|
[1] J. Koziol, D. Litchfield and D. A. and, The Shellcoder's Handbook : Discovering and Exploiting Security Holes. John Wiley Sons, 2004. [2] SecurityTracker, "Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code," feb. 2004. [3] SecurityTracker, "PHP emalloc() Integer Overflow May Let Remote Users Execute Arbitrary Code," apr. 2004. [4] D. Beyer, A. J. Chlipala, T. A. Henzinger, R. Jhala and R. Majumdar, "The blast query language for software verification," in SAS, 2004, pp. 2-18. [5] B. S. Gulavani, T. A. Henzinger, Y. Kannan, A. V. Nori and S. K. Rajamani, "SYNERGY: A new algorithm for property checking," in SIGSOFT '06/FSE-14: Proceedings of the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2006, pp. 117-127. [6] P. Godefroid, N. Klarlund and K. Sen, "DART: Directed automated random testing," in PLDI '05: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2005, pp. 213-223. [7] J. C. King, "Symbolic execution and program testing," Commun ACM, vol. 19, pp. 385-394, 1976. [8] K. Sen, D. Marinov and G. Agha, "CUTE: A concolic unit testing engine for C," in ESEC/FSE-13: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2005, pp. 263-272. [9] lp_solve. web page: http://tech.groups.yahoo.com/group/lp_solve/. [10] C. Barrett and S. Berezin, "CVC lite: A new implementation of the cooperating validity checker," in Proceedings of the 16Th International Conference on Computer Aided Verification (CAV '04); Lecture Notes in Computer Science, 2004, pp. 515-518. [11] V. Ganesh and D. L. Dill, "A decision procedure for bit-vectors and arrays," in Computer Aided Verification (CAV '07), 2007, [12] D. Brumley, T. Chiueh and R. J. and, "Efficient and accurate detection of integer-based attacks," in Proceedings of the Annual Network and, 2007, [13] G. C. Necula, S. McPeak, S. P. Rahul and W. Weimer, "CIL: Intermediate language and tools for analysis and transformation of C programs," in CC '02: Proceedings of the 11th International Conference on Compiler Construction, 2002, pp. 213-228. [14] D. Molnar and D. Wagner, "Catchconv: Symbolic execution and run-time type inference for integer conversion errors," feb 2007. [15] N. Nethercote and J. Seward, "Valgrind: A framework for heavyweight dynamic binary instrumentation," in PLDI '07: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2007, pp. 89-100. [16] O. Horovitz, "Big loop integer protection," Phrack, dec. 2002. [17] S. Ranise and C. Tinelli, "The Satisfiability Modulo Theories Library (SMT-LIB)," 2006. [18] B. Dutertre and L. d. Moura, "A fast linear-arithmetic solver for DPLL(T)," in Proceedings of the 18th Computer-Aided Verification Conference; LNCS, 2006, pp. 81-94. [19] R. E. Bryant, S. K. Lahiri and S. A. Seshia, "Modeling and verifying systems using a logic of counter arithmetic with lambda expressions and uninterpreted functions," in Computer Aided Verification; Lecture Notes in Computer Science, 2002, pp. 78-92. [20] T. Ball and S. K. Rajamani, "Automatically validating temporal safety properties of interfaces," in SPIN '01: Proceedings of the 8th International SPIN Workshop on Model Checking of Software, 2001, pp. 103-122. [21] M. Vuagnoux, "AUTODAFE an Act of Software Torture," 2005. [22] P. Godefroid, M. Levin and D. Molnar, "Automated Whitebox Fuzz Testing," 2007. [23] D. Wagner, J. S. Foster, E. A. Brewer and A. Aiken, "A first step towards automated detection of buffer overrun vulnerabilities," in NDSS, 2000, [24] C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill and D. R. Engler, "EXE: Automatically generating inputs of death." in ACM Conference on Computer and Communications Security, 2006, pp. 322-335
|