乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,7,8]],"date-time":"2024-07-08T21:22:13Z","timestamp":1720473733482},"reference-count":39,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2016,12,1]],"date-time":"2016-12-01T00:00:00Z","timestamp":1480550400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information and Software Technology"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1016\/j.infsof.2016.09.004","type":"journal-article","created":{"date-parts":[[2016,9,14]],"date-time":"2016-09-14T19:49:29Z","timestamp":1473882569000},"page":"231-244","update-policy":"http:\/\/dx.doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":3,"special_numbering":"C","title":["Towards designing an extendable vulnerability detection method for executable codes"],"prefix":"10.1016","volume":"80","author":[{"given":"Maryam","family":"Mouzarani","sequence":"first","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0002-1146-3153","authenticated-orcid":false,"given":"Babak","family":"Sadeghiyan","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.infsof.2016.09.004_bib0001","series-title":"Proceedings of the 27th IEEE\/ACM International Conference on Automated Software Engineering","first-page":"100","article-title":"Supporting automated vulnerability analysis using formalized vulnerability signatures","author":"Almorsy","year":"2012"},{"key":"10.1016\/j.infsof.2016.09.004_bib0002","series-title":"Proceedings of the 44th annual Southeast regional conference","first-page":"560","article-title":"Static analysis of anomalies and security vulnerabilities in executable files","author":"Tevis","year":"2006"},{"key":"10.1016\/j.infsof.2016.09.004_bib0003","series-title":"ACM Sigplan Notices","first-page":"155","article-title":"Cssv: Towards a realistic tool for statically detecting all buffer overflows in c","volume":"vol. 38","author":"Dor","year":"2003"},{"key":"10.1016\/j.infsof.2016.09.004_bib0004","series-title":"Proceedings of the 10th ACM conference on Computer and communications security","first-page":"345","article-title":"Buffer overrun detection using linear programming and static analysis","author":"Ganapathy","year":"2003"},{"key":"10.1016\/j.infsof.2016.09.004_bib0005","series-title":"NDSS","first-page":"2000","article-title":"A first step towards automated detection of buffer overrun vulnerabilities.","author":"Wagner","year":"2000"},{"key":"10.1016\/j.infsof.2016.09.004_sbref0006","series-title":"Automatic vulnerability detection using static analysis","author":"Sotirov","year":"2005"},{"key":"10.1016\/j.infsof.2016.09.004_bib0007","series-title":"Proceedings of the 10th ACM conference on Computer and communications security","first-page":"321","article-title":"Meca: an extensible, expressive system and language for statically checking security properties","author":"Yang","year":"2003"},{"key":"10.1016\/j.infsof.2016.09.004_bib0008","series-title":"Proceedings of the 14th ACM conference on Computer and communications security","first-page":"25","article-title":"Multi-module vulnerability analysis of web-based applications","author":"Balzarotti","year":"2007"},{"key":"10.1016\/j.infsof.2016.09.004_bib0009","series-title":"Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation","first-page":"3","article-title":"Securing web applications with static and dynamic information flow tracking","author":"Lam","year":"2008"},{"key":"10.1016\/j.infsof.2016.09.004_bib0010","series-title":"Proceedings of the 20th USENIX conference on Security","article-title":"Fast and precise sanitizer analysis with bek","author":"Hooimeijer","year":"2011"},{"key":"10.1016\/j.infsof.2016.09.004_bib0011","series-title":"USENIX Security Symposium","first-page":"201","article-title":"Detecting format string vulnerabilities with type qualifiers.","author":"Shankar","year":"2001"},{"key":"10.1016\/j.infsof.2016.09.004_bib0012","series-title":"OSDI","first-page":"209","article-title":"Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.","volume":"vol. 8","author":"Cadar","year":"2008"},{"issue":"2","key":"10.1016\/j.infsof.2016.09.004_bib0013","first-page":"10","article-title":"Exe: automatically generating inputs of death","volume":"12","author":"Cadar","year":"2006","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"10.1016\/j.infsof.2016.09.004_bib0014","series-title":"USENIX Security Symposium","first-page":"67","article-title":"Dynamic test generation to find integer bugs in x86 binary linux programs.","author":"Molnar","year":"2009"},{"issue":"6","key":"10.1016\/j.infsof.2016.09.004_bib0015","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1145\/1749608.1749612","article-title":"Wysinwyx: what you see is not what you execute","volume":"32","author":"Balakrishnan","year":"2010","journal-title":"ACM Trans. Program. Lang. Syst. (TOPLAS)"},{"key":"10.1016\/j.infsof.2016.09.004_bib0016","unstructured":"MITRE-CWE, CWE-369: division by zero, 2014a, (http:\/\/cwe.mitre.org\/data\/definitions\/369.html). [Online; accessed 2015-02-03]."},{"key":"10.1016\/j.infsof.2016.09.004_bib0017","unstructured":"MITRE-CWE, CWE-190: integer overflow or wraparound, 2014b, (http:\/\/cwe.mitre.org\/data\/definitions\/190.html). [Online; accessed 2015-02-03]."},{"key":"10.1016\/j.infsof.2016.09.004_bib0018","unstructured":"MITRE-CWE, CWE-191: integer underflow (Wrap or Wraparound, 2014c, (http:\/\/cwe.mitre.org\/data\/definitions\/190.html).[Online; accessed 2015-02-03]."},{"key":"10.1016\/j.infsof.2016.09.004_bib0019","unstructured":"MITRE-CWE, Cwe-681: incorrect conversion between numeric types, 2014d, (http:\/\/cwe.mitre.org\/data\/definitions\/681.html). [Online; accessed 2015-02-03]."},{"key":"10.1016\/j.infsof.2016.09.004_bib0020","series-title":"ACM Sigplan Notices","first-page":"89","article-title":"Valgrind: a framework for heavyweight dynamic binary instrumentation","volume":"vol. 42","author":"Nethercote","year":"2007"},{"key":"10.1016\/j.infsof.2016.09.004_bib0021","unstructured":"MITRE-CWE, CWE-476: null pointer dereference, 2014, (http:\/\/cwe.mitre.org\/data\/definitions\/476.html). [Online; accessed 2015-02-03]."},{"key":"10.1016\/j.infsof.2016.09.004_bib0022","series-title":"Software Maintenance, 2006. ICSM\u201906. 22nd IEEE International Conference on","first-page":"411","article-title":"Modeling software vulnerabilities with vulnerability cause graphs","author":"Byers","year":"2006"},{"issue":"2\/3","key":"10.1016\/j.infsof.2016.09.004_bib0023","first-page":"4","article-title":"Vdc-based dynamic code analysis: application to c programs","volume":"1","author":"Mallouli","year":"2011","journal-title":"J. Internet Serv. Inf. Secur."},{"key":"10.1016\/j.infsof.2016.09.004_bib0024","unstructured":"MITRE, Common vulnerabilities and exposures, 2014a, (https:\/\/cve.mitre.org\/index.html). [Online; accessed 2015-02-03]."},{"key":"10.1016\/j.infsof.2016.09.004_bib0025","unstructured":"MITRE, Common weakness enumeration, 2014b, (http:\/\/cwe.mitre.org\/). [Online; accessed 2015-02-03]."},{"key":"10.1016\/j.infsof.2016.09.004_bib0026","series-title":"Improving software security with precise static and runtime analysis","author":"Livshits","year":"2006"},{"key":"10.1016\/j.infsof.2016.09.004_bib0027","article-title":"An incremental ocl compiler for modeling environments","volume":"15","author":"Vajk","year":"2008","journal-title":"Electron. Commun. EASST"},{"key":"10.1016\/j.infsof.2016.09.004_bib0028","series-title":"PRDC","first-page":"42","article-title":"A smart fuzzing method for detecting heap-based buffer overflows in executable codes.","author":"Mouzarani","year":"2015"},{"issue":"4","key":"10.1016\/j.infsof.2016.09.004_bib0029","doi-asserted-by":"crossref","first-page":"96","DOI":"10.1049\/iet-sen.2015.0039","article-title":"A smart fuzzing method for detecting stack-based buffer overflows in binary codes","volume":"10","author":"Mouzarani","year":"2016","journal-title":"IET Software"},{"issue":"1","key":"10.1016\/j.infsof.2016.09.004_bib0030","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1109\/TDSC.2004.2","article-title":"Basic concepts and taxonomy of dependable and secure computing","volume":"1","author":"Avizienis","year":"2004","journal-title":"Dependable Secure Comput. IEEE Trans."},{"key":"10.1016\/j.infsof.2016.09.004_bib0031","series-title":"ACM Sigplan Notices","first-page":"213","article-title":"Dart: directed automated random testing","volume":"vol. 40","author":"Godefroid","year":"2005"},{"key":"10.1016\/j.infsof.2016.09.004_bib0032","unstructured":"G. Campana, Fuzzgrind: an automatic fuzzing tool, 2009, (http:\/\/esec-lab.sogeti.com\/pages\/Fuzzgrind\/). Accessed 10-12-2015."},{"key":"10.1016\/j.infsof.2016.09.004_bib0033","series-title":"USENIX Security","first-page":"49","article-title":"Dowsing for overflows: a guided fuzzer to find buffer boundary violations.","author":"Haller","year":"2013"},{"issue":"1","key":"10.1016\/j.infsof.2016.09.004_bib0034","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1145\/2090147.2094081","article-title":"Sage: whitebox fuzzing for security testing","volume":"10","author":"Godefroid","year":"2012","journal-title":"Queue"},{"key":"10.1016\/j.infsof.2016.09.004_bib0035","unstructured":"V. developers, Valgrind user manual, September 2014, (http:\/\/valgrind.org\/docs\/manual\/manual.html). [Online; accessed 2015-02-03]."},{"key":"10.1016\/j.infsof.2016.09.004_bib0036","series-title":"International Symposium on Intelligence Computation and Applications","first-page":"461","article-title":"Evaluation measures of the classification performance of imbalanced data sets","author":"Gu","year":"2009"},{"issue":"4","key":"10.1016\/j.infsof.2016.09.004_bib0037","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/1713254.1713257","article-title":"Cloud9: a software testing service","volume":"43","author":"Ciortea","year":"2010","journal-title":"ACM SIGOPS Operating Syst. Rev."},{"key":"10.1016\/j.infsof.2016.09.004_bib0038","series-title":"S2E: a platform for in-vivo multi-path analysis of software systems","volume":"vol. 47","author":"Chipounov","year":"2012"},{"issue":"7","key":"10.1016\/j.infsof.2016.09.004_bib0039","doi-asserted-by":"crossref","first-page":"1758","DOI":"10.1016\/j.future.2012.02.006","article-title":"State of the art: dynamic symbolic execution for automated test generation","volume":"29","author":"Chen","year":"2013","journal-title":"Future Gener. Comput. Syst."}],"container-title":["Information and Software Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S095058491630146X?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S095058491630146X?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2018,9,8]],"date-time":"2018-09-08T12:52:51Z","timestamp":1536411171000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S095058491630146X"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12]]},"references-count":39,"alternative-id":["S095058491630146X"],"URL":"https:\/\/doi.org\/10.1016\/j.infsof.2016.09.004","relation":{},"ISSN":["0950-5849"],"issn-type":[{"value":"0950-5849","type":"print"}],"subject":[],"published":{"date-parts":[[2016,12]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Towards designing an extendable vulnerability detection method for executable codes","name":"articletitle","label":"Article Title"},{"value":"Information and Software Technology","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.infsof.2016.09.004","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2016 Elsevier B.V. All rights reserved.","name":"copyright","label":"Copyright"}]}}