|
1. Lhee KS, Chapin SJ. Buffer overflow and format string overflow vulnerabilities. Software–Practice and Experience, 2003; 33 (5): 423-460. 2. Common Vulnerabilities and Exposures. Search Results for format. http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string, January 28, 2008. [28 January 2008] 3. Christey S, Martin RA. Vulnerability Type Distributions in CVE. http://cwe.mitre.org/documents/vuln-trends/index.html, May 22, 2007. [3 Mar 2008] 4. Shankar U, Talwar K, Foster JS, Wagner D. Detecting Format String Vulnerabilities with Type Qualifiers. Proceedings of the 10th conference on USENIX Security Symposium, 2001; 201–218. 5. Chen K, Wagner D. Large-Scale Analysis of Format String Vulnerabilities in Debian Linux. Proceedings of the 2007 workshop on Programming Languages and Analysis for Security, 2007; 75-84. 6. Newsome J, Song D. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005. 7. Cheng W, Zhao Q, Yu B, Hiroshige S. TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting. Proceedings of 11th IEEE Symposium on Computers and Communications, 2006; 749-754. 8. Xu W, Bhatkar S, Sekar R. Taint-enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. Proceedings of the 15th conference on USENIX Security Symposium, 2006; 121–136. 9. Cowan C, Barringer M, Beattie S, Kroah-Hartman G, Frantzen M, Lokier J. FormatGuard: Automatic Protection from printf Format String Vulnerabilities. Proceedings of the 10th conference on USENIX Security Symposium, 2001. 10. Baratloo A, Tsai T, Singh N. Libsafe: Protecting Critical Elements of Stacks. December, 1999. 11. You JH, Seo SC, Kim YD, Choi JY, Lee SJ, Kim BK. Kimchi: A Binary Rewriting Defense against Format String Attacks. The 6th International Workshop on Information Security Applications, Jeju Island, Korea, August 22-24, 2005; 179-193. 12. DeKok A. PScan: A Limited Problem Scanner for C Source Files. 2000. 13. Rao DTVR. Detection of Bugs by Compiler Optimizer Using Macro Expansion of Functions. Proceedings of the 5th ACIS International Conference on Software Engineering Research, Management & Applications (SERA 2007), 2007; 855-862. 14. Robbins TJ. Libformat–Protection against Format String Attacks. 2001. 15. Ringenburg MF, Grossman D. Preventing Format-String Attacks via Automatic and Efficient Dynamic Checking. Proceedings of the 12th ACM conference on Computer and Communications Security, 2005; 354-363. 16. Lin Z, Xia N, Li G, Mao B, Xie L. Transparent Run-Time Prevention of Format-String Attacks Via Dynamic Taint and Flexible Validation. Proceedings of the 9th International Conference, Samos Island, Greece, 2006. (Lecture Notes in Computer Science, vol. 4176), 2006; 17-31. 17. Chen S, Xu J, Sezer EC, Gauriar P, Iyer RK. Non-control-data attacks are realistic threats. Proceedings of the 14th conference on USENIX Security Symposium, 2005; 177–192. 18. Tsai T, Singh N. Libsafe 2.0: Detection of Format String Vulnerability Exploits. White Paper, Avaya Labs, February, 2001. 19. Ganapathy V, Seshia SA, Jha S, Reps TW, Bryant RE. Automatic Discovery of API-Level Exploits. Proceedings of the 27th International Conference on Software Engineering, 2005; 312-321. 20. Li W, Chiueh T. Automated Format String Attack Prevention for Win32/X86 Binaries. Proceedings of the 23th Computer Security Applications Conference(ACSAC’07), 2007; 398-409. 21. Eager M, Eager Consulting. Introduction to the DWARF Debugging Format. February, 2007. 22. SecuriTeam. Multiple vulnerabilities in splitvt (Exploit Code). http://www.securiteam.com/unixfocus/5GP0J2A35C.html, 15 Jan. 2001. [3 Mar 2008] 23. SecuriTeam. PFinger Format String Vulnerability. http://www.securiteam.com/unixfocus/6K00N1P3FQ.html, 27 Dec. 2001. [3 Mar 2008] 24. SecuriTeam. tcpflow Format String Vulnerability. http://www.securiteam.com/unixfocus/5FP0H00AUO.html, 10 Aug. 2003. [3 Mar 2008] 25. Ye J. A proposal to align GCC stack – update. http://gcc.gnu.org/ml/gcc/2007-12/msg00567.html, 19 Dec 2007. [3 Mar 2008] 26. Shon H, Allen H, Chris E, Jonathan N, Michael L. Gray Hat Hacking; 382-384
|