69"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"}],"container-title":["IEEE Transactions on Reliability"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/24\/6750070\/06717039.pdf?arnumber=6717039","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:29:25Z","timestamp":1642004965000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6717039\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,3]]},"references-count":30,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tr.2014.2299198","relation":{},"ISSN":["0018-9529","1558-1721"],"issn-type":[{"value":"0018-9529","type":"print"},{"value":"1558-1721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,3]]}}}