{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:25:56Z","timestamp":1750307156168,"version":"3.41.0"},"reference-count":20,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2011,9,30]],"date-time":"2011-09-30T00:00:00Z","timestamp":1317340800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGSOFT Softw. Eng. Notes"],"published-print":{"date-parts":[[2011,9,30]]},"abstract":"<jats:p>In the computer field there are many types of input validation attacks that occur, in which \"Format String Overflow Attacks\" is one of the most important. Format String Overflow Attacks remain the leading reason of software vulnerability or exploits. Format string bugs result in error such as wrong result type, memory access error and crash and security breach. In this paper , we proposed a Finite state machine which prevents Format String Overflow Attacks in a secure way with the help of several states of FSM. Proper checking against format string overflow bugs can avoid consequences due to exploits of format string overflow bugs. The result of our proposed finite state machine is improving the security problem and provides protection to memory access from any unauthorized user.<\/jats:p>","DOI":"10.1145\/2020976.2020997","type":"journal-article","created":{"date-parts":[[2011,10,11]],"date-time":"2011-10-11T14:29:02Z","timestamp":1318343342000},"page":"1-7","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Finite state machine based approach to prevent format string attacks"],"prefix":"10.1145","volume":"36","author":[{"given":"Seema","family":"Yadav","sequence":"first","affiliation":[{"name":"SITE, SVSU, Meerut, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Khaleel","family":"Ahamd","sequence":"additional","affiliation":[{"name":"SITE, SVSU, Meerut, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jayant","family":"Shekhar","sequence":"additional","affiliation":[{"name":"SITE, SVSU, Meerut, India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2011,9,30]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102166"},{"volume-title":"Avaya Labs","year":"2001","author":"Tsai T.","key":"e_1_2_1_2_1"},{"volume-title":"Ravishankar and K. Iyer: A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities","author":"Shuo Chen","key":"e_1_2_1_3_1"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2008.8"},{"volume-title":"FormatGuard: Automatic Protection From printf Format String Vulnerabilities. WireX Communications","year":"2001","author":"Crispin Cowan","key":"e_1_2_1_5_1"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70500-0_28"},{"volume-title":"Format String Attacks.Digital Infrastructure","year":"2000","author":"Tim Newsham","key":"e_1_2_1_7_1"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.23"},{"volume-title":"Exploiting Format String Vulnerabilities","year":"2001","author":"Scut","key":"e_1_2_1_9_1"},{"volume-title":"Pscan (1.2-8) Format string security checker for C files","year":"2008","author":"DeKok A.","key":"e_1_2_1_11_1"},{"key":"e_1_2_1_12_1","unstructured":"ITS4: Software Security Tool Accessed from http:\/\/www.cigital.com\/its4.  ITS4: Software Security Tool Accessed from http:\/\/www.cigital.com\/its4."},{"key":"e_1_2_1_13_1","unstructured":"Robbins T.(2008): Libformat. http:\/\/archives.neohapsis.com\/archives\/linux\/lsap\/2000-q3\/0444.html (Acce-ssed January 2008).  Robbins T.(2008): Libformat. http:\/\/archives.neohapsis.com\/archives\/linux\/lsap\/2000-q3\/0444.html (Acce-ssed January 2008)."},{"volume-title":"The Shellcoder handbook","edition":"2","key":"e_1_2_1_14_1"},{"volume-title":"Version 2.5","year":"2005","author":"Silva A.","key":"e_1_2_1_15_1"},{"key":"e_1_2_1_17_1","first-page":"185","volume-title":"Initial Results. In Proceedings of 3rd Workshop on Mutation Analysis (Mutation 2007","author":"Ellims M.","year":"2007"},{"key":"e_1_2_1_18_1","unstructured":"FlawFinder Accessed from http:\/\/www.dwheeler.com\/flawfinder.  FlawFinder Accessed from http:\/\/www.dwheeler.com\/flawfinder."},{"key":"e_1_2_1_19_1","first-page":"201","volume-title":"Proceedings of 10th USENIX Security Symposium","author":"Shankar U.","year":"2001"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1255329.1255344"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2006.94"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/161468.161471"}],"container-title":["ACM SIGSOFT Software Engineering Notes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2020976.2020997","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2020976.2020997","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:22Z","timestamp":1750240462000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2020976.2020997"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,9,30]]},"references-count":20,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2011,9,30]]}},"alternative-id":["10.1145\/2020976.2020997"],"URL":"https:\/\/doi.org\/10.1145\/2020976.2020997","relation":{},"ISSN":["0163-5948"],"issn-type":[{"type":"print","value":"0163-5948"}],"subject":[],"published":{"date-parts":[[2011,9,30]]},"assertion":[{"value":"2011-09-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}