microsoft
/
checkedc
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
checkedc/papers/dynamic_checks/checkedc.bib

2381 строка
79 KiB
BibTeX
Исходник Постоянная ссылка Ответственный История

@manual{CheckedCv06,
author = {Tarditi, David},
organization = {Microsoft},
title = {Extending {C} with bounds safety},
number = 1,
month = jan,
year = 2017,
note = {Version 0.6 \url{https://github.com/Microsoft/checkedc/releases/tag/v0.6-final}},
type = {Checked C Technical Report}
}
@unpublished{ruef2017draft,
author = {Ruef, Andrew and Elliott, Archibald Samuel and Tarditi, David and Hicks, Michael},
title = {{Checked C} for Safety, Gradually},
note = {Draft Paper \url{http://lenary.co.uk/publications/checkedc_gradually/}},
year = 2017,
month = may,
}
@manual{LLVMLangRef,
organization={{LLVM}},
title={LLVM IR Language Reference},
note={\url{http://llvm.org/docs/LangRef.html}, Accessed 29 October 2017},
}
@manual{MicrosoftSAL,
organization={{Microsoft}},
title={Using {SAL} Annotations to Reduce {C}/{C++} Code Defects},
note={\url{https://docs.microsoft.com/en-us/visualstudio/code-quality/using-sal-annotations-to-reduce-c-cpp-code-defects}, Accessed 5 November 2017},
}
@manual{UBSan,
organization={{LLVM}},
title={Undefined Behavior Sanitizer},
note={\url{https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html}, Accessed 5 November 2017},
}
@InProceedings{Nagarakatte2015,
author = {Santosh Nagarakatte and Milo M. K. Martin and Steve Zdancewic},
title = {{Everything You Want to Know About Pointer-Based Checking}},
booktitle = {1st Summit on Advances in Programming Languages (SNAPL 2015)},
pages = {190--208},
series = {Leibniz International Proceedings in Informatics (LIPIcs)},
ISBN = {978-3-939897-80-4},
ISSN = {1868-8969},
year = {2015},
volume = {32},
publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
address = {Dagstuhl, Germany},
URL = {http://drops.dagstuhl.de/opus/volltexte/2015/5026},
URN = {urn:nbn:de:0030-drops-50268},
doi = {10.4230/LIPIcs.SNAPL.2015.190},
}
@inproceedings{wadler09,
author = {Wadler, Philip and Findler, Robert Bruce},
title = {Well-Typed Programs Can'T Be Blamed},
booktitle = {ESOP},
year = {2009},
doi="10.1007/978-3-642-00590-9_1",
url="https://doi.org/10.1007/978-3-642-00590-9_1"
}
@article{Austin1994Ptrdist,
author = {Austin, Todd M. and Breach, Scott E. and Sohi, Gurindar S.},
title = {Efficient Detection of All Pointer and Array Access Errors},
journal = {SIGPLAN Not.},
issue_date = {June 1994},
volume = {29},
number = {6},
month = jun,
year = {1994},
issn = {0362-1340},
pages = {290--301},
numpages = {12},
url = {http://doi.acm.org/10.1145/773473.178446},
doi = {10.1145/773473.178446},
acmid = {178446},
publisher = {ACM},
address = {New York, NY, USA},
}
@Article{Necula2005,
author="George C. {Necula} and Jeremy Condit and Matthew Harren
and Scott McPeak and Westley Weimer",
title="{CCured}: Type-Safe Retrofitting of Legacy Software",
year=2005,
journal="{ACM} Transactions on Programming Languages and Systems ({TOPLAS})",
volume=27,
number=3,
publisher={ACM}
}
@article{Rogers1995Olden,
author = {Rogers, Anne and Carlisle, Martin C. and Reppy, John H. and Hendren, Laurie J.},
title = {Supporting Dynamic Data Structures on Distributed-memory Machines},
journal = {ACM Trans. Program. Lang. Syst.},
issue_date = {March 1995},
volume = {17},
number = {2},
month = mar,
year = {1995},
issn = {0164-0925},
pages = {233--263},
numpages = {31},
url = {http://doi.acm.org/10.1145/201059.201065},
doi = {10.1145/201059.201065},
acmid = {201065},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {dynamic data structures},
}
@inproceedings{siek06,
author = {Jeremy G. Siek and Walid Taha},
title = {Gradual Typing for Functional Languages},
inproceedings = {Workshop on Scheme and Functional Programming},
year = 2006
}
@inproceedings{matthews07,
author = {Matthews, Jacob and Findler, Robert Bruce},
title = {Operational Semantics for Multi-language Programs},
booktitle = {POPL},
year = {2007},
}
@article{swamy05experience,
author = {Nikhil Swamy and Michael Hicks and Greg Morrisett and Dan Grossman and Trevor Jim},
title = {Safe Manual Memory Management in {Cyclone}},
journal = "Sci. of Comp. Programming",
volume = 62,
number = 2,
month = oct,
pages = {122--144},
year = 2006,
note = {Special issue on memory management. Expands ISMM conference paper of the same name},
publisher = "Elsevier",
}
@inproceedings{GrossmanMJHWC02,
author = "Dan Grossman and Greg Morrisett and Trevor Jim and Michael Hicks and Yanling Wang and James Cheney",
title = "Region-based Memory Management in {C}yclone",
booktitle = {PLDI},
year = 2002,
}
@inproceedings{Hackett:2006:MCB:1134285.1134319,
author = {Hackett, Brian and Das, Manuvir and Wang, Daniel and Yang, Zhe},
title = {Modular Checking for Buffer Overflows in the Large},
booktitle = {ICSE},
year = {2006},
}
@misc{nvdb,
title = {{NIST} vulnerability database},
key = {NVDB},
howpublished = {\url{https://nvd.nist.gov}},
note="Accessed May 17, 2017"
}
@article{Boehm:1988:GCU:52201.52202,
author = {Boehm, Hans-Juergen and Weiser, Mark},
title = {Garbage Collection in an Uncooperative Environment},
journal = {Softw. Pract. Exper.},
volume = {18},
number = {9},
month = sep,
year = {1988},
pages = {807--820},
}
@inproceedings{Abadi2005,
author = {Mart\'{\i}n Abadi and Mihai Budiu and \'{U}lfar Erlingsson and Jay Ligatti},
title = {Control-flow Integrity},
booktitle = {Proceedings of the 12th ACM Conference on Computer and Communications Security},
series = {CCS '05},
year = {2005},
isbn = {1-59593-226-7},
location = {Alexandria, VA, USA},
pages = {340--353},
numpages = {14},
url = {http://doi.acm.org/10.1145/1102120.1102165},
doi = {10.1145/1102120.1102165},
acmid = {1102165},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Adl-Tabatabai1996,
author = {Ali-Reza Adl-Tabatabai amd Geoff Langdale and Steven Lucco and Robert Wahbe},
title = {Efficient and Language-independent Mobile Programs},
booktitle = {Proceedings of the ACM SIGPLAN 1996 Conference on Programming Language Design and Implementation},
series = {PLDI '96},
year = {1996},
isbn = {0-89791-795-2},
location = {Philadelphia, Pennsylvania, USA},
pages = {127--136},
numpages = {10},
url = {http://doi.acm.org/10.1145/231379.231402},
doi = {10.1145/231379.231402},
publisher = {ACM},
address = {New York, NY, USA},
}
@Book{Aho2007,
author="Alfred V. {Aho} and Monica S. {Lam} and Ravi Sethi and Jeffery D. {Ullman}",
title=" Compilers: Principles, Techniques, \& Tools (2nd edition)",
year=2007,
publisher="Pearson Addison Wesley",
address="New York, New York",
}
@inproceedings{Akritidis2008,
author = {Akritidis, Periklis and Cadar, Cristian and Raiciu, Costin and Costa, Manuel and Castro, Miguel},
title = {Preventing Memory Error Exploits with {WIT}},
booktitle = {Proceedings of the 2008 IEEE Symposium on Security and Privacy},
series = {SP '08},
year = {2008},
isbn = {978-0-7695-3168-7},
pages = {263--277},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2008.30},
doi = {10.1109/SP.2008.30},
acmid = {1398074},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
keywords = {static analysis, instrumentation, attack detection, memory errors},
}
@inproceedings{Akritidis:2009:BBC:1855768.1855772,
author = {Akritidis, Periklis and Costa, Manuel and Castro, Miguel and Hand, Steven},
title = {Baggy Bounds Checking: An Efficient and Backwards-compatible Defense Against Out-of-bounds Errors},
booktitle = {Proceedings of the 18th Conference on {USENIX} Security Symposium},
series = {SSYM'09},
year = {2009},
location = {Montreal, Canada},
pages = {51--66},
numpages = {16},
url = {http://dl.acm.org/citation.cfm?id=1855768.1855772},
acmid = {1855772},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Ansel:2011:LSJ:1993498.1993540,
author = {Ansel, Jason and Marchenko, Petr and Erlingsson, \'{U}lfar and Taylor, Elijah and Chen, Brad and Schuff, Derek L. and Sehr, David and Biffle, Cliff L. and Yee, Bennet},
title = {Language-independent Sandboxing of Just-in-time Compilation and Self-modifying Code},
booktitle = {Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation},
series = {PLDI '11},
year = {2011},
isbn = {978-1-4503-0663-8},
location = {San Jose, California, USA},
pages = {355--366},
numpages = {12},
url = {http://doi.acm.org/10.1145/1993498.1993540},
doi = {10.1145/1993498.1993540},
acmid = {1993540},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {just-in-time compilation, sandboxing, security, self-modifying code, software fault isolation},
}
@Misc{Astree2016,
author="{AbsOmt}",
title="Astr\'{e}e: Fast and sound runtime error analysis",
year="2016",
howpublished={\url{http://www.absint.com/astree/index.htm}},
note="Accessed May 12, 2016"
}
@inproceedings{Austin1994,
author = {Austin, Todd M. and Breach, Scott E. and Sohi, Gurindar S.},
title = {Efficient Detection of All Pointer and Array Access Errors},
booktitle = {Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation},
series = {PLDI '94},
year = {1994},
isbn = {0-89791-662-X},
location = {Orlando, Florida, USA},
pages = {290--301},
numpages = {12},
url = {http://doi.acm.org/10.1145/178243.178446},
doi = {10.1145/178243.178446},
acmid = {178446},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Baratloo2000,
author = {Baratloo, Arash and Singh, Navjot and Tsai, Timothy},
title = {Transparent Run-time Defense Against Stack Smashing Attacks},
booktitle = {Proceedings of the Annual Conference on {USENIX} Annual Technical Conference},
series = {ATEC '00},
year = {2000},
location = {San Diego, California},
pages = {21--21},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1267724.1267745},
acmid = {1267745},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@article{Bessey2010,
author = {Bessey, Al and Block, Ken and Chelf, Ben and Chou, Andy and Fulton, Bryan and Hallem, Seth and Henri-Gros, Charles and Kamsky, Asya and McPeak, Scott and Engler, Dawson},
title = {A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World},
journal = {Commun. ACM},
issue_date = {February 2010},
volume = {53},
number = {2},
month = feb,
year = {2010},
issn = {0001-0782},
pages = {66--75},
numpages = {10},
url = {http://doi.acm.org/10.1145/1646353.1646374},
doi = {10.1145/1646353.1646374},
acmid = {1646374},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Bhatkar:2003:AOE:1251353.1251361,
author = {Bhatkar, Sandeep and DuVarney, Daniel C. and Sekar, R.},
title = {Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits},
booktitle = {Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12},
series = {SSYM'03},
year = {2003},
location = {Washington, DC},
pages = {8--8},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1251353.1251361},
acmid = {1251361},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Bhatkar2005,
author = {Bhatkar, Sandeep and Sekar, R. and DuVarney, Daniel C.},
title = {Efficient Techniques for Comprehensive Protection from Memory Error Exploits},
booktitle = {Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14},
series = {SSYM'05},
year = {2005},
location = {Baltimore, MD},
pages = {17--17},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1251398.1251415},
acmid = {1251415},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Bhatkar:2008:DSR:1428322.1428324,
author = {Bhatkar, Sandeep and Sekar, R.},
title = {Data Space Randomization},
booktitle = {Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment},
series = {DIMVA '08},
year = {2008},
isbn = {978-3-540-70541-3},
location = {Paris, France},
pages = {1--22},
numpages = {22},
url = {http://dx.doi.org/10.1007/978-3-540-70542-0_1},
doi = {10.1007/978-3-540-70542-0_1},
acmid = {1428324},
publisher = {Springer-Verlag},
address = {Berlin, Heidelberg},
keywords = {address space randomization, buffer overflow, memory error},
}
@inproceedings{Bittau:2014:HB:2650286.2650800,
author = {Bittau, Andrea and Belay, Adam and Mashtizadeh, Ali and Mazi\`{e}res, David and Boneh, Dan},
title = {Hacking Blind},
booktitle = {Proceedings of the 2014 IEEE Symposium on Security and Privacy},
series = {SP '14},
year = {2014},
isbn = {978-1-4799-4686-0},
pages = {227--242},
numpages = {16},
url = {http://dx.doi.org/10.1109/SP.2014.22},
doi = {10.1109/SP.2014.22},
acmid = {2650800},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@article{Blanchet2003,
author = {Blanchet, Bruno and Cousot, Patrick and Cousot, Radhia and Feret, J{\'e}rome and Mauborgne, Laurent and Min{\'e}, Antoine and Monniaux, David and Rival, Xavier},
title = {A Static Analyzer for Large Safety-critical Software},
journal = {SIGPLAN Not.},
issue_date = {May 2003},
volume = {38},
number = {5},
month = may,
year = {2003},
issn = {0362-1340},
pages = {196--207},
numpages = {12},
url = {http://doi.acm.org/10.1145/780822.781153},
doi = {10.1145/780822.781153},
acmid = {781153},
publisher = {ACM},
address = {New York, NY, USA},
}
@Misc{BoundsChecker2016,
author="{MicroFocus}",
title="DevPartner",
year="2016",
howpublished={\url{http://www.borland.com/en-GB/Products/Software-Testing/Automated-Testing/Devpartner-Studio}},
note="Accessed May 6, 2016"
}
@inproceedings{Bruening2011,
author = {Bruening, Derek and Zhao, Qin},
title = {Practical Memory Checking with {Dr. Memory}},
booktitle = {Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization},
series = {CGO '11},
year = {2011},
isbn = {978-1-61284-356-8},
pages = {213--223},
numpages = {11},
url = {http://dl.acm.org/citation.cfm?id=2190025.2190067},
acmid = {2190067},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@inproceedings{Bletsch:2011:JPN:1966913.1966919,
author = {Bletsch, Tyler and Jiang, Xuxian and Freeh, Vince W. and Liang, Zhenkai},
title = {Jump-oriented Programming: A New Class of Code-reuse Attack},
booktitle = {Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security},
series = {ASIACCS '11},
year = {2011},
isbn = {978-1-4503-0564-8},
location = {Hong Kong, China},
pages = {30--40},
numpages = {11},
url = {http://doi.acm.org/10.1145/1966913.1966919},
doi = {10.1145/1966913.1966919},
acmid = {1966919},
publisher = {ACM},
address = {New York, NY, USA},
}
@article{Berger2006,
author = {Berger, Emery D. and Zorn, Benjamin G.},
title = {DieHard: Probabilistic Memory Safety for Unsafe Languages},
journal = {SIGPLAN Not.},
issue_date = {June 2006},
volume = {41},
number = {6},
month = jun,
year = {2006},
issn = {0362-1340},
pages = {158--168},
numpages = {11},
url = {http://doi.acm.org/10.1145/1133255.1134000},
doi = {10.1145/1133255.1134000},
acmid = {1134000},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {DieHard, dynamic memory allocation, probabilistic memory safety, randomization, replication},
}
@inproceedings{Burrows:2003:RTC:1765931.1765941,
author = {Burrows, Michael and Freund, Stephen N. and Wiener, Janet L.},
title = {Run-time Type Checking for Binary Programs},
booktitle = {Proceedings of the 12th International Conference on Compiler Construction},
series = {CC'03},
year = {2003},
isbn = {3-540-00904-3},
location = {Warsaw, Poland},
pages = {90--105},
numpages = {16},
url = {http://dl.acm.org/citation.cfm?id=1765931.1765941},
acmid = {1765941},
publisher = {Springer-Verlag},
address = {Berlin, Heidelberg},
}
@article{Bush2000,
author = {Bush, William R. and Pincus, Jonathan D. and Sielaff, David J.},
title = {A Static Analyzer for Finding Dynamic Programming Errors},
journal = {Softw. Pract. Exper.},
issue_date = {June 2000},
volume = {30},
number = {7},
month = jun,
year = {2000},
issn = {0038-0644},
pages = {775--802},
numpages = {28},
url = {http://dx.doi.org/10.1002/(SICI)1097-024X(200006)30:7<775::AID-SPE309>3.0.CO;2-H},
doi = {10.1002/(SICI)1097-024X(200006)30:7<775::AID-SPE309>3.0.CO;2-H},
acmid = {348428},
publisher = {John Wiley \& Sons, Inc.},
address = {New York, NY, USA},
keywords = {program analysis, program error checking},
}
@inproceedings{Carlini2014,
author = {Carlini, Nicholas and Wagner, David},
title = {{ROP} is Still Dangerous: Breaking Modern Defenses},
booktitle = {Proceedings of the 23rd USENIX Conference on Security Symposium},
series = {SEC'14},
year = {2014},
isbn = {978-1-931971-15-7},
location = {San Diego, CA},
pages = {385--399},
numpages = {15},
url = {http://dl.acm.org/citation.cfm?id=2671225.2671250},
acmid = {2671250},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Carlini2015,
author = {Carlini, Nicolas and Barresi, Antonio and Payer, Mathias and Wagner, David and Gross, Thomas R.},
title = {Control-flow Bending: On the Effectiveness of Control-flow Integrity},
booktitle = {Proceedings of the 24th USENIX Conference on Security Symposium},
series = {SEC'15},
year = {2015},
isbn = {978-1-931971-232},
location = {Washington, D.C.},
pages = {161--176},
numpages = {16},
url = {http://dl.acm.org/citation.cfm?id=2831143.2831154},
acmid = {2831154},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Castro:2006:SSE:1267308.1267319,
author = {Castro, Miguel and Costa, Manuel and Harris, Tim},
title = {Securing Software by Enforcing Data-flow Integrity},
booktitle = {Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7},
series = {OSDI '06},
year = {2006},
location = {Seattle, WA},
pages = {11--11},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1267308.1267319},
acmid = {1267319},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Castro2009,
author = {Castro, Miguel and Costa, Manuel and Martin, Jean-Philippe and Peinado, Marcus and Akritidis, Periklis and Donnelly, Austin and Barham, Paul and Black, Richard},
title = {Fast Byte-granularity Software Fault Isolation},
booktitle = {Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles},
series = {SOSP '09},
year = {2009},
isbn = {978-1-60558-752-3},
location = {Big Sky, Montana, USA},
pages = {45--58},
numpages = {14},
url = {http://doi.acm.org/10.1145/1629575.1629581},
doi = {10.1145/1629575.1629581},
acmid = {1629581},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {device drivers, isolation},
}
@inproceedings{Checkoway:2010:RPW:1866307.1866370,
author = {Checkoway, Stephen and Davi, Lucas and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza and Shacham, Hovav and Winandy, Marcel},
title = {Return-oriented Programming Without Returns},
booktitle = {Proceedings of the 17th ACM Conference on Computer and Communications Security},
series = {CCS '10},
year = {2010},
isbn = {978-1-4503-0245-6},
location = {Chicago, Illinois, USA},
pages = {559--572},
numpages = {14},
url = {http://doi.acm.org/10.1145/1866307.1866370},
doi = {10.1145/1866307.1866370},
acmid = {1866370},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {arm, return-oriented programming, x86},
}
@inproceedings{Chiueh2001,
author={Chiueh, Tzi-cker and Hsu, Fu-Hau},
title = {{RAD}: A Compile-Time Solution to Buffer Overflow Attacks},
booktitle = {Proceedings of the The 21st International Conference on Distributed Computing Systems},
series = {ICDCS '01},
year = {2001},
url = {http://dl.acm.org/citation.cfm?id=876878.879316},
acmid = {879316},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA}
}
@inproceedings{Chen2005,
author = {Chen, Shuo and Xu, Jun and Sezer, Emre C. and Gauriar, Prachi and Iyer, Ravishankar K.},
title = {Non-control-data Attacks Are Realistic Threats},
booktitle = {Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14},
series = {SSYM'05},
year = {2005},
location = {Baltimore, MD},
pages = {12--12},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1251398.1251410},
acmid = {1251410},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@Misc{CodeAnalyzer2016,
author="{Oracle Corporation}",
title="Oracle Solaris Studio",
year="2016",
howpublished={\url{http://www.oracle.com/technetwork/server-storage/solarisstudio/overview/index.html}},
note="Accessed May 6, 2016"
}
@InProceedings{Condit2007,
author="Jeremy Condit and Matthew Harren and Zachary Anderson and David Gay
and George C. Necula",
title="Dependent Types for Low-Level Programming",
year=2007,
booktitle="Proceedings of European Symposium on Programming (ESOP '07)",
series="Lecture Notes in Computer Science",
volume=4421,
publisher="Springer-Verlag",
pages="520-535",
address="Heidelberg",
}
@InProceedings{Condit2009,
author="Jeremy Condit and Brian Hackett and Shuvendu K. {Lahiri} and Shaz Qadeer",
title="Unifying Type Checking and Property Checking for Low-Level Code",
year=2009,
booktitle="POPL '09: Proceedings of the 36th Annual {ACM} {SIGPLAN-SIGACT} Symposium
on Principles of Programming Languages",
publisher="Association for Computing Machinery",
address="New York, New York"
}
@inproceedings{Conti2015,
author = {Conti, Mauro and Crane, Stephen and Davi, Lucas and Franz, Michael and Larsen, Per and Negro, Marco and Liebchen, Christopher and Qunaibit, Mohaned and Sadeghi, Ahmad-Reza},
title = {Losing Control: On the Effectiveness of Control-Flow Integrity Under Stack Attacks},
booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '15},
year = {2015},
isbn = {978-1-4503-3832-5},
location = {Denver, Colorado, USA},
pages = {952--963},
numpages = {12},
url = {http://doi.acm.org/10.1145/2810103.2813671},
doi = {10.1145/2810103.2813671},
acmid = {2813671},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {code-reuse attacks, control-flow integrity, stack corruption},
}
@article{Corliss2005,
author = {Corliss, Marc L. and Lewis, E. Christopher and Roth, Amir},
title = {Using {DISE} to Protect Return Addresses from Attack},
journal = {SIGARCH Comput. Archit. News},
issue_date = {March 2005},
volume = {33},
number = {1},
month = mar,
year = {2005},
issn = {0163-5964},
pages = {65--72},
numpages = {8},
url = {http://doi.acm.org/10.1145/1055626.1055636},
doi = {10.1145/1055626.1055636},
acmid = {1055636},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Cousot1977,
author = {Cousot, Patrick and Cousot, Radhia},
title = {Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints},
booktitle = {Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages},
series = {POPL '77},
year = {1977},
location = {Los Angeles, California},
pages = {238--252},
numpages = {15},
url = {http://doi.acm.org/10.1145/512950.512973},
doi = {10.1145/512950.512973},
acmid = {512973},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Cowan1998,
author = {Crispin Cowan and Calton Pu and Dave Maiere and Heather Hintony and Jonathan Walpole
and Peat Bakke and Steve Beattie and Aaron Grier and Perry Wagle and Qian Zhang},
title = {StackGuard: Automatic Adaptive Detection and Prevention of Buffer-overflow Attacks},
booktitle = {Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7},
series = {SSYM'98},
year = {1998},
location = {San Antonio, Texas},
pages = {5--5},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1267549.1267554},
acmid = {1267554},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Cowan:2003:PTP:1251353.1251360,
author = {Cowan, Crispin and Beattie, Steve and Johansen, John and Wagle, Perry},
title = {PointguardTM: Protecting Pointers from Buffer Overflow Vulnerabilities},
booktitle = {Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12},
series = {SSYM'03},
year = {2003},
location = {Washington, DC},
pages = {7--7},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1251353.1251360},
acmid = {1251360},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Crane:2015:TTR:2810103.2813682,
author = {Crane, Stephen J. and Volckaert, Stijn and Schuster, Felix and Liebchen, Christopher and Larsen, Per and Davi, Lucas and Sadeghi, Ahmad-Reza and Holz, Thorsten and De Sutter, Bjorn and Franz, Michael},
title = {It's a TRaP: Table Randomization and Protection Against Function-Reuse Attacks},
booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '15},
year = {2015},
isbn = {978-1-4503-3832-5},
location = {Denver, Colorado, USA},
pages = {243--255},
numpages = {13},
url = {http://doi.acm.org/10.1145/2810103.2813682},
doi = {10.1145/2810103.2813682},
acmid = {2813682},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {C++, COOP, code reuse, compilers, diversity, exploits, mitigations, randomization},
}
@Misc{Csharp2016,
author="{Microsoft Corporation}",
title="C\# Programming Guide",
year="2016",
howpublished={\url{https://msdn.microsoft.com/en-us/library/67ef8sbd.aspx}},
note="Accessed May 13, 2016"
}
@Misc{D2016,
author="{dlang.org}",
title="D",
year="2016",
howpublished={\url{http://dlang.org/}},
note="Accessed May 13, 2016"
}
@inproceedings{Dang2015,
author = {Dang, Thurston H.Y. and Maniatis, Petros and Wagner, David},
title = {The Performance Cost of Shadow Stacks and Stack Canaries},
booktitle = {Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security},
series = {ASIA CCS '15},
year = {2015},
isbn = {978-1-4503-3245-3},
location = {Singapore, Republic of Singapore},
pages = {555--566},
numpages = {12},
url = {http://doi.acm.org/10.1145/2714576.2714635},
doi = {10.1145/2714576.2714635},
acmid = {2714635},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Davi:2011:RDT:1966913.1966920,
author = {Davi, Lucas and Sadeghi, Ahmad-Reza and Winandy, Marcel},
title = {ROPdefender: A Detection Tool to Defend Against Return-oriented Programming Attacks},
booktitle = {Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security},
series = {ASIACCS '11},
year = {2011},
isbn = {978-1-4503-0564-8},
location = {Hong Kong, China},
pages = {40--51},
numpages = {12},
url = {http://doi.acm.org/10.1145/1966913.1966920},
doi = {10.1145/1966913.1966920},
acmid = {1966920},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {binary instrumentation, detection, return-oriented programming},
}
@inproceedings{Davi2014,
author = {Davi, Lucas and Sadeghi, Ahmad-Reza and Lehmann, Daniel and Monrose, Fabian},
title = {Stitching the Gadgets: On the Ineffectiveness of Coarse-grained Control-flow Integrity Protection},
booktitle = {Proceedings of the 23rd USENIX Conference on Security Symposium},
series = {SEC'14},
year = {2014},
isbn = {978-1-931971-15-7},
location = {San Diego, CA},
pages = {401--416},
numpages = {16},
url = {http://dl.acm.org/citation.cfm?id=2671225.2671251},
acmid = {2671251},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Delmas2007,
author = {Delmas, David and Souyris, Jean},
title = {Astr{\'e}e: From Research to Industry},
booktitle = {Proceedings of the 14th International Conference on Static Analysis},
series = {SAS'07},
year = {2007},
isbn = {3-540-74060-0, 978-3-540-74060-5},
location = {Kongens Lyngby, Denmark},
pages = {437--451},
numpages = {15},
url = {http://dl.acm.org/citation.cfm?id=2391451.2391480},
acmid = {2391480},
publisher = {Springer-Verlag},
address = {Berlin, Heidelberg},
keywords = {Astr{\'e}e, abstract interpretation, avionics software, run-time errors, static analysis, verification},
}
@inproceedings{Devietti:2008:HAS:1346281.1346295,
author = {Devietti, Joe and Blundell, Colin and Martin, Milo M. K. and Zdancewic, Steve},
title = {Hardbound: Architectural Support for Spatial Safety of the C Programming Language},
booktitle = {Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems},
series = {ASPLOS XIII},
year = {2008},
isbn = {978-1-59593-958-6},
location = {Seattle, WA, USA},
pages = {103--114},
numpages = {12},
url = {http://doi.acm.org/10.1145/1346281.1346295},
doi = {10.1145/1346281.1346295},
acmid = {1346295},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {C programming language, spatial memory safety},
}
@inproceedings{Dhurjati2006,
author = {Dhurjati, Dinakar and Adve, Vikram},
title = {Backwards-compatible Array Bounds Checking for {C} with Very Low Overhead},
booktitle = {Proceedings of the 28th International Conference on Software Engineering},
series = {ICSE '06},
year = {2006},
isbn = {1-59593-375-1},
location = {Shanghai, China},
pages = {162--171},
numpages = {10},
url = {http://doi.acm.org/10.1145/1134285.1134309},
doi = {10.1145/1134285.1134309},
acmid = {1134309},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {array bounds checking, automatic pool allocation, compilers, programming languages, region management},
}
@inproceedings{Dhurjati:2006:SEA:1133981.1133999,
author = {Dhurjati, Dinakar and Kowshik, Sumant and Adve, Vikram},
title = {SAFECode: Enforcing Alias Analysis for Weakly Typed Languages},
booktitle = {Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation},
series = {PLDI '06},
year = {2006},
isbn = {1-59593-320-4},
location = {Ottawa, Ontario, Canada},
pages = {144--157},
numpages = {14},
url = {http://doi.acm.org/10.1145/1133981.1133999},
doi = {10.1145/1133981.1133999},
acmid = {1133999},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {alias analysis, automatic pool allocation, compilers, programming languages, region management},
}
@Article{Dietz2015,
author = "Will Dietz and Peng Li and John Regehr and Vikram Adve",
title="Understanding Integer Overflow in {C}/{C}++",
year=2015,
month=Nov,
volume=25,
issue=1,
journal="{ACM} Transactions on Software Engineering and Methodology ({TOSEM})",
publisher={ACM}
}
@Misc{DrMemory2016,
author="{Dr. Memory}",
title="Dr. {M}emory: Memory Debugger for {Windows}, {Linux}, and {Mac}",
year="2016",
howpublished={\url{http://www.drmemory.org/}},
note="Accessed May 6, 2016"
}
@article{Emanuelsson2008,
author = {Emanuelsson, P\"{a}r and Nilsson, Ulf},
title = {A Comparative Study of Industrial Static Analysis Tools},
journal = {Electron. Notes Theor. Comput. Sci.},
issue_date = {July, 2008},
volume = {217},
month = jul,
year = {2008},
issn = {1571-0661},
pages = {5--21},
numpages = {17},
url = {http://dx.doi.org/10.1016/j.entcs.2008.06.039},
doi = {10.1016/j.entcs.2008.06.039},
acmid = {1390956},
publisher = {Elsevier Science Publishers B. V.},
address = {Amsterdam, The Netherlands, The Netherlands},
keywords = {Static analysis, dataflow analysis, defects, security vulnerabilities},
}
@inproceedings{Erlingsson2006,
author = {Erlingsson, \'{U}lfar and Abadi, Mart\'{\i}n and Vrable, Michael and Budiu, Mihai and Necula, George C.},
title = {{XFI}: Software Guards for System Address Spaces},
booktitle = {Proceedings of the 7th {USENIX} Symposium on Operating Systems Design and Implementation - Volume 7},
series = {OSDI '06},
year = {2006},
location = {Seattle, WA},
pages = {6--6},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1267308.1267314},
acmid = {1267314},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@Misc{Escher2016,
author="{Escher Technologies}",
title="Escher C Verifier and Escher C++ Verifier",
year="2016",
howpublished={\url{http://www.eschertech.com/products/ecv.php}},
note="Accessed May 13, 2016"
}
@inproceedings{Duck2016,
author = {Duck, Gregory J. and Yap, Roland H. C.},
title = {Heap Bounds Protection with Low Fat Pointers},
booktitle = {Proceedings of the 25th International Conference on Compiler Construction},
series = {CC 2016},
year = {2016},
isbn = {978-1-4503-4241-4},
location = {Barcelona, Spain},
pages = {132--142},
numpages = {11},
url = {http://doi.acm.org/10.1145/2892208.2892212},
doi = {10.1145/2892208.2892212},
acmid = {2892212},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Evans2015,
author = {Evans, Isaac and Long, Fan and Otgonbaatar, Ulziibayar and Shrobe, Howard and Rinard, Martin and Okhravi, Hamed and Sidiroglou-Douskos, Stelios},
title = {Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity},
booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '15},
year = {2015},
isbn = {978-1-4503-3832-5},
location = {Denver, Colorado, USA},
pages = {901--913},
numpages = {13},
url = {http://doi.acm.org/10.1145/2810103.2813646},
doi = {10.1145/2810103.2813646},
acmid = {2813646},
publisher = {ACM},
address = {New York, NY, USA},
}
@InProceedings{Feng2006,
author="Feng Zhou and Jeremy Condit and Zachary Anderson and Ilya Bagrak
and Rob Ennals and Matthew Harren and George Necula and Eric Brewer",
title="{SafeDrive}: Safe and Recoverable Extensions Using Language-Based Techniques",
year=2006,
booktitle="7th Symposium on Operating System Design and Implementation (OSDI'06)",
publisher="USENIX Association",
address="Seattle, Washington"
}
@inproceedings{Flanagan2002,
author = {Cormac Flanagan and K. Rustan M. Leino and Mark Lillibridge and Greg Nelson and James B. Saxe and Raymie Stata},
title = {Extended Static Checking for Java},
booktitle = {Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation},
series = {PLDI '02},
year = {2002},
isbn = {1-58113-463-0},
location = {Berlin, Germany},
pages = {234--245},
numpages = {12},
url = {http://doi.acm.org/10.1145/512529.512558},
doi = {10.1145/512529.512558},
acmid = {512558},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {compile-time program checking},
}
@Misc{FramaC2016,
author="{Frama C}",
title="Frama C Software Analyzers",
year="2016",
howpublished={\url{http://frama-c.com/about.html}},
note="Accessed May 13, 2016"
}
@inproceedings{Frantzen2001,
author = {Frantzen, Mike and Shuey, Mike},
title = {StackGhost: Hardware Facilitated Stack Protection},
booktitle = {Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10},
series = {SSYM'01},
year = {2001},
location = {Washington, D.C.},
articleno = {5},
url = {http://dl.acm.org/citation.cfm?id=1251327.1251332},
acmid = {1251332},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Goktas2014,
author = {G\"{o}ktas, Enes and Athanasopoulos, Elias and Bos, Herbert and Portokalidis, Georgios},
title = {Out of Control: Overcoming Control-Flow Integrity},
booktitle = {Proceedings of the 2014 IEEE Symposium on Security and Privacy},
series = {SP '14},
year = {2014},
isbn = {978-1-4799-4686-0},
pages = {575--589},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2014.43},
doi = {10.1109/SP.2014.43},
acmid = {2650770},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@Misc{GCCCFG2016,
author="{GCC}",
title={Program Instrumentation Options},
howpublished={\url{https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options}},
year=2016,
note="Accessed April 27, 2016"
}
@Misc{Go2016,
author="{golang.org}",
title="The Go Programming Language",
year="2016",
howpublished={\url{https://golang.org/}},
note="Accessed May 13, 2016"
}
@inproceedings{Grimmer2015,
author = {Grimmer, Matthias and Schatz, Roland and Seaton, Chris and W\"{u}rthinger, Thomas and M\"{o}ssenb\"{o}ck, Hanspeter},
title = {Memory-safe Execution of C on a Java VM},
booktitle = {Proceedings of the 10th ACM Workshop on Programming Languages and Analysis for Security},
series = {PLAS'15},
year = {2015},
isbn = {978-1-4503-3661-1},
location = {Prague, Czech Republic},
pages = {16--27},
numpages = {12},
url = {http://doi.acm.org/10.1145/2786558.2786565},
doi = {10.1145/2786558.2786565},
acmid = {2786565},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {C, Dynamic Compilation, Graal, ManagedC, Memory Safety, Optimization, Truffle, Virtual Machine},
}
@Article{Grossman2005,
author="Dan Grossman and Michael Hicks and Trevor Jim and Greg Morrisett",
title="Cyclone: A Type-Safe Dialect of {C}",
year=2005,
month=January,
journal="{C}/{C}++ Users Journal",
volume=23,
number=1,
publisher="{CMP} Media {LLC}"
}
@inproceedings{Hasabnis2012,
author = {Hasabnis, Niranjan and Misra, Ashish and Sekar, R.},
title = {Light-weight Bounds Checking},
booktitle = {Proceedings of the Tenth International Symposium on Code Generation and Optimization},
series = {CGO '12},
year = {2012},
isbn = {978-1-4503-1206-6},
location = {San Jose, California},
pages = {135--144},
numpages = {10},
url = {http://doi.acm.org/10.1145/2259016.2259034},
doi = {10.1145/2259016.2259034},
acmid = {2259034},
publisher = {{ACM}},
address = {New York, NY, USA},
}
@Inproceedings{Hastings1992,
author = {Reed Hastings and Bob Joyce},
title = {Purify: Fast detection of memory leaks and access errors},
booktitle = {Proceedings of the Winter 1992 USENIX Conference},
year = {1992},
pages = {125--138},
publisher = {USENIX Association},
address = {Berkeley, CA, USA}
}
@inproceedings{Hawkins2016,
author = {Hawkins, Byron and Demsky, Brian and Taylor, Michael B.},
title = {BlackBox: Lightweight Security Monitoring for {COTS} Binaries},
booktitle = {Proceedings of the 2016 International Symposium on Code Generation and Optimization},
series = {CGO 2016},
year = {2016},
isbn = {978-1-4503-3778-6},
location = {Barcelona, Spain},
pages = {261--272},
numpages = {12},
url = {http://doi.acm.org/10.1145/2854038.2854062},
doi = {10.1145/2854038.2854062},
acmid = {2854062},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Binary Rewriting, Control Flow Integrity, Dynamic Code Generation, Program Monitoring, Software Security},
}
@inproceedings{Hiser2012,
author = {Hiser, Jason and Nguyen-Tuong, Anh and Co, Michele and Hall, Matthew and Davidson, Jack W.},
title = {{ILR}: Where'D My Gadgets Go?},
booktitle = {Proceedings of the 2012 IEEE Symposium on Security and Privacy},
series = {SP '12},
year = {2012},
isbn = {978-0-7695-4681-0},
pages = {571--585},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2012.39},
doi = {10.1109/SP.2012.39},
acmid = {2310723},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
keywords = {Randomization, Exploit prevention, Diversity, ASLR, Return-oriented-programming, arc-injection},
}
@Book{Howard2003,
author="Michael Howard and David LeBlanc",
title="Writing Secure Code",
edition="2nd",
year=2003,
address="Redmond, Washington",
publisher="Microsoft Press"
}
@article{Horwitz1990,
author = {Susan Horwitz and Thomas Reps and David Binkley},
title = {Interprocedural Slicing Using Dependence Graphs},
journal = {ACM Transactions on Programming Languages and Systems},
issue_date = {Jan. 1990},
volume = {12},
number = {1},
month = jan,
year = {1990},
issn = {0164-0925},
pages = {26--60},
numpages = {35},
url = {http://doi.acm.org/10.1145/77606.77608},
doi = {10.1145/77606.77608},
acmid = {77608},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Hund:2009:RRB:1855768.1855792,
author = {Hund, Ralf and Holz, Thorsten and Freiling, Felix C.},
title = {Return-oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms},
booktitle = {Proceedings of the 18th Conference on USENIX Security Symposium},
series = {SSYM'09},
year = {2009},
location = {Montreal, Canada},
pages = {383--398},
numpages = {16},
url = {http://dl.acm.org/citation.cfm?id=1855768.1855792},
acmid = {1855792},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Hund:2013:PTS:2497621.2498111,
author = {Hund, Ralf and Willems, Carsten and Holz, Thorsten},
title = {Practical Timing Side Channel Attacks Against Kernel Space ASLR},
booktitle = {Proceedings of the 2013 IEEE Symposium on Security and Privacy},
series = {SP '13},
year = {2013},
isbn = {978-0-7695-4977-4},
pages = {191--205},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2013.23},
doi = {10.1109/SP.2013.23},
acmid = {2498111},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
keywords = {Address Space Layout Randomization, Timing Attacks, Kernel Vulnerabilities, Exploit Mitigation},
}
@Misc{Insure2016,
author="{Parasoft}",
title="Memory Error Detection",
year="2016",
howpublished={\url{https://www.parasoft.com/capability/memory-error-detection/}},
note="Accessed May 6, 2016"
}
@Misc{Intel2016,
author="Intel Corporation",
title="Intel Inspector",
howpublished={\url{https://software.intel.com/en-us/intel-inspector-xe}},
year=2016,
note="Accessed May 6, 2016"
}
@Misc{ISO2011,
author="ISO",
title="{ISO/IEC} 9899:2011 - {I}nformation {T}echnology - {P}rogramming {L}anguages -
{C} ({C11} standard)",
year=2011,
address="Geneva",
publisher="ISO/IEC"
}
@InProceedings{Jim2002,
author="Trevor Jim and Greg Morrisett and Dan Grossman and Michael Hicks and James Cheney and Yanling Wang",
title="Cyclone: A Safe Dialect of {C}",
year=2002,
booktitle="USENIX Annual Technical Conference",
publisher="{USENIX}",
pages="275--288",
address="Monterey, CA",
}
@InProceedings{Jones1997,
author="Richard W. M. Jones and Paul H. J. Kelly",
title="Backwards-compatible bounds checking for arrays and pointers in {C} programs",
booktitle="Third International Workshop on Automated Debugging",
series="Linkoping Electronic Conference Proceedings",
month=May,
year=1997,
publisher="Linkoping University Electronic Press",
editor="Miriam Kamkar and D. Byers",
note={\url{"http://www.ep.liu.se/ea/cis/1997/009/"}}
}
@Book{Jones2009,
author="Derek M. {Jones}",
title="The New {C} {S}tandard: An Economic and Cultural Commentary",
note={Self-published: {\url{http://www.knosof.co.uk/cbook/.}}},
year=2009,
publisher="Knowledge Software Ltd"
}
@inproceedings{Kendall1983,
author = {Kendall, Samuel C.},
title = {Bcc: runtime checking for {C} programs},
booktitle = {USENIX Toronto 1983 Summer Conference},
year = {1983},
publisher = {USENIX Association},
address = {Berkeley, CA, USA}
}
@inproceedings{Kil2006,
author = {Kil, Chongkyung and Jun, Jinsuk and Bookholt, Christopher and Xu, Jun and Ning, Peng},
title = {Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software},
booktitle = {Proceedings of the 22Nd Annual Computer Security Applications Conference},
series = {ACSAC '06},
year = {2006},
isbn = {0-7695-2716-7},
pages = {339--348},
numpages = {10},
url = {http://dx.doi.org/10.1109/ACSAC.2006.9},
doi = {10.1109/ACSAC.2006.9},
acmid = {1191889},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@inproceedings{Kiriansky:2002:SEV:647253.720293,
author = {Kiriansky, Vladimir and Bruening, Derek and Amarasinghe, Saman P.},
title = {Secure Execution via Program Shepherding},
booktitle = {Proceedings of the 11th USENIX Security Symposium},
year = {2002},
isbn = {1-931971-00-5},
pages = {191--206},
numpages = {16},
url = {http://dl.acm.org/citation.cfm?id=647253.720293},
acmid = {720293},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Kwon:2013:LPC:2508859.2516713,
author = {Kwon, Albert and Dhawan, Udit and Smith, Jonathan M. and Knight,Jr., Thomas F. and DeHon, Andre},
title = {Low-fat Pointers: Compact Encoding and Efficient Gate-level Implementation of Fat Pointers for Spatial Safety and Capability-based Security},
booktitle = {Proceedings of the 2013 ACM SIGSAC Conference on Computer \&\#38; Communications Security},
series = {CCS '13},
year = {2013},
isbn = {978-1-4503-2477-9},
location = {Berlin, Germany},
pages = {721--732},
numpages = {12},
url = {http://doi.acm.org/10.1145/2508859.2516713},
doi = {10.1145/2508859.2516713},
acmid = {2516713},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {capabilities, fat pointer, memory safety, processor, security, spatial confinement},
}
@inproceedings{Kuznetsov2014,
author = {Kuznetsov, Volodymyr and Szekeres, L\'{a}szl\'{o} and Payer, Mathias and Candea, George and Sekar, R. and Song, Dawn},
title = {Code-pointer Integrity},
booktitle = {Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation},
series = {OSDI'14},
year = {2014},
isbn = {978-1-931971-16-4},
location = {Broomfield, CO},
pages = {147--163},
numpages = {17},
url = {http://dl.acm.org/citation.cfm?id=2685048.2685061},
acmid = {2685061},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@article{Larus2004,
author = {Larus, James R. and Ball, Thomas and Das, Manuvir and DeLine, Robert and Fahndrich, Manuel and Pincus, Jon and Rajamani, Sriram K. and Venkatapathy, Ramanathan},
title = {Righting Software},
journal = {IEEE Softw.},
issue_date = {May 2004},
volume = {21},
number = {3},
month = may,
year = {2004},
issn = {0740-7459},
pages = {92--100},
numpages = {9},
url = {http://dx.doi.org/10.1109/MS.2004.1293079},
doi = {10.1109/MS.2004.1293079},
acmid = {1437096},
publisher = {IEEE Computer Society Press},
address = {Los Alamitos, CA, USA},
keywords = {software engineering, coding tools and techniques, formal methods, model checking},
}
@inproceedings{Li2010,
author = {Li, Jinku and Wang, Zhi and Jiang, Xuxian and Grace, Michael and Bahram, Sina},
title = {Defeating Return-oriented Rootkits with "Return-Less" Kernels},
booktitle = {Proceedings of the 5th European Conference on Computer Systems},
series = {EuroSys '10},
year = {2010},
isbn = {978-1-60558-577-2},
location = {Paris, France},
pages = {195--208},
numpages = {14},
url = {http://doi.acm.org/10.1145/1755913.1755934},
doi = {10.1145/1755913.1755934},
acmid = {1755934},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {defense, return-less kernel, return-oriented rootkits},
}
@article{Li2011,
author = {Li, Jinku and Wang, Zhi and Bletsch, Tyler and Srinivasan, Deepa and Grace, Michael and Jiang, Xuxian},
title = {Comprehensive and Efficient Protection of Kernel Control Data},
journal = {Trans. Info. For. Sec.},
issue_date = {December 2011},
volume = {6},
number = {4},
month = dec,
year = {2011},
issn = {1556-6013},
pages = {1404--1417},
numpages = {14},
url = {http://dx.doi.org/10.1109/TIFS.2011.2159712},
doi = {10.1109/TIFS.2011.2159712},
acmid = {2335748},
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
}
@Misc{LLVMCFG2016,
author="{LLVM}",
title={Control Flow Integrity},
howpublished={\url{http://clang.llvm.org/docs/ControlFlowIntegrity.html}},
year=2016,
note="Accessed April 27, 2016"
}
@inproceedings{Lu:2015:ASA:2810103.2813694,
author = {Lu, Kangjie and Song, Chengyu and Lee, Byoungyoung and Chung, Simon P. and Kim, Taesoo and Lee, Wenke},
title = {ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks},
booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '15},
year = {2015},
isbn = {978-1-4503-3832-5},
location = {Denver, Colorado, USA},
pages = {280--291},
numpages = {12},
url = {http://doi.acm.org/10.1145/2810103.2813694},
doi = {10.1145/2810103.2813694},
acmid = {2813694},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {ASLR, code reuse attack, information leak, randomization},
}
@Misc{Macintosh2016,
author="Neil Mac{I}ntosh",
title="span: bounds-safe views for sequences of objects",
year=2016,
publisher="ISO/IEC, Geneva: ISO/IEC JTC1/SC22/WG21 - The C++ Standards Committee - ISOCPP",
howpublished={\url{http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0122r1.pdf}},
note="Accessed April 20, 2016"
}
@inproceedings{Mashtizadeh2015,
author = {Mashtizadeh, Ali Jose and Bittau, Andrea and Boneh, Dan and Mazi\`{e}res, David},
title = {CCFI: Cryptographically Enforced Control Flow Integrity},
booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '15},
year = {2015},
isbn = {978-1-4503-3832-5},
location = {Denver, Colorado, USA},
pages = {941--951},
numpages = {11},
url = {http://doi.acm.org/10.1145/2810103.2813676},
doi = {10.1145/2810103.2813676},
acmid = {2813676},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {control flow integrity, return oriented programming, vulnerabilities},
}
@inproceedings{McCamant2006,
author = {McCamant, Stephen and Morrisett, Greg},
title = {Evaluating {SFI} for a {CISC} Architecture},
booktitle = {Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15},
series = {USENIX-SS'06},
year = {2006},
location = {Vancouver, B.C., Canada},
articleno = {15},
url = {http://dl.acm.org/citation.cfm?id=1267336.1267351},
acmid = {1267351},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@Misc{MicrosoftCFG2016,
author="{Microsoft Corporation}",
title={Control Flow Guard},
howpublished={\url{https://msdn.microsoft.com/en-us/library/windows/desktop/mt637065(v=vs.85).aspx}},
year=2016,
note="Accessed April 27, 2016"
}
@Misc{Mitre2015-128,
author="{Mitre Corporation}",
title="{CWE-128}: Wrap-around Error",
howpublished={\url{http://cwe.mitre.org/data/definitions/128.html}},
year=2015,
note="Accessed December 23, 2015"
}
@Misc{Mitre2015-190,
author="{Mitre Corporation}",
title="{CWE-190}: Integer Overflow or Wraparound",
howpublished={\url{http://cwe.mitre.org/data/definitions/190.html}},
year=2015,
note="Accessed December 23, 2015"
}
@Misc{Mitre2015-680,
author="{Mitre Corporation}",
title="{CWE-680}: Integer Overflow to Buffer Overflow",
howpublished={\url{http://cwe.mitre.org/data/definitions/680.html}},
year=2015,
note="Accessed December 23, 2015"
}
@inproceedings{Nagarakatte2009,
author = {Nagarakatte, Santosh and Zhao, Jianzhou and Martin, Milo M.K. and Zdancewic, Steve},
title = {SoftBound: Highly Compatible and Complete Spatial Memory Safety for {C}},
booktitle = {Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation},
series = {PLDI '09},
year = {2009},
isbn = {978-1-60558-392-1},
location = {Dublin, Ireland},
pages = {245--258},
numpages = {14},
url = {http://doi.acm.org/10.1145/1542476.1542504},
doi = {10.1145/1542476.1542504},
acmid = {1542504},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {buffer overflows, c, spatial memory safety},
}
@inproceedings{Nagarakatte:2010:CCE:1806651.1806657,
author = {Nagarakatte, Santosh and Zhao, Jianzhou and Martin, Milo M.K. and Zdancewic, Steve},
title = {CETS: Compiler Enforced Temporal Safety for C},
booktitle = {Proceedings of the 2010 International Symposium on Memory Management},
series = {ISMM '10},
year = {2010},
isbn = {978-1-4503-0054-4},
location = {Toronto, Ontario, Canada},
pages = {31--40},
numpages = {10},
url = {http://doi.acm.org/10.1145/1806651.1806657},
doi = {10.1145/1806651.1806657},
acmid = {1806657},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {c, dangling pointers, memory safety, temporal errors},
}
@inproceedings{Nethercote2007,
author = {Nethercote, Nicholas and Seward, Julian},
title = {Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation},
booktitle = {Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation},
series = {PLDI '07},
year = {2007},
isbn = {978-1-59593-633-2},
location = {San Diego, California, USA},
pages = {89--100},
numpages = {12},
url = {http://doi.acm.org/10.1145/1250734.1250746},
doi = {10.1145/1250734.1250746},
acmid = {1250746},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Memcheck, Valgrind, dynamic binary analysis, dynamic binary instrumentation, shadow values},
}
@inproceedings{NiuPLDI2014,
author = {Niu, Ben and Tan, Gang},
title = {Modular Control-flow Integrity},
booktitle = {Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation},
series = {PLDI '14},
year = {2014},
isbn = {978-1-4503-2784-8},
location = {Edinburgh, United Kingdom},
pages = {577--587},
numpages = {11},
url = {http://doi.acm.org/10.1145/2594291.2594295},
doi = {10.1145/2594291.2594295},
acmid = {2594295},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {control-flow integrity, modularity, separate compilation},
}
@inproceedings{NiuCCS2014,
author = {Niu, Ben and Tan, Gang},
title = {{RockJIT}: Securing Just-In-Time Compilation Using Modular Control-Flow Integrity},
booktitle = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '14},
year = {2014},
isbn = {978-1-4503-2957-6},
location = {Scottsdale, Arizona, USA},
pages = {1317--1328},
numpages = {12},
url = {http://doi.acm.org/10.1145/2660267.2660281},
doi = {10.1145/2660267.2660281},
acmid = {2660281},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {control-flow integrity, just-in-time compilation, modularity},
}
@inproceedings{Niu2015,
author = {Niu, Ben and Tan, Gang},
title = {Per-Input Control-Flow Integrity},
booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '15},
year = {2015},
isbn = {978-1-4503-3832-5},
location = {Denver, Colorado, USA},
pages = {914--926},
numpages = {13},
url = {http://doi.acm.org/10.1145/2810103.2813644},
doi = {10.1145/2810103.2813644},
acmid = {2813644},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {control-flow integrity, dynamic CFI},
}
@Misc{NIST2015,
author="{National Institute of Standards and Technology}",
title="{N}ational {V}ulnerability {D}atabase",
year="2015",
howpublished={\url{https://nvd.nist.gov/home.cfm}},
note="Accessed August 27, 2015"
}
@Misc{ODonell2015,
author="Carlos {O'Donell} and Martin Sebor",
title="Updated Field Experience with {Annex K} -- Bounds Checking Interfaces",
year=2015,
publisher="ISO/IEC, Geneva: ISO/IEC JTC1/SC22/WG14 - C",
howpublished={\url{http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1969.htm}},
note="Accessed December 23, 2015"
}
@inproceedings{Oiwa2009,
author = {Oiwa, Yutaka},
title = {Implementation of the Memory-safe Full {ANSI-C} Compiler},
booktitle = {Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation},
series = {PLDI '09},
year = {2009},
isbn = {978-1-60558-392-1},
location = {Dublin, Ireland},
pages = {259--269},
numpages = {11},
url = {http://doi.acm.org/10.1145/1542476.1542505},
doi = {10.1145/1542476.1542505},
acmid = {1542505},
publisher = {ACM},
address = {New York, NY, USA},
}
@Misc{OpenSSL2015,
author="Mark J. {Cox} and Stephen Henson and Ben Laurie and others",
title="{OpenSSL}",
year=2015,
howpublished={\url{http://openssl.org}}
}
@inproceedings{Pappas2012,
author = {Pappas, Vasilis and Polychronakis, Michalis and Keromytis, Angelos D.},
title = {Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization},
booktitle = {Proceedings of the 2012 IEEE Symposium on Security and Privacy},
series = {SP '12},
year = {2012},
isbn = {978-0-7695-4681-0},
pages = {601--615},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2012.41},
doi = {10.1109/SP.2012.41},
acmid = {2310681},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@article{Patil1997,
author = {Patil, Harish and Fischer, Charles},
title = {Low-cost, Concurrent Checking of Pointer and Array Accesses in {C} Programs},
journal = {Software: Practice \& Experience},
issue_date = {Jan. 1997},
volume = {27},
number = {1},
month = jan,
year = {1997},
issn = {0038-0644},
pages = {87--110},
numpages = {24},
acmid = {250910},
publisher = {John Wiley \& Sons, Inc.},
address = {New York, NY, USA},
}
@Misc{PaX2003,
author="{PaX} Team",
year=2001,
howpublished={\url{http://pax.grsecurity.net/docs/aslr.txt}}
}
@inproceedings{Petsios2015,
author = {Petsios, Theofilos and Kemerlis, Vasileios P. and Polychronakis, Michalis and Keromytis, Angelos D.},
title = {DynaGuard: Armoring Canary-based Protections Against Brute-force Attacks},
booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference},
series = {ACSAC 2015},
year = {2015},
isbn = {978-1-4503-3682-6},
location = {Los Angeles, CA, USA},
pages = {351--360},
numpages = {10},
url = {http://doi.acm.org/10.1145/2818000.2818031},
doi = {10.1145/2818000.2818031},
acmid = {2818031},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {canary re-randomization, canary-based protection},
}
@inproceedings{Pewny:2013:CRC:2523649.2523674,
author = {Pewny, Jannik and Holz, Thorsten},
title = {Control-flow Restrictor: Compiler-based CFI for iOS},
booktitle = {Proceedings of the 29th Annual Computer Security Applications Conference},
series = {ACSAC '13},
year = {2013},
isbn = {978-1-4503-2015-3},
location = {New Orleans, Louisiana, USA},
pages = {309--318},
numpages = {10},
url = {http://doi.acm.org/10.1145/2523649.2523674},
doi = {10.1145/2523649.2523674},
acmid = {2523674},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {ARM, compiler, control-flow integrity, iOS},
}
@Misc{Polyspace2016,
author="Mathworks",
title="Polyspace Code Prover: prove the absence of run-time errors in software",
year="2016",
howpublished={\url{http://www.mathworks.com/products/polyspace-code-prover/index.html}},
note="Accessed May 12, 2016"
}
@inproceedings{Prakash:2015:DRT:2818000.2818023,
author = {Prakash, Aravind and Yin, Heng},
title = {Defeating ROP Through Denial of Stack Pivot},
booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference},
series = {ACSAC 2015},
year = {2015},
isbn = {978-1-4503-3682-6},
location = {Los Angeles, CA, USA},
pages = {111--120},
numpages = {10},
url = {http://doi.acm.org/10.1145/2818000.2818023},
doi = {10.1145/2818000.2818023},
acmid = {2818023},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Qiao:2015:PAR:2818000.2818021,
author = {Qiao, Rui and Zhang, Mingwei and Sekar, R.},
title = {A Principled Approach for ROP Defense},
booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference},
series = {ACSAC 2015},
year = 2015,
isbn = {978-1-4503-3682-6},
location = {Los Angeles, CA, USA},
pages = {101--110},
numpages = 10,
url = {http://doi.acm.org/10.1145/2818000.2818021},
doi = {10.1145/2818000.2818021},
acmid = 2818021,
publisher = {ACM},
address = {New York, NY, USA},
}
@article{Ramalingam1994,
author = {Ramalingam, G.},
title = {The Undecidability of Aliasing},
journal = {ACM Trans. Program. Lang. Syst.},
issue_date = {Sept. 1994},
volume = {16},
number = {5},
month = sep,
year = {1994},
issn = {0164-0925},
pages = {1467--1471},
numpages = {5},
url = {http://doi.acm.org/10.1145/186025.186041},
doi = {10.1145/186025.186041},
acmid = {186041},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {alias analysis, pointer analysis},
}
@inproceedings{Rinard2004,
author = {Rinard, Martin and Cadar, Cristian and Dumitran, Daniel and Roy, Daniel M. and Leu, Tudor and Beebee,Jr., William S.},
title = {Enhancing Server Availability and Security Through Failure-oblivious Computing},
booktitle = {Proceedings of the 6th Conference on Symposium on Opearting Systems Design \& Implementation - Volume 6},
series = {OSDI'04},
year = {2004},
location = {San Francisco, CA},
pages = {21--21},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=1251254.1251275},
acmid = {1251275},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@Book{Ritchie1988,
author="Dennis C. {Ritchie} and Brian W. Kernighan",
title="The C Programming Language",
edition="2nd",
year=1988,
publisher="Prentice Hall",
address="Englewood Cliffs, New Jersey, USA"
}
@Misc{Rust2016,
author="{Rust-lang.org}",
title="Rust Documentation",
year="2016",
howpublished={\url{https://www.rust-lang.org/documentation.html}},
note="Accessed May 13, 2016"
}
@inproceedings{Ruwase2004,
author = {Olatunji Ruwase and Monica S. Lam},
title = {A Practical Dynamic Buffer Overflow Detector},
booktitle = {Proceedings of the 11th Annual Network and Distributed System Security Symposium},
year = {2004},
pages = {159--169},
publisher="Internet Society",
address = {Reston, VA, USA},
note={\url{http://www.internetsociety.org/doc/practical-dynamic-buffer-overflow-detector}}
}
@Inproceedings{Saeed:2016,
author = {Saeed, Ahmed and Ahmadinia, Ali and Just, Mike},
title = {Tag-Protector: An Effective and Dynamic Detection of Out-of-bound Memory Accesses},
booktitle = {Proceedings of the Third Workshop on Cryptography and Security in Computing Systems},
series = {CS2 '16},
year = {2016},
isbn = {978-1-4503-4065-6},
location = {Prague, Czech Republic},
pages = {31--36},
numpages = {6},
url = {http://doi.acm.org/10.1145/2858930.2858936},
doi = {10.1145/2858930.2858936},
acmid = {2858936},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Compile-time code instrumentation, buffer overflows, illegal memory accesses},
}
@inproceedings{Sadeghi2015,
author = {Sadeghi, Ahmad-Reza and Davi, Lucas and Larsen, Per},
title = {Securing Legacy Software Against Real-World Code-Reuse Exploits: Utopia, Alchemy, or Possible Future?},
booktitle = {Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security},
series = {ASIA CCS '15},
year = {2015},
isbn = {978-1-4503-3245-3},
location = {Singapore, Republic of Singapore},
pages = {55--61},
numpages = {7},
url = {http://doi.acm.org/10.1145/2714576.2737090},
doi = {10.1145/2714576.2737090},
acmid = {2737090},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {control-flow integrity, fine-grained randomization, software exploitation},
}
@article{Sattley1961,
author = "Kirk Sattley",
title = {Allocation of Storage for Arrays in {ALGOL} 60},
journal = {Communications of the ACM},
volume = {4},
number = {1},
month = jan,
year = {1961},
issn = {0001-0782},
pages = {60--65},
url = {http://doi.acm.org/10.1145/366062.366088},
doi = {10.1145/366062.366088},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Seibert:2014:ILW:2660267.2660309,
author = {Seibert, Jeff and Okhravi, Hamed and S\"{o}derstr\"{o}m, Eric},
title = {Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code},
booktitle = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '14},
year = {2014},
isbn = {978-1-4503-2957-6},
location = {Scottsdale, Arizona, USA},
pages = {54--65},
numpages = {12},
url = {http://doi.acm.org/10.1145/2660267.2660309},
doi = {10.1145/2660267.2660309},
acmid = {2660309},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {address space layout randomization, code diversity, information leakage, memory disclosure, side-channel attacks},
}
@inproceedings{Serebryany2012,
author = {Serebryany, Konstantin and Bruening, Derek and Potapenko, Alexander and Vyukov, Dmitry},
title = {{AddressSanitizer}: A Fast Address Sanity Checker},
booktitle = {Proceedings of the 2012 USENIX Conference on Annual Technical Conference},
series = {USENIX ATC'12},
year = {2012},
location = {Boston, MA},
pages = {28--28},
numpages = {1},
url = {http://dl.acm.org/citation.cfm?id=2342821.2342849},
acmid = {2342849},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Shacham2004,
author = {Shacham, Hovav and Page, Matthew and Pfaff, Ben and Goh, Eu-Jin and Modadugu, Nagendra and Boneh, Dan},
title = {On the Effectiveness of Address-space Randomization},
booktitle = {Proceedings of the 11th ACM Conference on Computer and Communications Security},
series = {CCS '04},
year = {2004},
isbn = {1-58113-961-6},
location = {Washington DC, USA},
pages = {298--307},
numpages = {10},
url = {http://doi.acm.org/10.1145/1030083.1030124},
doi = {10.1145/1030083.1030124},
acmid = {1030124},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {address-space randomization, automated attacks, diversity},
}
@inproceedings{Shacham:2007:GIF:1315245.1315313,
author = {Shacham, Hovav},
title = {The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86)},
booktitle = {Proceedings of the 14th ACM Conference on Computer and Communications Security},
series = {CCS '07},
year = {2007},
isbn = {978-1-59593-703-2},
location = {Alexandria, Virginia, USA},
pages = {552--561},
numpages = {10},
url = {http://doi.acm.org/10.1145/1315245.1315313},
doi = {10.1145/1315245.1315313},
acmid = {1315313},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {instruction set, return-into-libc, turing completeness},
}
@inproceedings{Schlesinger2011,
author = {Schlesinger, Cole and Pattabiraman, Karthik and Swamy, Nikhil and Walker, David and Zorn, Benjamin},
title = {Modular Protections Against Non-control Data Attacks},
booktitle = {Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium},
series = {CSF '11},
year = {2011},
isbn = {978-0-7695-4365-9},
pages = {131--145},
numpages = {15},
url = {http://dx.doi.org/10.1109/CSF.2011.16},
doi = {10.1109/CSF.2011.16},
acmid = {2056554},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@inproceedings{Shahriar2010,
author = {Shahriar, Hossain and Zulkernine, Mohammad},
title = {Classification of Static Analysis-Based Buffer Overflow Detectors},
booktitle = {Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion},
series = {SSIRI-C '10},
year = {2010},
isbn = {978-0-7695-4087-0},
pages = {94--101},
numpages = {8},
url = {http://dx.doi.org/10.1109/SSIRI-C.2010.28},
doi = {10.1109/SSIRI-C.2010.28},
acmid = {1850124},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
keywords = {Static analysis, buffer overflow, sensitivity, completeness, soundness},
}
@article{Simpson2013,
author = {Simpson, Matthew S. and Barua, Rajeev K.},
title = {MemSafe: Ensuring the Spatial and Temporal Memory Safety of {C} at Runtime},
journal = {Software: Practice \& Experience},
issue_date = {January 2013},
volume = {43},
number = {1},
month = jan,
year = {2013},
issn = {0038-0644},
pages = {93--128},
numpages = {36},
url = {http://dx.doi.org/10.1002/spe.2105},
doi = {10.1002/spe.2105},
acmid = {2422147},
publisher = {John Wiley \& Sons, Inc.},
address = {New York, NY, USA},
keywords = {memory safety, programming languages, reliability, verification},
}
@inproceedings{Snow2013,
author = {Snow, Kevin Z. and Monrose, Fabian and Davi, Lucas and Dmitrienko, Alexandra and Liebchen, Christopher and Sadeghi, Ahmad-Reza},
title = {Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization},
booktitle = {Proceedings of the 2013 IEEE Symposium on Security and Privacy},
series = {SP '13},
year = {2013},
isbn = {978-0-7695-4977-4},
pages = {574--588},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2013.45},
doi = {10.1109/SP.2013.45},
acmid = {2498135},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@article{Steffen1992,
author = {Steffen, Joseph L.},
title = {Adding Run-time Checking to the {Portable C Compiler}},
journal = {Softw. Pract. Exper.},
issue_date = {April 1992},
volume = {22},
number = {4},
month = apr,
year = {1992},
issn = {0038-0644},
pages = {305--316},
numpages = {12},
url = {http://dx.doi.org/10.1002/spe.4380220403},
doi = {10.1002/spe.4380220403},
acmid = {138718},
publisher = {John Wiley \& Sons, Inc.},
address = {New York, NY, USA},
keywords = {PCC, error checking, range checking},
}
@inproceedings{Strackx:2009:BMS:1519144.1519145,
author = {Strackx, Raoul and Younan, Yves and Philippaerts, Pieter and Piessens, Frank and Lachmund, Sven and Walter, Thomas},
title = {Breaking the Memory Secrecy Assumption},
booktitle = {Proceedings of the Second European Workshop on System Security},
series = {EUROSEC '09},
year = {2009},
isbn = {978-1-60558-472-0},
location = {Nuremburg, Germany},
pages = {1--8},
numpages = {8},
url = {http://doi.acm.org/10.1145/1519144.1519145},
doi = {10.1145/1519144.1519145},
acmid = {1519145},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {buffer overflow, buffer overread, bypass, probabilistic countermeasure, systems security},
}
@inproceedings{Szekeres:2013:SEW:2497621.2498101,
author = {Szekeres, Laszlo and Payer, Mathias and Wei, Tao and Song, Dawn},
title = {SoK: Eternal War in Memory},
booktitle = {Proceedings of the 2013 IEEE Symposium on Security and Privacy},
series = {SP '13},
year = {2013},
isbn = {978-0-7695-4977-4},
pages = {48--62},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2013.13},
doi = {10.1109/SP.2013.13},
acmid = {2498101},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@inproceedings{Tice2014,
author = {Caroline Tice and Toeder and Peter Collingbourne and Stephen Checkoway
and \'{U}lfar Erlingsson and Luis Lozano and Rob Pike},
title = {Enforcing Forward-Edge Control-flow Integrity in {GCC} \& {LLVM}},
booktitle = {Proceedings of the 23rd {USENIX} Security Symposium},
month = aug,
year = {2014},
location = {San Diego, CA, USA},
publisher = {USENIX Association},
pages = {941--955},
address = {Berkeley, CA, USA}
}
@inproceedings{Tran:2011:ERA:2186328.2186337,
author = {Tran, Minh and Etheridge, Mark and Bletsch, Tyler and Jiang, Xuxian and Freeh, Vincent and Ning, Peng},
title = {On the Expressiveness of Return-into-libc Attacks},
booktitle = {Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection},
series = {RAID'11},
year = {2011},
isbn = {978-3-642-23643-3},
location = {Menlo Park, CA},
pages = {121--141},
numpages = {21},
url = {http://dx.doi.org/10.1007/978-3-642-23644-0_7},
doi = {10.1007/978-3-642-23644-0_7},
acmid = {2186337},
publisher = {Springer-Verlag},
address = {Berlin, Heidelberg},
keywords = {return-into-libc, return-oriented programming, turingcomplete},
}
@Misc{Unicom2016,
author="Unicom Systems, Inc.",
title="PurifyPlus",
howpublished={\url{http://unicomsi.com/products/purifyplus/}},
year=2016,
note="Accessed May 6, 2016"
}
@inproceedings{vanderVeen2015,
author = {van der Veen, Victor and Andriesse, Dennis and G\"{o}kta\c{s}, Enes and Gras, Ben and Sambuc, Lionel and Slowinska, Asia and Bos, Herbert and Giuffrida, Cristiano},
title = {Practical Context-Sensitive {CFI}},
booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '15},
year = {2015},
isbn = {978-1-4503-3832-5},
location = {Denver, Colorado, USA},
pages = {927--940},
numpages = {14},
url = {http://doi.acm.org/10.1145/2810103.2813673},
doi = {10.1145/2810103.2813673},
acmid = {2813673},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {context-sensitive CFI, control-flow integrity},
}
@Misc{Valgrind2016,
author="Valgrind",
title="Valgrind",
howpublished={\url{http://valgrind.org/}},
year=2016,
note="Accessed May 6, 2016"
}
@inproceedings{Wahbe1993,
author = {Robert Wahbe and Steven Lucco and Thoma E. Anderson and Susan L. Graham},
title = {Efficient Software-based Fault Isolation},
booktitle = {Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles},
series = {SOSP '93},
year = {1993},
isbn = {0-89791-632-8},
location = {Asheville, North Carolina, USA},
pages = {203--216},
numpages = {14},
url = {http://doi.acm.org/10.1145/168619.168635},
doi = {10.1145/168619.168635},
acmid = {168635},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Wang2015,
author = {Wang, Minghua and Yin, Heng and Bhaskar, Abhishek Vasisht and Su, Purui and Feng, Dengguo},
title = {Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries},
booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference},
series = {ACSAC 2015},
year = {2015},
isbn = {978-1-4503-3682-6},
location = {Los Angeles, CA, USA},
pages = {331--340},
numpages = {10},
url = {http://doi.acm.org/10.1145/2818000.2818017},
doi = {10.1145/2818000.2818017},
acmid = {2818017},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Control Flow Integrity},
}
@inproceedings{Wang2010,
author = {Wang, Zhi and Jiang, Xuxian},
title = {HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity},
booktitle = {Proceedings of the 2010 IEEE Symposium on Security and Privacy},
series = {SP '10},
year = {2010},
isbn = {978-0-7695-4035-1},
pages = {380--395},
numpages = {16},
url = {http://dx.doi.org/10.1109/SP.2010.30},
doi = {10.1109/SP.2010.30},
acmid = {1849986},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
keywords = {Hypervisor, Rootkits, Control-Flow Integrity},
}
@inproceedings{Wartell2012,
author = {Wartell, Richard and Mohan, Vishwath and Hamlen, Kevin W. and Lin, Zhiqiang},
title = {Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code},
booktitle = {Proceedings of the 2012 ACM Conference on Computer and Communications Security},
series = {CCS '12},
year = {2012},
isbn = {978-1-4503-1651-4},
location = {Raleigh, North Carolina, USA},
pages = {157--168},
numpages = {12},
url = {http://doi.acm.org/10.1145/2382196.2382216},
doi = {10.1145/2382196.2382216},
acmid = {2382216},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {obfuscation, randomization, return-oriented programming, software security},
}
@Misc{WikipediaASLR,
author="Wikipedia",
title="{Address space layout randomization}",
howpublished={\url{https://en.wikipedia.org/wiki/Address_space_layout_randomization}},
year=2016,
note="Accessed April 25, 2016"
}
@inproceedings{Yee2009,
author = {Yee, Bennet and Sehr, David and Dardyk, Gregory and Chen, J. Bradley and Muth, Robert and Ormandy, Tavis and Okasaka, Shiki and Narula, Neha and Fullagar, Nicholas},
title = {Native Client: A Sandbox for Portable, Untrusted x86 Native Code},
booktitle = {Proceedings of the 2009 30th IEEE Symposium on Security and Privacy},
series = {SP '09},
year = {2009},
isbn = {978-0-7695-3633-0},
pages = {79--93},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2009.25},
doi = {10.1109/SP.2009.25},
acmid = {1608126},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
keywords = {Security, World Wide Web},
}
@inproceedings{Younan2010,
author = {Younan, Yves and Philippaerts, Pieter and Cavallaro, Lorenzo and Sekar, R. and Piessens, Frank and Joosen, Wouter},
title = {PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs},
booktitle = {Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security},
series = {ASIACCS '10},
year = {2010},
isbn = {978-1-60558-936-7},
location = {Beijing, China},
pages = {145--156},
numpages = {12},
url = {http://doi.acm.org/10.1145/1755688.1755707},
doi = {10.1145/1755688.1755707},
acmid = {1755707},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {bounds checking, buffer overflows},
}
@inproceedings{Zeng2011,
author = {Zeng, Bin and Tan, Gang and Morrisett, Greg},
title = {Combining Control-flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing},
booktitle = {Proceedings of the 18th ACM Conference on Computer and Communications Security},
series = {CCS '11},
year = {2011},
isbn = {978-1-4503-0948-6},
location = {Chicago, Illinois, USA},
pages = {29--40},
numpages = {12},
url = {http://doi.acm.org/10.1145/2046707.2046713},
doi = {10.1145/2046707.2046713},
acmid = {2046713},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {binary rewriting, control-flow integrity, inlined reference monitors, static analysis},
}
@inproceedings{Zeng:2013:SRF:2534766.2534798,
author = {Zeng, Bin and Tan, Gang and Erlingsson, \'{U}lfar},
title = {Strato: A Retargetable Framework for Low-level Inlined-reference Monitors},
booktitle = {Proceedings of the 22Nd USENIX Conference on Security},
series = {SEC'13},
year = {2013},
isbn = {978-1-931971-03-4},
location = {Washington, D.C.},
pages = {369--382},
numpages = {14},
url = {http://dl.acm.org/citation.cfm?id=2534766.2534798},
acmid = {2534798},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{ZhangSP2013,
author = {Zhang, Chao and Wei, Tao and Chen, Zhaofeng and Duan, Lei and Szekeres, Laszlo and McCamant, Stephen and Song, Dawn and Zou, Wei},
title = {Practical Control Flow Integrity and Randomization for Binary Executables},
booktitle = {Proceedings of the 2013 IEEE Symposium on Security and Privacy},
series = {SP '13},
year = {2013},
isbn = {978-0-7695-4977-4},
pages = {559--573},
numpages = {15},
url = {http://dx.doi.org/10.1109/SP.2013.44},
doi = {10.1109/SP.2013.44},
acmid = {2498134},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@inproceedings{ZhangSEC2013,
author = {Zhang, Mingwei and Sekar, R.},
title = {Control Flow Integrity for {COTS} Binaries},
booktitle = {Proceedings of the 22nd {USENIX} Conference on Security},
series = {SEC'13},
year = {2013},
isbn = {978-1-931971-03-4},
location = {Washington, D.C.},
pages = {337--352},
numpages = {16},
url = {http://dl.acm.org/citation.cfm?id=2534766.2534796},
acmid = {2534796},
publisher = {USENIX Association},
address = {Berkeley, CA, USA},
}
@inproceedings{Zhang2015,
author = {Zhang, Mingwei and Sekar, R.},
title = {Control Flow and Code Integrity for {COTS} Binaries: An Effective Defense Against Real-World ROP Attacks},
booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference},
series = {ACSAC 2015},
year = {2015},
isbn = {978-1-4503-3682-6},
location = {Los Angeles, CA, USA},
pages = {91--100},
numpages = {10},
url = {http://doi.acm.org/10.1145/2818000.2818016},
doi = {10.1145/2818000.2818016},
acmid = {2818016},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{Kell2017,
author = {Kell, Stephen},
title = {Some Were Meant for {C}: The Endurance of an Unmanageable Language},
booktitle = {Proceedings of the 2017 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software},
series = {{Onward!} 2017},
year = {2017},
isbn = {978-1-4503-5530-8},
location = {Vancouver, BC, Canada},
pages = {229--245},
numpages = {17},
url = {http://doi.acm.org/10.1145/3133850.3133867},
doi = {10.1145/3133850.3133867},
acmid = {3133867},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {managed languages, safety, systems programming, undefined behavior, virtual machine},
}
@TechReport{krebbers:n1637,
title = {Subtleties of the {ANSI}/{ISO} {C} standard},
author = {Robbert Krebbers and Freek Wiedijk},
year = {2012},
month = sep,
number = {N1637},
institution = {ISO/IEC JTC1/SC22/WG14},
type = {Document},
}
@misc{Heartbleed2014,
year = 2014,
month = Apr,
title = {The Heartbleed Bug},
howpublished = {\url{http://heartbleed.com}},
note = {Accessed Oct 17, 2017},
author = {{Synopsys, Inc.}}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку