[1]Lam M S, Martin M, Livshits B, et al. Securing Web applications with static and dynamic information flow tracking[C]// Proc. of the 2008 ACM SIGPLAN Symp. on Partial Evaluation and Semantics-based Program Manipulation. 2008:3-12.
[2]宋奕青. 基于动态二进制探测框架的缓冲区溢出检测研究[D]. 上海:上海交通大学, 2010.
[3]Newsome J, Song D. Dynamic taint analysis: Automatic detection,analysis,and signature generation of exploits on commodity software[C]// Proc. of the 12th Network and Distributed System Security Symposium. 2005.
[4]Clause J, Li W, Orso A. Dytan: A generic dynamic taint analysis framework[C]// Proc. of 2007 International Symposium on Software Testing and Analysis. 2007:196-206.
[5]Portokalidis G, Slowinska A, Bos H. Argos: An emulator for fingerprinting zero-day attaks for advertised honeypots with automatic signature generation[J]. ACM SIGOPS Operating Systems Review, 2006,40(4):15-27.
[6]Qin Feng, Wang Cheng, Li Zhenmin, et al. LIFT: A low-overhead practical information flow tracking system for detecting security attacks[C]// The 39th Annual IEEE/ACM International Symposium on Microarchitecture(MICRO06). 2006:135-148.
[7]Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing[C]// Proceedings of the 31st International Conference on Software Engineering. 2009:474-484.
[8]宋铮,王永剑,金波,等. 二进制程序动态污点分析技术研究综述[J]. 信息网络安全, 2016(3):77-83.
[9]Dumitru C. Detecting software vulnerabilities static taint analysis[D]. Bucharest : University Politehnica of Bucharest, 2009.
[10]Nethercote N, Walsh R, Fitzhardinge J. Building workload characterization tools with valgrind[C]// 2006 IEEE International Symposium on Workload Characterization. 2006:2.
[11]King J C. Symbolic execution and program testing[J]. Communications of the ACM, 1976,19(7):385-394.
[12]姚伟平,王震宇,刘建林,等. 二进制代码覆盖率评估系统的设计与实现[J]. 计算机工程与设计, 2011,31(24):5262-5264.
[13]Kinder J, Veith H. Jakstab: A static analysis platform for binaries[C]// Proceeding of the 20th International Conference on Computer Aided Verification. 2008:423-427.
[14]Miller B P, Fredriksen L, So B. An empirical study of the reliability of UNIX utilities[J]. Communications of the ACM, 1990,33(12):32-44.
[15]Ganesh V, Dill D L. A decision procedure for bit-vectors and arrays[C]// International Conference on Computer Aided Verification. 2007:519-531.
[16]Brumley D, Jager I, Avgerinos T, et al. BAP: A binary analysis platform[C]// Proceedings of the Conference on Computer Aided Verification. 2011:463-469.
[17]Brumley D, Jager I, Schwartz E J, et al. The BAP Handbook[EB/OL]. http://bap.ece.cmu.edu/doc/bap.pdf, 2009-07-10.
[18]Godefroid P, Levin M Y, Molnar D A. Automated whitebox fuzz testing[C]// Network and Distributed System Security Symposium. 2008:151-166.
[19]Luk C K, Cohn R, Muth R, et al. Pin: Building customized program analysis tools with dynamic instrumentation[C]// ACM SIGPLAN Notices. 2005,40(6):190-200.
|