Computer Science ›› 2018, Vol. 45 ›› Issue (5): 5-14.doi: 10.11896/j.issn.1002-137X.2018.05.002
Previous Articles Next Articles
ZHANG Jing, ZHOU An-min, LIU Liang, JIA Peng and LIU Lu-ping
[1] LAI Y P,HSIA P L.Using the vulnerability information of computer systems to improve the network security [J].Computer Communications,2007,30(9):2032-2047. [2] TAKANEN A,DEMOTT J,MILLER C.Fuzzing for software security testing and quality assurance[M].Artech House,2008. [3] ZHANG X,LI Z J.Survey of Fuzz Testing Technology [J].Computer Science,2016,43(5):1-8.(in Chinese) 张雄,李舟军.模糊测试技术研究综述[J].计算机科学,2016,43(5):1-8. [4] LIU Y,XIE J J,ZHANG C R,et al.Crash analysis for off-by-one stack based buffer overflow [J].Computer Engineering & Design,2015,36(12):3172-3182.(in Chinese) 刘渊,谢家俊,张春瑞,等.单字节栈溢出的分析[J].计算机工程与设计,2015,36(12):3178-3182. [5] NETHERCOTE N,SEWARD J.Valgrind :A Program Supervision Framework [J].Electronic Notes in Theoretical Computer Science,2003,89(2):44-66. [6] SEREBRYANY K,BRUENING D,POTAPENKO A,et al.Address Sanitizer:a fast address sanity checker[C]∥Usenix Conference on Technical Conference.Berkeley:USENIX Association,2012:28. [7] PENG J S,WANG Q X,OUYANG Y J.Exploitable Inference Based on space-time analysis of pointers [J].Application Research of Computers,2016,33(5):1504-1508.(in Chinese) 彭建山,王清贤,欧阳永基.基于指针时空分析的软件异常可利用性判定[J].计算机应用研究,2016,33(5):1504-1508. [8] MICROFOST.The History of the !exploitable Crash Analyzer[EB/OL].http://blogs.technet.com/b/srd/archive/2009/04/08/the-history-of-the-exploitable-crash-analyzer/. [9] MILLER C,CABALLERO J,BERKELEY U,et al.Crash ana-lysis with BitBlaze [J].Revista Mexicana De Sociología,2010,44(1):81-117. [11] ZHANG P,WU J,XIN W,et al.Program Crash Analysis Based on Taint Analysis[C]∥International Conference on P2P.New York:IEEE,2015:492-498. [12] KROHNHANSEN H.Program crash analysis:evaluation and application of current methods [D].Norway:University of Oslo,2012. [13] WU S Z.Review and Outlook of information security vulnerabi-lity analysis [J].Journal of Tsinghua University (Science and Technology),2009(S2):2065-2072.(in Chinese) 吴世忠.信息安全漏洞分析回顾与展望[J].清华大学学报(自然科学版),2009(S2):2065-2072. [14] LASK J,STANLEY M.Dynamic Program Analysis[M]∥Software Verification and Analysis.London:Springer.2009:368. [15] NOH M S,NA J B,JUNG G U,et al.A Study on MS Crash Ana-lyzer [J].Kips Transactions on Computer & Communication Systems,2013,2(9):399-404. [16] LI L,JUST J E,SEKAR R.Online Signature Generation forWindows Systems[C]∥Computer Security Applications Con-ference.New York:IEEE Computer Society,2009:289-298. [17] Microsoft.!exploitable Crash Analyzer.MSEC Debugger Extensions.http://msecdbg.codeplex.com. [18] SONG D.WebBlaze:New Techniques and Tools for Web Security & BitBlaze:Computer Security via Binary Analysis .http://bitblaze.cs.berkeley.edu/dragonstar/lec4.pdf. [19] CHEN K M,LIU Z T,REN C S.Design and Implement of User-Oriented Intermediate Language in Decompilation System [J].Mini-Micro System,2002,23(10):1173-1176.(in Chinese) 陈凯明,刘宗田,任传胜.逆编译中面向用户的中间语言设计和实现[J].小型微型计算机系统,2002,23(10):1173-1176. [20] SONG D,BRUMLEY D,YIN H,et al.BitBlaze:A New Approach to Computer Security via Binary Analysis [C]∥Information Systems Security,International Conference(Iciss 2008).New Zealand:DBLP,2008:1-25. [21] NEWSOME J,SONG D.Dynamic taint analysis for automaticdetection,analysis,and signature generation of exploits on commodity software [J].Chinese Journal of Engineering Mathema-tics,2005,29(5):720-724. [22] WANG X C.Branch Obfuscation with Machine Learning andOne-way Prefix-preserving Encryption Algorithm [D].Tianjin:Nankai University,2015.(in Chinese) 王晓初.结合机器学习与单向保留前缀加密算法的分支混淆方法[D].天津:南开大学,2015. [23] JACKSON D,ROLLINS E J.Chopping:A Generalization of Slicing .http://www.dtic.mil/dtic/tr/fulltext/U2/a282683.pdf. [24] HAN X,WEN Q,ZHANG Z.A mutation-based fuzz testing approach for network protocol vulnerability detection [C]∥International Conference on Computer Science and Network Techno-logy.New York:IEEE,2013:1018-1022. [25] YE Y H,WU D Y,CHEN Y.Reverse platform based on fine-grainted taint analysis [J].Computer Engineering and Applications,2012,48(28):90-96.(in Chinese) 叶永宏,武东英,陈扬.一种基于细粒度污点分析的逆向平台[J].计算机工程与应用,2012,48(28):90-96. [26] BRUMLEY D,POOSANKAM P,SONG D,et al.AutomaticPatch-Based Exploit Generation is Possible:Techniques and Implications [C]∥IEEE Symposium on Security and Privacy,2008(SP 2008).New York:IEEE,2008:143-157. [27] AVGERINOS T,SANG K C,HAO B L T,et al.AEG:Automatic Exploit Generation [J].Internet Society,2011,57(2). [28] HUANG S K,LU H L,LEONG W M,et al.CRAXweb:Automatic Web Application Testing and Attack Generation[C]∥IEEE,International Conference on Software Security and Reliability.New York:IEEE Computer Society,2013:208-217. [29] CHIPOUNOV V,KUZNETSOV V,CANDEA G.S2E:a plat-form for in-vivo multi-path analysis of software systems [C]∥International Conference on Architectural Support for Programming Languages & Operating Systems.New York:ACM,2011:265-278. [30] SPARKS S,EMBLETON S,CUNNINGHAM R,et al.Automated vulnerability analysis:Leveraging control flow for evolutiona-ry input crafting [C]∥Computer Security Applications Con-ference,2007(ACSAC 2007).New York:IEEE,2007:477-486. [31] SEN K.Concolic testing [C]∥IEEE/ACM International Conference on Automated Software Engineering.New York:ACM,2007:571-572. [32] REYNOLDS A,KUNCAK V.On Induction for SMT Solvers [M]∥Lecture Notes in Computer Science.Springer-Verlage Berlin Heidelberg,2015:80-98. [33] HUANG S K,HUANG M H,HUANG P Y,et al.Software Crash Analysis for Automatic Exploit Generation on Binary Programs [J].IEEE Transactions on Reliability,2014,63(1):270-289. [35] JEE K,KEMERLIS V P,KEROMYTIS A D,et al.ShadowReplica:efficient parallelization of dynamic data flow tracking [C]∥ACM Sigsac Conference on Computer & Communications Security.New York:ACM,2013:235-246. [36] REDDI,JANAPA V,ALEX,et al.PIN:a binary instrumenta-tion tool for computer architecture research and education [C]∥Proceedings of the Workshop on Computer Architecture Education.2004. [37] DU K,KANG F,SHU H,et al.Dynamic Binary Instrumentation Technology Overview [C]∥Proceedings of 2012 National Conference on Information Technology and Computer Sicence.2012. [39] MA X,WANG J,DONG W.Computing Must and May Alias to Detect Null Pointer Dereference [C]∥International Symposium On Leveraging Applications of Formal Methods,Verification and Validation.Berlin:Springer Berlin Heidelberg,2008:252-261. [40] BERGSTRA J A,MIDDELBURG C A.Indirect Jumps Improve Instruction Sequence Performance[J].Scientific Annals of Computer Science,2012,22(2):253-265. [41] GUPTA M K,GOVIL M C,SINGH G,et al.XSSDM:Towards detection and mitigation of cross-site scripting vulnerabilities in web applications [C]∥International Conference on Advances in Computing,Communications and Informatics.New York:IEEE,2015:2010-2015. [42] CLAUSE J,LI W C,ORSO A .Dytan:a generic dynamic taintanalysis framework [C]∥International Symposium on Software Testing and Analysis.New York:ACM,2007:196-206. [43] HUANG W.Design of Windows vulnerability exploits feasibility analysis and verification system [D].Beijing:Beijing University of Posts and Telecommunications,2011.(in Chinese) 黄文.Windows漏洞利用可行性分析与验证系统的设计[D].北京:北京邮电大学,2011. [44] VIGNA G.Static Disassembly and Code Analysis [M]∥Malware Detection.2007:19-41. [45] LI Z J,ZHANG J X,LIAO X K,et al.Software security vulne-rability detection technology [J].Journal of Computer Science,2015,38(4):717-732.(in Chinese) 李舟军,张俊贤,廖湘科,等.软件安全漏洞检测技术[J].计算机学报,2015,38(4):717-732. |
No related articles found! |
|