{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:51:42Z","timestamp":1756385502183,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2005,11,7]],"date-time":"2005-11-07T00:00:00Z","timestamp":1131321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2005,11,7]]},"DOI":"10.1145\/1102120.1102166","type":"proceedings-article","created":{"date-parts":[[2006,2,6]],"date-time":"2006-02-06T15:52:40Z","timestamp":1139241160000},"page":"354-363","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["Preventing format-string attacks via automatic and efficient dynamic checking"],"prefix":"10.1145","author":[{"given":"Michael F.","family":"Ringenburg","sequence":"first","affiliation":[{"name":"University of Washington, Seattle, WA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Grossman","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2005,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/178243.178446"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1002\/(SICI)1097-024X(200006)30:7%3C775::AID-SPE309%3E3.0.CO;2-H"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium","author":"Chen Hao","year":"2004","unstructured":"Hao Chen , Drew Dean , and David Wagner . Model checking one million lines of C code . In Proceedings of the Network and Distributed System Security Symposium , San Diego, CA , 2004 . Hao Chen, Drew Dean, and David Wagner. Model checking one million lines of C code. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, 2004."},{"key":"e_1_3_2_1_4_1","unstructured":"CIL - Infrastructure for C Program Analysis and Transformation version 1.3.2. Available at http:\/\/manju.cs.berkeley.edu\/cil\/.  CIL - Infrastructure for C Program Analysis and Transformation version 1.3.2. Available at http:\/\/manju.cs.berkeley.edu\/cil\/."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/781131.781157"},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the 10th USENIX Security Symposium, Washington, D.C.","author":"Cowan C.","year":"2001","unstructured":"C. Cowan , M. Barringer , S. Beattie , and G. Kroah-Hartman . FormatGuard: Automatic protection from printf format string vulnerabilities . In Proceedings of the 10th USENIX Security Symposium, Washington, D.C. , Aug. 2001 . C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic protection from printf format string vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Washington, D.C., Aug. 2001."},{"key":"e_1_3_2_1_7_1","first-page":"63","volume-title":"7th USENIX Security Symposium","author":"Cowan Crispin","year":"1998","unstructured":"Crispin Cowan , Calton Pu , Dave Maier , Heather Hinton , Jonathan Walpole , Peat Bakke , Steve Beattie , Aaron Grier , Perry Wagle , and Qian Zhang . StackGuard : Automatic adaptive detection and prevention of buffer-overflow attacks . In 7th USENIX Security Symposium , pages 63 -- 78 , San Antonio, TX , January 1998 . Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In 7th USENIX Security Symposium, pages 63--78, San Antonio, TX, January 1998."},{"key":"e_1_3_2_1_8_1","unstructured":"Cyclone version 0.8. Available at http:\/\/www.research.att.com\/projects\/cyclone.  Cyclone version 0.8. Available at http:\/\/www.research.att.com\/projects\/cyclone."},{"key":"e_1_3_2_1_9_1","volume-title":"July","author":"DeKok Alan","year":"2000","unstructured":"Alan DeKok . Pscan: A limited problem scanner for C source files , July 2000 . Available at www.striker.ottawa.on.ca\/~aland\/pscan\/. Alan DeKok. Pscan: A limited problem scanner for C source files, July 2000. Available at www.striker.ottawa.on.ca\/~aland\/pscan\/."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251229.1251230"},{"key":"e_1_3_2_1_11_1","unstructured":"Free Software Foundation. The GNU compiler collection. Available at http:\/\/gnu.gcc.org\/.  Free Software Foundation. The GNU compiler collection. Available at http:\/\/gnu.gcc.org\/."},{"key":"e_1_3_2_1_13_1","first-page":"125","volume-title":"Winter USENIX Conference","author":"Hastings Reed","year":"1992","unstructured":"Reed Hastings and Bob Joyce . Purify : Fast detection of memory leaks and access errors . In Winter USENIX Conference , pages 125 -- 138 , San Francisco, CA , January 1992 . Reed Hastings and Bob Joyce. Purify: Fast detection of memory leaks and access errors. In Winter USENIX Conference, pages 125--138, San Francisco, CA, January 1992."},{"key":"e_1_3_2_1_14_1","first-page":"275","volume-title":"USENIX Annual Technical Conference","author":"Jim T.","year":"2002","unstructured":"T. Jim , G. Morrisett , D. Grossman , M. Hicks , J. Cheney , and Y. Wang . Cyclone: A safe dialect of C . In USENIX Annual Technical Conference , pages 275 -- 288 , Monterey, CA , June 2002 . T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, pages 275--288, Monterey, CA, June 2002."},{"key":"e_1_3_2_1_16_1","volume-title":"AADEBUG'97","volume":"1997","author":"Jones Richard","unstructured":"Richard Jones and Paul Kelly . Backwards-compatible bounds checking for arrays and pointers in C programs . In AADEBUG'97 . Third International Workshop on Automatic Debugging , volume 2(9) of Link\u00f6ping Electronic Articles in Computer and Information Science, 1997 . Richard Jones and Paul Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In AADEBUG'97. Third International Workshop on Automatic Debugging, volume 2(9) of Link\u00f6ping Electronic Articles in Computer and Information Science, 1997."},{"key":"e_1_3_2_1_17_1","volume-title":"January","author":"Kaempf Michel","year":"2001","unstructured":"Michel Kaempf . Multiple vulnerabilities in splitvt , January 2001 . At www.securityfocus.com\/ archive\/1\/156251. Michel Kaempf. Multiple vulnerabilities in splitvt, January 2001. At www.securityfocus.com\/ archive\/1\/156251."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720293"},{"key":"e_1_3_2_1_19_1","volume-title":"February","author":"Maggiotti Gabriel A.","year":"2002","unstructured":"Gabriel A. Maggiotti . Unreal ircd format string vuln , February 2002 . At www.securityfocus.com\/ archive\/82\/258190. Gabriel A. Maggiotti. Unreal ircd format string vuln, February 2002. At www.securityfocus.com\/ archive\/82\/258190."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/647478.727796"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503286"},{"key":"e_1_3_2_1_22_1","volume-title":"White Paper","author":"Newsham T.","year":"2000","unstructured":"T. Newsham . Format string attacks . White Paper , Sept. 2000 . At www.securityfocus.com\/guest\/ 3342. T. Newsham. Format string attacks. White Paper, Sept. 2000. At www.securityfocus.com\/guest\/ 3342."},{"key":"e_1_3_2_1_23_1","unstructured":"Bruce Perens. Electric fence. At www.gnu.org\/directory\/All_Packages_in_Directory\/Electric-Fence.html.  Bruce Perens. Electric fence. At www.gnu.org\/directory\/All_Packages_in_Directory\/Electric-Fence.html."},{"key":"e_1_3_2_1_24_1","unstructured":"NGSSoftware Insight Security Research. Pfinger 0.7.8 format string vulnerability December 2002. http:\/\/www.securityfocus.com\/archive\/1\/303555.  NGSSoftware Insight Security Research. Pfinger 0.7.8 format string vulnerability December 2002. http:\/\/www.securityfocus.com\/archive\/1\/303555."},{"key":"e_1_3_2_1_25_1","volume-title":"December","author":"Security Research Software Insight","year":"2002","unstructured":"NGS Software Insight Security Research . zkfingerd 0.9.1 format string vulnerability , December 2002 . http:\/\/www.securityfocus.com\/archive\/1\/303557. NGSSoftware Insight Security Research. zkfingerd 0.9.1 format string vulnerability, December 2002. http:\/\/www.securityfocus.com\/archive\/1\/303557."},{"key":"e_1_3_2_1_26_1","unstructured":"Michael F. Ringenburg and Dan Grossman. www.cs.washington.edu\/homes\/miker\/formatstring\/.  Michael F. Ringenburg and Dan Grossman. www.cs.washington.edu\/homes\/miker\/formatstring\/."},{"key":"e_1_3_2_1_27_1","volume-title":"November","author":"Robbins Tim","year":"2001","unstructured":"Tim Robbins . libformat , November 2001 . At www.wiretapped.net\/~fyre\/software\/libformat.html. Tim Robbins. libformat, November 2001. At www.wiretapped.net\/~fyre\/software\/libformat.html."},{"key":"e_1_3_2_1_28_1","unstructured":"Rwhoisd remote format string vulnerability October 2001. At www.securityfocus.com\/archive\/1\/ 222756.  Rwhoisd remote format string vulnerability October 2001. At www.securityfocus.com\/archive\/1\/ 222756."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_30_1","volume-title":"January","author":"Security VOID.AT","year":"2003","unstructured":"VOID.AT Security . isc dhcpd 3.0 format string exploit , January 2003 . At www.securityfocus.com\/ archive\/1\/306327. VOID.AT Security. isc dhcpd 3.0 format string exploit, January 2003. At www.securityfocus.com\/ archive\/1\/306327."},{"key":"e_1_3_2_1_31_1","first-page":"201","volume-title":"10th USENIX Security Symposium","author":"Shankar U.","year":"2001","unstructured":"U. Shankar , K. Talwar , J. S. Foster , and D. Wagner . Detecting format string vulnerabilities with type qualifiers . In 10th USENIX Security Symposium , pages 201 -- 220 , 2001 . U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In 10th USENIX Security Symposium, pages 201--220, 2001."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/4434.708254"},{"key":"e_1_3_2_1_33_1","volume-title":"version 3.0.6","author":"Splint","year":"2002","unstructured":"Splint manual , version 3.0.6 , 2002 . http:\/\/www.splint.org\/manual\/. Splint manual, version 3.0.6, 2002. http:\/\/www.splint.org\/manual\/."},{"key":"e_1_3_2_1_34_1","unstructured":"@stake Inc. tcpflow 0.2.0 format string vulnerability August 2003. At www.securityfocus.com\/advi-sories\/5686.  @stake Inc. tcpflow 0.2.0 format string vulnerability August 2003. At www.securityfocus.com\/advi-sories\/5686."},{"volume-title":"June","year":"2000","key":"e_1_3_2_1_35_1","unstructured":"tf8@zolo.freelsd.net. Wu-ftpd remote format string stack overwrite vulnerability , June 2000 . At www.securityfocus.com\/bid\/1387. tf8@zolo.freelsd.net. Wu-ftpd remote format string stack overwrite vulnerability, June 2000. At www.securityfocus.com\/bid\/1387."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/173668.168635"},{"key":"e_1_3_2_1_38_1","first-page":"68","volume-title":"Proceedings of the 7th Nordic Workshop on Secure IT Systems","author":"Wilander J.","year":"2002","unstructured":"J. Wilander and M. Kamkar . A comparison of publicly available tools for static intrusion prevention . In Proceedings of the 7th Nordic Workshop on Secure IT Systems , pages 68 -- 84 , Nov. 2002 . J. Wilander and M. Kamkar. A comparison of publicly available tools for static intrusion prevention. In Proceedings of the 7th Nordic Workshop on Secure IT Systems, pages 68--84, Nov. 2002."},{"volume-title":"July","year":"2002","key":"e_1_3_2_1_39_1","unstructured":"zillion. nn format string exploit , July 2002 . http:\/\/www.securityfocus.com\/archive\/82\/280687. zillion. nn format string exploit, July 2002. http:\/\/www.securityfocus.com\/archive\/82\/280687."}],"event":{"name":"CCS05: 12th ACM Conference on Computer and Communications Security 2005","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"],"location":"Alexandria VA USA","acronym":"CCS05"},"container-title":["Proceedings of the 12th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1102120.1102166","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1102120.1102166","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:08:07Z","timestamp":1750262887000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1102120.1102166"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,11,7]]},"references-count":36,"alternative-id":["10.1145\/1102120.1102166","10.1145\/1102120"],"URL":"https:\/\/doi.org\/10.1145\/1102120.1102166","relation":{},"subject":[],"published":{"date-parts":[[2005,11,7]]},"assertion":[{"value":"2005-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}