|
[1] N. Tuck, B. Calder and G. Varghese, "Hardware and binary modification support for code pointer protection from buffer overflow," in Proceedings of the International Symposium on Microarchitecture, pp. 209-220, 2004. [2] CERT, CERT/CC advisories, http://www.cert.org/advisories/, January 2004. [3] US-CERT, Technical cyber security alerts, http://www.us-cert.gov/cas/techalerts/, June 2009 [4] D. Evans and D. Larochelle, "Improving security using extensible lightweight static analysis," IEEE Software, pp. 42-51, 2002. [5] M. Zitser, R. Lippmann and T. Leek, "Testing static analysis tools using exploitable buffer overflows from open source code," ACM SIGSOFT Software Engineering Notes, vol. 29, pp. 97-106, 2004. [6] N. Nethercote and J. Seward, "Valgrind: A framework for heavyweight dynamic binary instrumentation," in Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 89-100, 2007. [7] O. Ruwase and M. S. Lam, "A practical dynamic buffer overflow detector," in Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004, [8] P. Godefroid, N. Klarlund and K. Sen, "DART: Directed automated r andom testing," in Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2005. [9] K. Sen, D. Marinov and G. Agha, "CUTE: A concolic unit testing engine for C," in Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 263-272, 2005. [10] C. Cadar and D. Engler, "Execution generated test cases: How to make systems code crash itself," in Proceedings of the 12th International SPIN Workshop on Model Checking of Software (SPIN’05), 2005, [11] C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill and D. Engler, "EXE: Automatically generating inputs of death," in CCS ’06: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 322-335, 2006. [12] P. McMinn, "Search-based software test data generation: a survey," Software Testing, Verification & Reliability, vol. 14, pp. 105-156, 2004. [13] B. Korel, "Dynamic Method of Software Test Data Generation," Software Testing, Verification & Reliability, vol. 2, pp. 203-213, 1992. [14] B. Korel, "Automated software test data generation," IEEE Transactions on Software Engineering, vol. 16, pp. 870-879, 1990. [15] N. Tracey, J. Clark, K. Mander and J. McDermid, "An automated framework for structural test-data generation," in Proceedings of the 13th IEEE international conference on Automated software engineering, pp. 285-288, 1998. [16] N. Tracey, J. Clark and K. Mander, "The way forward for unifying dynamic test-case generation: The optimisation-based approach," in International Workshop on Dependable Computing and its Applications (DCIA), 1998, pp. 169-180. [17] S. Xanthakis, C. Ellis, C. Skourlas, A. Le Gall, S. Katsikas and K. Karapoulios, "Application of genetic algorithms to software testing (application des algorithmes genetiques au test des logiciels)," in 5th International Conference on Software Engineering and its Applications, pp. 625-636, 1992. [18] P. McMinn and M. Harman, "A theoretical & empirical analysis of evolutionary testing and hill climbing for structural test data generation," in Proceedings of the International Symposium on Software Testing and Analysis (ISSTA 2007), pp. 9-12, 2007. [19] R. Ferguson and B. Korel, "The chaining approach for software test data generation," ACM Transactions on Software Engineering and Methodology (TOSEM), vol. 5, pp. 63-86, 1996. [20] P. McMinn and M. Holcombe, "Hybridizing evolutionary testing with the chaining approach," in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2004), 2004, [21] P. McMinn and M. Holcombe, "Evolutionary testing using an extended chaining approach," Evolutionary Computation, vol. 14, pp. 41-64, 2006. [22] N. Tracey, J. Clark, J. McDermid and K. Mander, "Integrating safety analysis with automatic test-data generation for software safety verification," in Proceedings of the 17th International Conference on System Safety, pp. 128–137, 1999. [23] N. Tracey, J. Clark, K. Mander and J. McDermid, "Automated test-data generation for exception conditions," SOFTWARE—PRACTICE AND EXPERIENCE, pp. 61-79, 2000. [24] C. Del Grosso, G. Antoniol, M. Di Penta, P. Galinier and E. Merlo, "Improving network applications security: A new heuristic to generate stress testing data," in Proceedings of the 2005 Conference on Genetic and Evolutionary Computation, pp. 1037-1043, 2005. [25] C. Del Grosso, G. Antoniol, E. Merlo and P. Galinier, "Detecting buffer overflow via automatic test input data generation," Computers and Operations Research, vol. 35, pp. 3125-3143, 2008. [26] G. C. Necula, S. McPeak, S. P. Rahul and W. Weimer, "CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs," LECTURE NOTES IN COMPUTER SCIENCE, pp. 213-228, 2002. [27] Boost, "Boost Graph Library," http://www.boost.org/doc/libs/release/libs/graph/ [28] M. Wall, "GAlib: A C++ library of genetic algorithm components," Mechanical Engineering Department, Massachusetts Institute of Technology, 1996. [29] C. Tsai and S. Huang, "Detection and diagnosis of control interception," in 9th International Conference on Information and Communications Security (ICICS), 2007, [30] T. Xie, N. Tillmann, P. de Halleux and W. Schulte, "Fitness-guided path exploration in dynamic symbolic execution," Technical Report MSR-TR-2008-123, Microsoft Research, 2008. [31] K. Inkumsah and T. Xie, "Evacon: A framework for integrating evolutionary and concolic testing for object-oriented programs," in Proceedings of the Twenty-Second IEEE/ACM International Conference on Automated Software Engineering, pp. 425-428, 2007.
|