SCOPUS 정보 검색 플랫폼

Computers and Mathematics with Applications

Volumn 63, Issue 2, 2012, Pages 469-480

Static program analysis assisted dynamic taint tracking for software vulnerability discovery

(4) Zhang, Ruoyu a Huang, Shiqiu a Qi, Zhengwei a Guan, Haibing a

a SHANGHAI JIAO TONG UNIVERSITY (China)

Author keywords

Code coverage; Data flow analysis; Software vulnerability; Taint analysis

Indexed keywords

CODE COVERAGE; DATA FLOW; MALICIOUS BEHAVIOR; RUNTIMES; SECURITY PROBLEMS; SOFTWARE VULNERABILITIES; SOFTWARE VULNERABILITY; STATIC PROGRAM ANALYSIS; TAINT ANALYSIS; TRACING TECHNIQUE;

CODES (SYMBOLS); DYNAMIC ANALYSIS; SOFTWARE TESTING; STATIC ANALYSIS;

DATA FLOW ANALYSIS;

EID: 84855442829 PISSN: 08981221 EISSN: None Source Type: Journal
DOI: 10.1016/j.camwa.2011.08.001 Document Type: Conference Paper

Times cited : (19)

References (23)

1
- 84855426722
- CWE
- CWE. http://cwe.mitre.org/.

2
- 77949898398
- Taint-based directed whitebox fuzzing
- ICSE
- V. Ganesh, T. Leek, M.C. Rinard, Taint-based directed whitebox fuzzing, in: International Conference on Software Engineering, ICSE, 2009.
- (2009) International Conference on Software Engineering
- Ganesh, V.¹ Leek, T.² Rinard, M.C.³

3
- 77953045723
- Bayesian statistical model checking with application to simulink/stateflow verification
- HSCC
- P. Zuliani, A. Platzer, E.M. Clarke, Bayesian statistical model checking with application to simulink/stateflow verification, in: International Conference on Hybrid Systems: Computation and Control, HSCC, 2010.
- (2010) International Conference on Hybrid Systems: Computation and Control
- Zuliani, P.¹ Platzer, A.² Clarke, E.M.³

4
- 85128730845
- Automated whitebox fuzz testing
- NDSS
- P. Godefroid, M.Y. Levin, D.A. Molnar, Automated whitebox fuzz testing, in: Network and Distributed System Security Symposium, NDSS, 2008.
- (2008) Network and Distributed System Security Symposium
- Godefroid, P.¹ Levin, M.Y.² Molnar, D.A.³

5
- 34548212308
- Dytan: A generic dynamic taint analysis framework
- J.A. Clause, W. Li, A. Orso, Dytan: a generic dynamic taint analysis framework, in: Proceedings of the 2007 International Symposium on Software Testing and Analysis, 2007.
- (2007) Proceedings of the 2007 International Symposium on Software Testing and Analysis
- Clause, J.A.¹ Li, W.² Orso, A.³

6
- 70450242742
- Taj: Effective taint analysis of web applications
- O. Tripp, M. Pistoia, S.J. Fink, M. Sridharan, and O. Weisman Taj: effective taint analysis of web applications Programming Language Design and Implementation 2009
- (2009) Programming Language Design and Implementation
- Tripp, O.¹ Pistoia, M.² Fink, S.J.³ Sridharan, M.⁴ Weisman, O.⁵

7
- 77950788046
- Panorama: Capturing system-wide information flow for malware detection and analysis
- CCS
- H. Yin, D.X. Song, M. Egele, C. Kruegel, E. Kirda, Panorama: capturing system-wide information flow for malware detection and analysis, in: ACM Conference on Computer and Communications Security, CCS, 2007.
- (2007) ACM Conference on Computer and Communications Security
- Yin, H.¹ Song, D.X.² Egele, M.³ Kruegel, C.⁴ Kirda, E.⁵

8
- 84943422723
- An infrastructure for adaptive dynamic optimization
- CGO
- D. Bruening, T. Garnett, S. Amarasinghe, An infrastructure for adaptive dynamic optimization, in: International Symposium on Code Generation and Optimization, CGO, 2003.
- (2003) International Symposium on Code Generation and Optimization
- Bruening, D.¹ Garnett, T.² Amarasinghe, S.³

9
- 31944440969
- Pin: Building customized program analysis tools with dynamic instrumentation
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V.J. Reddi, K. Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation, in: PLDI, 2005.
- (2005) PLDI
- Luk, C.-K.¹ Cohn, R.² Muth, R.³ Patil, H.⁴ Klauser, A.⁵ Lowney, G.⁶ Wallace, S.⁷ Reddi, V.J.⁸ Hazelwood, K.⁹

10
- 35448955692
- Valgrind: A framework for heavyweight dynamic binary instrumentation
- PLDI
- N. Nethercote, J. Seward, Valgrind: a framework for heavyweight dynamic binary instrumentation, in: Proc. of 2005 Programming Language Design and Implementation, PLDI, 2007.
- (2007) Proc. of 2005 Programming Language Design and Implementation
- Nethercote, N.¹ Seward, J.²

11
- 79953672829
- Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software
- NDSS
- J. Newsome, D. Song, Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software, in: Network and Distributed System Security Symposium, NDSS, 2005.
- (2005) Network and Distributed System Security Symposium
- Newsome, J.¹ Song, D.²

12
- 40349087553
- Lift: A low overhead practical information flow tracking system for detecting security attacks
- MICRO
- F. Qin, C. Wang, Z. Li, H.-S. Kim, Y. Zhou, Y. Wu, Lift: a low overhead practical information flow tracking system for detecting security attacks, in: Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO, 2006, pp. 135148.
- (2006) Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture , pp. 135-148
- Qin, F.¹ Wang, C.² Li, Z.³ Kim, H.-S.⁴ Zhou, Y.⁵ Wu, Y.⁶

13
- 81355161883
- Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution
- NDSS
- T. Wang, T. Wei, Z. Lin, W. Zou, Intscope: automatically detecting integer overflow vulnerability in x86 binary using symbolic execution, in: Network and Distributed System Security Symposium, NDSS, 2009.
- (2009) Network and Distributed System Security Symposium
- Wang, T.¹ Wei, T.² Lin, Z.³ Zou, W.⁴

14
- 70349870055
- Rich: Automatically protecting against integer-based vulnerabilities
- NDSS
- D. Brumley, D.X. Song, T. cker Chiueh, R. Johnson, H. Lin, Rich: automatically protecting against integer-based vulnerabilities, in: Network and Distributed System Security Symposium, NDSS, 2007.
- (2007) Network and Distributed System Security Symposium
- Brumley, D.¹ Song, D.X.² Cker Chiueh, T.³ Johnson, R.⁴ Lin, H.⁵

15
- 84871349041
- Automatically hardening web applications using precise tainting
- A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, D. Evans, Automatically hardening web applications using precise tainting, in: 20th IFIP International Information Security Conference, 2005.
- (2005) 20th IFIP International Information Security Conference
- Nguyen-Tuong, A.¹ Guarnieri, S.² Greene, D.³ Shirley, J.⁴ Evans, D.⁵

16
- 34247507725
- Integrating static and dynamic analysis for detecting vulnerabilities
- A. Aggarwal, P. Jalote, Integrating static and dynamic analysis for detecting vulnerabilities, in: 30th Annual International Computer Software and Applications Conference, 2006.
- (2006) 30th Annual International Computer Software and Applications Conference
- Aggarwal, A.¹ Jalote, P.²

17
- 40449102639
- Combining static and dynamic reasoning for bug detection
- Y. Smaragdakis, C. Csallner, Combining static and dynamic reasoning for bug detection, in: TAP, 2007.
- (2007) TAP
- Smaragdakis, Y.¹ Csallner, C.²

18
- 34247337300
- DSD-crasher: A hybrid analysis tool for bug finding
- ISSTA
- C. Csallner, Y. Smaragdakis, DSD-crasher: a hybrid analysis tool for bug finding, in: Proceedings of the 2007 International Symposium on Software Testing and Analysis, ISSTA, 2006.
- (2006) Proceedings of the 2007 International Symposium on Software Testing and Analysis
- Csallner, C.¹ Smaragdakis, Y.²

19
- 50249115131
- Saner: Composing static and dynamic analysis to validate sanitization in web applications
- D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna, Saner: composing static and dynamic analysis to validate sanitization in web applications, in: IEEE Symposium on Security and Privacy, 2008.
- (2008) IEEE Symposium on Security and Privacy
- Balzarotti, D.¹ Cova, M.² Felmetsger, V.³ Jovanovic, N.⁴ Kirda, E.⁵ Kruegel, C.⁶ Vigna, G.⁷

20
- 67649859970
- Efficient and extensible security enforcement using dynamic data flow analysis
- CCS'08 ACM New York, NY, USA
- W. Chang, B. Streiff, and C. Lin Efficient and extensible security enforcement using dynamic data flow analysis Proceedings of the 15th ACM Conference on Computer and Communications Security CCS'08 2008 ACM New York, NY, USA 39 50
- (2008) Proceedings of the 15th ACM Conference on Computer and Communications Security , pp. 39-50
- Chang, W.¹ Streiff, B.² Lin, C.³

21
- 70450092967
- Bouncer: Securing software by blocking bad input
- DOI 10.1145/1294261.1294274, SOSP'07: Proceedings of the 21st ACM Symposium on Operating Systems Principles
- M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado Bouncer: securing software by blocking bad input Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles SOSP'07 2007 ACM New York, NY, USA 117 130 (Pubitemid 351429372)
- (2007) Operating Systems Review (ACM) , pp. 117-130
- Costa, M.¹ Castro, M.² Zhou, L.³ Zhang, L.⁴ Peinado, M.⁵

22
- 58449129985
- Bitblaze: A new approach to computer security via binary analysis
- ICISS
- D.X. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M.G. Kang, Z. Liang, J. Newsome, P. Poosankam, P. Saxena, Bitblaze: a new approach to computer security via binary analysis, in: International Conference on Information Systems Security, ICISS, 2008.
- (2008) International Conference on Information Systems Security
- Song, D.X.¹ Brumley, D.² Yin, H.³ Caballero, J.⁴ Jager, I.⁵ Kang, M.G.⁶ Liang, Z.⁷ Newsome, J.⁸ Poosankam, P.⁹ Saxena, P.¹⁰

23
- 84855428374
- CVE
- CVE. http://cve.mitre.org/.

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.