SCOPUS 정보 검색 플랫폼

Proceedings - International Conference on Software Engineering

Volumn 2005, Issue , 2005, Pages 312-321

Automatic discovery of API-level exploits

(5) Ganapathy, Vinod a Seshia, Sanjit A b Jha, Somesh a Reps, Thomas W a Bryant, Randal E b

a University of Wisconsin (United States)

b Carnegie Mellon University ^* (United States)

Author keywords

API level exploit; Bounded model checking

Indexed keywords

APPLICATION PROGRAMMING INTERFACE (API); BOUNDED MODEL CHECKING; IBM (CO); SOFTWARE COMPONENTS;

AUTOMATION; COMPUTER SOFTWARE; CRYPTOGRAPHY; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; MANAGEMENT INFORMATION SYSTEMS; SECURITY OF DATA;

INTERFACES (COMPUTER);

EID: 26944470937 PISSN: 02705257 EISSN: None Source Type: Conference Proceeding
DOI: 10.1109/ICSE.2005.1553574 Document Type: Conference Paper

Times cited : (18)

References (40)

1
- 26444455136
- Synthesis of interface specifications for Java classes
- ACM
- nd POPL. ACM, 2005.
- (2005) nd POPL
- Alur, R.¹ Cerny, P.² Madhusudan, P.³ Nam, W.⁴

2
- 0013132950
- Mining specifications
- ACM
- th POPL. ACM, 2002.
- (2002) th POPL
- Ammons, G.¹ Bodik, R.² Larus, J.³

3
- 0037842787
- The SLAM project: Debugging system software via static analysis
- ACM
- th POPL. ACM, 2002.
- (2002) th POPL
- Ball, T.¹ Rajamani, S.K.²

4
- 4544284873
- Generating tests from counterexamples
- IEEE
- th ICSE. IEEE, 2004.
- (2004) th ICSE
- Beyer, D.¹ Chipala, A.I.² Henzinger, T.A.³ Jhala, R.⁴ Majumdar, R.⁵

5
- 84944319371
- Symbolic model checking without BDDs
- LNCS 1579. Springer
- th TACAS, LNCS 1579. Springer, 1999.
- (1999) th TACAS
- Biere, A.¹ Cimatti, A.² Clarke, E.M.³ Zhu, Y.⁴

6
- 31344444786
- Manuscript, November
- M. Bond. A chosen key difference attack on control vectors. Manuscript, November 2000. http://www.cl.cam.ac.uk/~mkb23/research/CVDif.pdf.
- (2000) A Chosen Key Difference Attack on Control Vectors
- Bond, M.¹

7
- 0036980185
- Korat: Automated testing based on Java predicates
- ACM
- C. Boyapati, S. Khurshid, and D. Marinov. Korat: Automated testing based on Java predicates. In Proc. ISSTA. ACM, 2002.
- (2002) Proc. ISSTA
- Boyapati, C.¹ Khurshid, S.² Marinov, D.³

8
- 84937570704
- Modeling and verifying systems using a logic of counter arithmetic with lambda expressions and uninterpreted functions
- LNCS 2404. Springer
- th CAV, LNCS 2404. Springer, 2002.
- (2002) th CAV
- Bryant, R.E.¹ Lahiri, S.K.² Seshia, S.A.³

9
- 0012085727
- Model-checking concurrent systems with unbounded integer variables: Symbolic representations, approximations, and experimental results
- T. Bultan, R. Gerber, and W. Pugh. Model-checking concurrent systems with unbounded integer variables: Symbolic representations, approximations, and experimental results. ACM TOPLAS, 21(4):747-789, 1999.
- (1999) ACM TOPLAS , vol.21 , Issue.4 , pp. 747-789
- Bultan, T.¹ Gerber, R.² Pugh, W.³

10
- 0038349200
- MOPS: An infrastructure for examining security properties of software
- ACM
- th CCS. ACM, 2002.
- (2002) th CCS
- Chen, H.¹ Wagner, D.²

11
- 21144447871
- A tool for checking ANSI-C programs
- th TACAS, 2004.
- (2004) th TACAS
- Clarke, E.M.¹ Kroening, D.² Lerda, F.³

12
- 85084161775
- FormatGuard: Automatic protection from print f format-string vulnerabilities
- th Security Symp. USENIX, 2001.
- (2001) th Security Symp. USENIX
- Cowan, C.¹ Barringer, M.² Beattie, S.³ Kroah-Hartman, G.⁴ Frantzen, M.⁵ Lokier, J.⁶

13
- 0011905688
- Interface automata
- ACM
- th FSE. ACM, 2001.
- (2001) th FSE
- De Alfaro, L.¹ Henzinger, T.A.²

14
- 84948958346
- Lazy theorem proving for bounded model checking over infinite domains
- LNCS 2392. Springer
- L. de Moura, H. Rueß, and M. Sorea. Lazy theorem proving for bounded model checking over infinite domains. In Proc. CADE, LNCS 2392. Springer, 2002.
- (2002) Proc. CADE
- De Moura, L.¹ Rueß, H.² Sorea, M.³

15
- 0020720357
- On the security of public key protocols
- D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198-208, 1983.
- (1983) IEEE Transactions on Information Theory , vol.29 , Issue.2 , pp. 198-208
- Dolev, D.¹ Yao, A.²

16
- 84975277890
- Checking system rules using system-specific, programmer-written compiler extensions
- ACM/USENK
- th OSDI. ACM/USENK, 2000.
- (2000) th OSDI
- Engler, D.¹ Chelf, B.² Chou, A.³ Hallem, S.⁴

17
- 0002357382
- Role based access control
- October
- th National Computer Security Conference, October 1992.
- (1992) th National Computer Security Conference
- Ferraiolo, D.F.¹ Kuhn, D.R.²

18
- 0032690845
- A theory of type qualifiers
- ACM
- J. S. Foster, M. Fahndrich, and A. Aiken. A theory of type qualifiers. In Proc. PLDI. ACM, 1999.
- (1999) Proc. PLDI
- Foster, J.S.¹ Fahndrich, M.² Aiken, A.³

19
- 33744754602
- Technical Report 1512, CS Dept.
- V. Ganapathy, S. A. Seshia, S. Jha, T. W. Reps, and R. E. Bryant. Automatic discovery of API-level vulnerabilities. Technical Report 1512, CS Dept., Univ. of Wisconsin, 2004. http://www.cs.wisc.edu/wisa/papers/tr1512/ tr1512.pdf.
- (2004) Automatic Discovery of API-level Vulnerabilities
- Ganapathy, V.¹ Seshia, S.A.² Jha, S.³ Reps, T.W.⁴ Bryant, R.E.⁵

20
- 0016984825
- Protection in operating systems
- M. Harrison, W. Ruzzo, and J. Ullmann. Protection in operating systems. Comm. ACM, 19(8), 1976.
- (1976) Comm. ACM , vol.19 , Issue.8
- Harrison, M.¹ Ruzzo, W.² Ullmann, J.³

21
- 0038282299
- Lazy abstraction
- ACM
- th POPL. ACM, 2002.
- (2002) th POPL
- Henzinger, T.A.¹ Jhala, R.² Majumdar, R.³ Sutre, G.⁴

22
- 2342577744
- Addison Wesley, Boston, MA
- G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison Wesley, Boston, MA, 2004.
- (2004) Exploiting Software: How to Break Code
- Hoglund, G.¹ McGraw, G.²

23
- 33244457266
- Automating first-order relational logic
- ACM
- D. Jackson. Automating first-order relational logic. In Proc. FSE. ACM, 2000.
- (2000) Proc. FSE
- Jackson, D.¹

24
- 33244490325
- Common cryptographic architecture cryptographic application programming interface
- D. B. Johnson, G. M. Dolan, M. J. Kelly, A. V. Le, and S. M. Matyas. Common cryptographic architecture cryptographic application programming interface. IBM Systems Journal, 30(2):130-150, 1991.
- (1991) IBM Systems Journal , vol.30 , Issue.2 , pp. 130-150
- Johnson, D.B.¹ Dolan, G.M.² Kelly, M.J.³ Le, A.V.⁴ Matyas, S.M.⁵

25
- 0036038149
- Denali: A goal-directed superoptimizer
- ACM
- R. Joshi, G. Nelson, and K. Randall. Denali: A goal-directed superoptimizer. In Proc. PLDI. ACM, 2002.
- (2002) Proc. PLDI
- Joshi, R.¹ Nelson, G.² Randall, K.³

26
- 0023592629
- Superoptimizer - A look at the smallest program
- ACM
- nd ASPLOS. ACM, 1987.
- (1987) nd ASPLOS
- Massalin, H.¹

27
- 0002951877
- A key management scheme based on control vectors
- S. M. Matyas, A. V. Le, and D. G. Abraham. A key management scheme based on control vectors. IBM Systems Journal, 30(2):175-191, 1991.
- (1991) IBM Systems Journal , vol.30 , Issue.2 , pp. 175-191
- Matyas, S.M.¹ Le, A.V.² Abraham, D.G.³

28
- 0030084918
- The NRL protocol analyzer: An overview
- C. Meadows. The NRL Protocol Analyzer: An overview. Journal of Logic Programming, 26(2):113-131, 1996.
- (1996) Journal of Logic Programming , vol.26 , Issue.2 , pp. 113-131
- Meadows, C.¹

29
- 0034852165
- Chaff: Engineering an efficient SAT solver
- ACM
- th DAC. ACM, 2001.
- (2001) th DAC
- Moskewicz, M.¹ Madigan, C.² Zhao, Y.³ Zhang, L.⁴ Malik, S.⁵

30
- 12344288334
- T. Newsham. Format string attacks. www.securityfocus.com/guest/3342.
- Format String Attacks
- Newsham, T.¹

31
- 84860021749
- SecurityFocus. Qualcomm qpopper vulnerability. www.securityfocus.com/ advisories/2271.
- Qualcomm Qpopper Vulnerability

32
- 84944459228
- Deciding quantifier-free Presburger formulas using parameterized solution bounds
- IEEE
- th LICS. IEEE, 2004.
- (2004) th LICS
- Seshia, S.A.¹ Bryant, R.E.²

33
- 84860024687
- Automated detection of format-string vulnerabilities using type qualifiers
- th Security Symp. USENIX, 2001.
- (2001) th Security Symp. USENIX
- Shankar, U.¹ Talwar, K.² Foster, J.S.³ Wagner, D.⁴

34
- 2942671018
- Siege SAT solver, http://www.cs.sfu.ca/~loryan/personal.
- Siege SAT Solver

35
- 84937554711
- CVC: A cooperating validity checker
- LNCS 2404. Springer
- th CAV, LNCS 2404. Springer, 2002.
- (2002) th CAV
- Stump, A.¹ Barrett, C.W.² Dill, D.L.³

36
- 22944482001
- Software assurance by bounded exhaustive testing
- ACM
- K. Sullivan, J. Yang, D. Coppit, S. Khurshid, and D. Jackson. Software assurance by bounded exhaustive testing. In Proc. ISSTA. ACM, 2004.
- (2004) Proc. ISSTA
- Sullivan, K.¹ Yang, J.² Coppit, D.³ Khurshid, S.⁴ Jackson, D.⁵

37
- 33244497392
- Manuscript
- A. Thuemmel. Analysis of format string bugs. Manuscript, 2001. http://downloads.securityfocus.com/library/format-bug-analysis.pdf.
- (2001) Analysis of Format String Bugs
- Thuemmel, A.¹

38
- 0034836394
- Intrusion detection via static analysis
- IEEE
- D. Wagner, and D. Dean Intrusion Detection via Static Analysis. In Proc. Symp. on Security and Privacy. IEEE, 2001.
- (2001) Proc. Symp. on Security and Privacy
- Wagner, D.¹ Dean, D.²

39
- 85081874807
- A first step towards automated detection of buffer overrun vulnerabilities
- ISOC
- D. Wagner, J. S. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proc. NDSS. ISOC, 2000.
- (2000) Proc. NDSS
- Wagner, D.¹ Foster, J.S.² Brewer, E.³ Aiken, A.⁴

40
- 32344437737
- Scalable error detection using Boolean satisfiability
- ACM
- nd POPL. ACM, 2005.
- (2005) nd POPL
- Xie, Y.¹ Aiken, A.²

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.