|
[1] R. Langner, "Stuxnet: Dissecting a cyberwarfare weapon," Security & Privacy, IEEE, vol. 9, pp. 49-51, 2011. [2] R. Sherstobitoff and M. Itai Liba, "Dissecting Operation Troy: Cyberespionage in South Korea," ed: McAfee White Paper, 2013. [3] W. A. Arbaugh, W. L. Fithen, and J. McHugh, "Windows of vulnerability: A case study analysis," Computer, vol. 33, pp. 52-59, 2000. [4] L. F. B. P. Miller, and B. So, "An empirical study of the reliability of UNIX utilities," Communications of the ACM, vol. 33, pp. 32-44, 1990. [5] M. Sutton, A. Greene, and P. Amini, Fuzzing: brute force vulnerability discovery: Pearson Education, 2007. [6] B. Liu, L. Shi, Z. Cai, and M. Li, "Software vulnerability discovery techniques: A survey," in Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on, 2012, pp. 152-156. [7] S.-K. Huang, M.-H. Huang, P.-Y. Huang, C.-W. Lai, H.-L. Lu, and W.-M. Leong, "CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations," in Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on, 2012, pp. 78-87. [8] A. Rebert, S. K. Cha, T. Avgerinos, J. Foote, D. Warren, G. Grieco, et al., "Optimizing seed selection for fuzzing," in Proceedings of the USENIX Security Symposium, 2014, pp. 861-875. [9] The ZZUF fuzzer. Available: http://caca.zoy.org/wiki/zzuf [10] W. Dorman, "CERT Basic Fuzzing Framework," 2010. [11] Failure Observation Engine (FOE). Available: http://www.cert.org/vulnerability-analysis/tools/foe.cfm? [12] S. K. C. M. Woo, S. Gottlieb, and D. Brumley, "Scheduling black-box mutational fuzzing," in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 511-522, 2013. [13] Symantec, "Internet Security Threat Report 2014," 2014. [14] Bf3. Available: http://www.aldeid.com/wiki/Bf3 [15] M. Zalewski. (2011). crossfuzz. Available: http://lcamtuf.blogspot.tw/2011/01/announcing-crossfuzz-potential-0-day-in.html [16] R. Valotta, "Taking Browsers Fuzzing To The Next (DOM) Level," 2011. [17] W3C. Document Object Model (DOM) Technical Reports. Available: http://www.w3.org/DOM/DOMTR [18] S. D. Cook and J. S. Brown, "Bridging epistemologies: The generative dance between organizational knowledge and organizational knowing," Organization science, vol. 10, pp. 381-400, 1999. [19] A. Aphale. Introduction to browser fuzzing. Available: http://www.slideshare.net/null0x00/introduction-to-browser-fuzzing [20] Microsoft. !exploitable Crash Analyzer - MSEC Debugger Extensions. Available: https://msecdbg.codeplex.com/
|