|
Journal of Computer Science and Technology ›› 2019, Vol. 34 ›› Issue (5): 972-992.doi: 10.1007/s11390-019-1955-3
Special Issue: Software Systems
• Special Section on Software Systems 2019 • Previous Articles Next Articles
Ling-Yun Situ1,2, Student Member, CCF, Lin-Zhang Wang1,2,*, Distinguished Member, CCF, Yang Liu3, Member, ACM, IEEE, Bing Mao1,2, Xuan-Dong Li1,2, Fellow, CCF
[1] Piromsopa K, Enbody R J. Survey of protections from buffer-overflow attacks. Engineering Journal, 2011, 15(2):31-52. [2] Sipser M. Introduction to the Theory of Computation (2nd edition). Course Technology, 2006. [3] Gao F, Wang L, Li X. BovInspector:Automatic inspection and repair of buffer overflow vulnerabilities. In Proc. the 31st Int. Conference on Automated Software Engineering, September 2016, pp.786-791. [4] Chen G, Jin H, Zou D, Zhou B, Liang Z, Zheng W, Shi X. SafeStack:Automatically patching stack-based buffer overflow vulnerabilities. IEEE Trans. Dependable and Secure Computing, 2013, 10(6):368-379. [5] Wang T, Wei T, Lin Z, Zou W. IntScope:Automatically detecting integer overflow vulnerability in X86 binary using symbolic execution. In Proc. the 16th Network and Distributed System Security Symposium, February 2009, Article No. 17. [6] Dietz W, Li P, Regehr J, Adve V. Understanding integer overflow in C/C++. ACM Trans. Software Engineering and Methodology, 2015, 25(1):Article No. 2. [7] Lee B, Song C, Jang Y et al. Preventing use-after-free with Dangling pointers nullification. In Proc. the 22th Annual Network and Distributed System Security Symposium, February 2015, Article No. 21. [8] Yan H, Sui Y, Chen S, Xue J. Spatio-temporal context reduction:A pointer-analysis-based static approach for detecting use-after-free vulnerabilities. In Proc. the 40th Int. Software Conference on Engineering, May 2018, pp.327-337. [9] Li M, Chen Y, Wang L, Xu G. Dynamically validating static memory leak warnings. In Proc. the 22nd Int. Symposium on Software Testing and Analysis, July 2013, pp.112-122. [10] Sui Y, Ye D, Xue J. Detecting memory leaks statically with full-sparse value-flow analysis. IEEE Trans. Software Engineering, 2014, 40(2):107-122. [11] Szekeres L, Payer M, Wei T, Dawn S. SoK:Eternal war in memory. In Proc. the 34th Int. IEEE Symposium on Security and Privacy, May 2013, pp.48-62. [12] Das A, Lal A. Precise null pointer analysis through global value numbering. In Proc. the 15th Int. Symposium on Automated Technology for Verification and Analysis, October 2017, pp.25-41. [13] Akritidis P, Costa M, Castro M, Hand S. Baggy bounds checking:An efficient and backwards-compatible defense against out-of-bounds errors. In Proc. the 18th USENIX Security Symposium, August 2009, pp.51-66. [14] Kim D, Nam J, Song J et al. Automatic patch generation learned from human-written patches. In Proc. the 35th Int. Conference on Software Engineering, May 2013, pp.802-811. [15] Li P, Cui B. A comparative study on software vulnerability static analysis techniques and tools. In Proc. the 2010 International Conference on Information Theory and Information Security, Dec. 2010, pp.521-524. [16] Wagner D A, Foster J S, Brewer E A, Aiken A. A first step towards automated detection of buffer overrun vulnerabilities. In Proc. the 7th Network and Distributed System Security Symposium, February 2000, Article No. 1. [17] Situ L, Zou L, Wang L, Liu Y, Mao B, Li X. Detecting missing checks for identifying insufficient attack protections. In Proc. the 40th Int. Conference on Software Engineering, May 2018, pp.238-239. [18] Ming J, Wu D, Xiao G, Wang J, Liu P. TaintPipe:Pipelined symbolic taint analysis. In Proc. the 24th USENIX Security Symposium, August 2015, pp.65-80. [19] Cadar C, Sen K. Symbolic execution for software testing:Three decades later. Commun. ACM, 2013, 56(2):82-90. [20] Li Y, Su Z, Wang L, Li X. Steering symbolic execution to less traveled paths. In Proc. the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, October 2013, pp.19-32. [21] Majumdar R, Sen K. Hybrid concolic testing. In Proc. the 29th Int. Conference on Software Engineering, May 2007, pp.416-426. [22] Seo H, Kim S. How we get there:A context-guided search strategy in concolic testing. In Proc. the 22nd Int. Symposium on Foundations of Software Engineering, November 2014, pp.413-424. [23] Bérard B, Bidoit M, Finkel A, Laroussinie F, Petit A, Petrucci L, Schnoebelen P, McKenzie P. Systems and Software Verification:Model-Checking Techniques and Tools. Springer, 2001. [24] Situ L, Zhao L. CSP bounded model checking of preprocessed CTL extended with events using answer set programming. In Proc. the 2015 Asia-Pacific Software Engineering Conference, December 2015, pp.16-23. [25] Sutton M, Greene A, Amini P. Fuzzing:Brute Force Vulnerability Discovery (1st edition). Addison-Wesley Professional, 2007. [26] Stephens N, Grosen J, Salls C et al. Driller:Augmenting fuzzing through selective symbolic execution. In Proc. the 23rd Annual Network and Distributed System Security Symposium, February 2016, Article No. 28. [27] Yamaguchi F, Wressnegger C, Gascon H et al. Chucky:Exposing missing checks in source code for vulnerability discovery. In Proc. the 2013 ACM SIGSAC Conference on Computer & Communications Security, November 2013, pp.499-510. [28] Son S, McKinley K S, Shmatikov V. RoleCast:Finding missing security checks when you do not know what checks are. In Proc. the 26th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, October 2011, pp.1069-1084. [29] Lattner C. LLVM and Clang:Next generation compiler technology. https://clvm.org, July 2019. [30] Ryder B G. Constructing the call graph of a program. IEEE Trans. Software Engineering, 1979, 5(3):216-226. [31] Stanier J, Watson D. Intermediate representations in imperative compilers:A survey. ACM Computing Surveys, 2013, 45(3):Article No. 26. [32] Pendleton M, Garcia-Lebron R, Cho J H, Xu S. A survey on systems security metrics. ACM Computing Surveys, 2017, 49(4):Article No. 62. [33] Gao F, Chen T, Wang Y, Situ L, Wang L, Li X. Carraybound:Static array bounds checking in C programs based on taint analysis. In Proc. the 8th Int. Asia-Pacific Symposium on Internetware, September 2016, pp.81-90. [34] Ceara D, Potet M L, Ensimag G I, Mounier, L. Detecting software vulnerabilities-static taint analysis. https://docplayer.net/18105375-Detecting-software-vulnerabilities-static-taint-analysis.html, July 2019. [35] Lalande J F, Heydemann K, Berthomé P. Software countermeasures for control flow integrity of smart card C codes. In Proc. the 19th European Symposium on Research in Computer Security, Sept. 2014, pp.200-2018. [36] Kang M G, McCamant S, Poosankam P, Dawn S. DTA++:Dynamic taint analysis with targeted control-flow propagation. In Proc. the 18th Network and Distributed System Security Symposium, February 2011, Article No. 15. [37] Li L, Bartel A, Klein J, Traon Y L, Arzt S, Rasthofer S, Bodden E, Octeau D, Mcdaniel P. I know what leaked in your pocket:Uncovering privacy leaks on Android Apps with static taint analysis. arXiv:1404.7431, 2014. https://arxiv.org/pdf/1404.7431.pdf, June 2019. [38] Schwartz E J, Avgerinos T, Brumley D. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proc. the 31st IEEE Symposium on Security and Privacy, May 2010, pp.317-331. [39] Clause J, Li W, Orso A. Dytan:A generic dynamic taint analysis framework. In Proc. the 16th ACM/SIGSOFT Int. Symposium on Software Testing and Analysis, July 2007, pp.196-206. [40] Jovanovic N, Krüegel C, Kirda E. Pixy:A static analysis tool for detecting Web application vulnerabilities (Short Paper). In Proc. the 27th IEEE Symposium on Security and Privacy, May 2006, pp.258-263. [41] Chang R, Jiang G, Ivancic F, Sankaranarayanan S, Shmatikov V. Inputs of coma:Static detection of denial-ofservice vulnerabilities. In Proc. the 22nd IEEE Computer Security Foundations Symposium, July 2009, pp.186-199. [42] Kremenek T, Engler D. Z-Ranking:Using statistical analysis to counter the impact of static analysis approximations. In Proc. the 10th Int. Symposium on Static Analysis, June 2003, pp.295-315. [43] Kim S, Ernst M D. Prioritizing warning categories by analyzing software history. In Proc. the 4th Workshop on Mining Software Repositories, May 2007, pp.27-31. [44] Ha J, Rossbach C J, Davis J V, Roy I, Ramadan H E, Porter D E, Chen D L, Witchel E. Improved error reporting for software that uses black-box components. In Proc. the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2007, pp.101-111. [45] Situ L, Wang L, Liu Y, Mao B, Li X. Vanguard:Detecting missing checks for prognosing potential vulnerabilities. In Proc. the 10th Asia-Pacific Symposium on Internetware, September 2018, Article No. 5. [46] Goues L C, Nguyen T V, Forrest S et al. GenProg:A generic method for automatic software repair. IEEE Trans. Software Engineering, May 2011, 38(1):54-72. [47] Qi Y, Mao X, Lei Y, Dai Z, Wang C. The strength of random search on automated program repair. In Proc. the 36th Int. Conference on Software Engineering, May 2014, pp.254-265. [48] Xiong Y, Wang J, Yan R, Zhang J, Han S, Huang G, Zhang L. Precise condition synthesis for program repair. In Proc. the 39th Int. Conference on Software Engineering, May 2017, pp.416-426. [49] Tan S H, Roychoudhury A. Relifix:Automated repair of software regressions. In Proc. the 37th IEEE/ACM International Conference on Software Engineering, May 2015, pp.471-482. [50] Nguyen H D T, Qi D, Roychoudhury A, Chandra S. SemFix:Program repair via semantic analysis. In Proc. the 35th Int. Conference on Software Engineering, May 2013, pp.772-781. [51] Mechtaev S, Yi J, Roychoudhury A. Angelix:Scalable multiline program patch synthesis via symbolic analysis. In Proc. the 38th Int. Conference on Software Engineering, May 2016, pp.691-701. [52] Le X B D, Chu D H, Lo D, Le G C, Visser W. JFIX:Semantics-based repair of Java programs via symbolic PathFinder. In Proc. the 26th ACM SIGSOFT Int. Symposium on Software Testing and Analysis, July 2017, pp.376-379. [53] Gupta R, Pal S, Kanade A, Shevade S. DeepFix:Fixing common C language errors by deep learning. In Proc. the 31st AAAI Conference on Artificial Intelligence, February 2017, pp.1345-1351. [54] Wang C, Jiang Y, Zhao X, Song X, Gu M. Weak-Assert:A weakness-oriented assertion recommendation toolkit for program analysis. In Proc. the 40th Int. Conference on Software Engineering, May 2018, pp.69-72. |
[1] | Gen Zhang, Peng-Fei Wang, Tai Yue, Xu Zhou, Kai Lu. MEBS: Uncovering Memory Life-Cycle Bugs in Operating System Kernels [J]. Journal of Computer Science and Technology, 2021, 36(6): 1248-1268. |
[2] | Ling-Yun Situ, Zhi-Qiang Zuo, Le Guan, Lin-Zhang Wang, Xuan-Dong Li, Jin Shi, Peng Liu. Vulnerable Region-Aware Greybox Fuzzing [J]. Journal of Computer Science and Technology, 2021, 36(5): 1212-1228. |
[3] | Jung-Been Lee, Taek Lee, Hoh Peter In. Topic Modeling Based Warning Prioritization from Change Sets of Software Repository [J]. Journal of Computer Science and Technology, 2020, 35(6): 1461-1479. |
[4] | Feng-Juan Gao, Yu Wang, Lin-Zhang Wang, Zijiang Yang, Xuan-Dong Li. Automatic Buffer Overflow Warning Validation [J]. Journal of Computer Science and Technology, 2020, 35(6): 1406-1427. |
[5] | Gökçer Peynirci, Mete Eminaǧaoǧlu, Korhan Karabulut. Feature Selection for Malware Detection on the Android Platform Based on Differences of IDF Values [J]. Journal of Computer Science and Technology, 2020, 35(4): 946-962. |
[6] | Ming-Zhe Zhang, Yun-Zhan Gong, Ya-Wen Wang, Da-Hai Jin. Unit Test Data Generation for C Using Rule-Directed Symbolic Execution [J]. Journal of Computer Science and Technology, 2019, 34(3): 670-689. |
[7] | Ji Wang, Senior Member, CCF, Xiao-Dong Ma, Wei Dong, Hou-Feng Xu, and Wan-Wei Liu, Member, CCF. Demand-Driven Memory Leak Detection Based on Flow- and Context-Sensitive Pointer Analysis [J]. , 2009, 24(2): 347-356. |
[8] | ZHANG WenHui . Combining Static Analysis and Case-Based Search Space Partitioning for Reducing Peak Memory in Model Checking [J]. , 2003, 18(6): 0-0. |
[9] | LIAO Husheng;. An Action Analysis for Combining Partial Evaluation [J]. , 2000, 15(2): 196-201. |
[10] | Qu Yuzhong; Wang Zhijian; Xu Jiafu;. Denotational Semantics of a Simple Model of Eiffel [J]. , 1995, 10(3): 214-226. |
|
|