최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기情報保護學會論文誌 = Journal of the Korea Institute of Information Security and Cryptology, v.31 no.4, 2021년, pp.687 - 699
유동민 (한양대학교 컴퓨터공학과 바이오인공지능융합전공) , 김문회 (한양대학교 컴퓨터공학과) , 오희국 (한양대학교 컴퓨터공학과)
When a vulnerability occurs in a program, it is documented and published through CVE. However, some vulnerabilities do not disclose the details of the vulnerability and in many cases the source code is not published. In the absence of such information, in order to find a vulnerability, you must find...
Common Weakness Enumeration, "CWE Ranking" https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html. 2021-04-30.
K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov, "Addresssanitizer: A fast address sanity checker." in USENIX Annual Technical Conference, pp.309-318, 2012.
S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic, "Softbound: Highly compatible and complete spatial memory safety for c," ACM Sigplan Notices, vol. 44, no. 6, pp. 245-258, 2009.
N. Nethercote and J. Seward, "Valgrind: a framework for heavyweight dynamic binary instrumentation," in ACM Sigplan notices, vol. 42, no. 6. ACM, pp.89-100, 2007.
S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic, "Cets: compiler enforced temporal safety for c," in ACM Sigplan Notices, vol. 45, no. 8. ACM, pp.31-40, 2010.
cwe_checker github repo, "cwe checker" https://github.com/fkie-cad/cwe_checker, 2021-07-19.
American fuzzy lop, "American fuzzylop" http://lcamtuf.coredump.cx/afl/.", 2021-04-30.
C. Lemieux, R. Padhye, K. Sen, and D. Song, "Perffuzz: automatically generating pathological inputs," in Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM, pp. 254-265, 2018.
C. Lemieux and K. Sen, "Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage," in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. ACM, pp. 475-485, 2018.
M. Bohme, V.-T. Pham, M.-D. Nguyen, and A. Roychoudhury, "Directed greybox fuzzing," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp. 2329-2344, 2017.
M. Bohme, V.-T. Pham, and A. Roychoudhury, "Coverage-based greybox fuzzing as markov chain," in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp. 1032-1043, 2016.
bap-toolkit github repo, "BAP Toolkit" https://github.com/BinaryAnalysisPlatform/bap-toolkit-manager, 2021-04-30
BRUMLEY, David, et al, "BAP: A binary analysis platform," International Conference on Computer Aided Verification. Springer, Berlin, Heidelberg, p. 463-469, 2011.
Binary Analysis Platform github repo, "Binary Analysis Platform" https://github.com/BinaryAnalysisPlatform/bap, 2021-04-30.
Address Sanitizer Comparison Of Memory Tools, "sanitizers" https://github.com/google/sanitizers/wiki/AddressSanitizerComparisonOfMemoryTools, 2021-04-30.
A. Filieri, C. S. Pasareanu, and W. Visser, "Reliability analysis in symbolic pathfinder," in 2013 35th International Conference on Software Engineering. IEEE, pp.622-631, 2013.
S. Person, G. Yang, N. Rungta, and S. Khurshid, "Directed incremental symbolic execution," in Acm Sigplan Notices, vol. 46, no. 6. ACM, pp. 504-515, 2011.
J. H. Siddiqui and S. Khurshid, "Staged symbolic execution," in Proceedings of the 27th Annual ACM Symposium on Applied Computing. ACM, pp. 1339-1346, 2012.
Y. Li, Z. Su, L. Wang, and X. Li, "Steering symbolic execution to less traveled paths," in ACM SigPlan Notices, vol. 48, no. 10. ACM, pp. 19-32, 2013.
T. Xie, N. Tillmann, J. de Halleux, and W. Schulte, "Fitness-guided path exploration in dynamic symbolic execution," in IEEE/IFIP International Conference on Dependable Systems & Networks. Citeseer, pp. 359-368, 2009.
B. C. Parrino, J. P. Galeotti, D. Garbervetsky, and M. F. Frias, "Tacoflow: optimizing sat program verification using dataflow analysis," Software & Systems Modeling, vol. 14, no. 1, pp. 45-63, 2015.
C. Cadar, D. Dunbar, D. R. Engler et al., "Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs." in USENIX Symposium on Operating Systems Design and Implementation, vol. 8, pp. 209-224, 2008.
W. Visser, C. S. Pasareanu, and S. Khurshid, "Test input generation with java pathfinder," ACM SIGSOFT Software Engineering Notes, vol. 29, no. 4, pp. 97-107, 2004.
S. Anand, C. S. Pasareanu, and W. Visser, "Jpf-se: A symbolic execution extension to java pathfinder," in International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, pp. 134-138, 2007.
WANG, Haijun, et al, "Locating vulnerabilities in binaries via memory layout recovering," Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 718-728, 2019.
G. Balakrishnan and T. Reps, "Analyzing memory accesses in x86 executables," in International conference on compiler construction. Springer, pp. 5-23, 2004.
J. Lee, T. Avgerinos, and D. Brumley, "Tie: Principled reverse engineering of types in binary programs," 2011.
Z. Lin, X. Zhang, and D. Xu, "Automatic reverse engineering of data structures from binary execution," in Proceedings of the 11th Annual Information Security Symposium, pp. 1-1, 2010.
Slowinska, Asia, Traian Stancescu, and Herbert Bos, "Howard: A Dynamic Excavator for Reverse Engineering Data Structures," NDSS, 2011.
"Body armor for binaries: Preventing buffer overflows without recompilation." in USENIX Annual Technical Conference, pp. 125-137, 2012.
NIST, "Juliet Test Suite" https://samate.nist.gov/SARD/testsuite.php, 2021-04-30
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
Free Access. 출판사/학술단체 등이 허락한 무료 공개 사이트를 통해 자유로운 이용이 가능한 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.