參考文獻 |
1. TIOBE Index. Retrieved May 2, 2019, from https://www.tiobe.com/tiobe-index/
2. Seacord, Robert C. (2013). Secure Coding in C and C++: Addison-Wesley Professional.
3. Bishop, M., & Dilger, M. (1996). Checking for race conditions in file accesses. Computing systems, 2(2), 131-152.
4. Viega, J., Bloch, J. T., Kohno, Y., & McGraw, G. (2000, December). ITS4: A static vulnerability scanner for C and C++ code. Proceedings of the 16th IEEE Annual Computer Security Applications Conference, 257-267.
5. Wei, J., & Pu, C. (2005, December). TOCTTOU vulnerabilities in UNIX-Style file systems: An anatomical study. Proceedings of the 4th USENIX Conference on File and Storage Technologies, 5, 156-167.
6. 賴亭君(2018),用LLVM靜態分析器偵測TOCTOU漏洞,國立中正大學資訊工程研究所碩士論文。
7. Dean, D., & Hu, A. J. (2004, August). Fixing races for fun and profit: How to use access (2). Proceedings of the 13th USENIX Security Symposium, 195-206.
8. Ball, T. (1999, October). The concept of dynamic analysis. ACM SIGSOFT Software Engineering Notes, 24(6), 216-234.
9. Cornelissen, B., Zaidman, A., Van Deursen, A., Moonen, L., & Koschke, R. (2009). A systematic survey of program comprehension through dynamic analysis. IEEE Transactions on Software Engineering, 35(5), 684-702.
10. Gosain, A., & Sharma, G. (2015). A survey of dynamic program analysis techniques and tools. Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications, 113-122.
11. Nethercote, N. (2004). Dynamic binary analysis and instrumentation. University of Cambridge.
12. Hangal, S., & Lam, M. S. (2002, May). Tracking down software bugs using automatic anomaly detection. Proceedings of the 24th IEEE International Conference on Software Engineering, 291-301.
13. Gomes, I., Morgado, P., Gomes, T., & Moreira, R. (2009). An overview on the static code analysis approach in software development. Faculdade de Engenharia da Universidade do Porto, Portugal.
14. Ayewah, N., Pugh, W., Hovemeyer, D., Morgenthaler, J. D., & Penix, J. (2008). Using static analysis to find bugs. IEEE software, 25(5), 22-29.
15. Chess, B., & McGraw, G. (2004). Static analysis for security. IEEE Security & Privacy, 2(6), 76-79.
16. Chess, B., & West, J. (2007). Secure programming with static analysis: Pearson Education.
17. Cousot, P., & Cousot, R. (1977, January). Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 238-252
18. Landi, W. (1992). Undecidability of static analysis. ACM Letters on Programming Languages and Systems, 1(4), 323-337.
19. Wagner, D., & Dean, R. (2000, May). Intrusion detection via static analysis. Proceedings of the 2001 IEEE Symposium on Security and Privacy, 156-168.
20. Ball, T., & Rajamani, S. K. (2002, January). The SLAM project: Debugging system software via static analysis. ACM SIGPLAN Notices, 37(1),1-3.
21. Venkatasubramanyam, R. D., & GR, S. (2014, June). Why is dynamic analysis not used as extensively as static analysis: an industrial study. Proceedings of the 1st ACM International Workshop on Software Engineering Research and Industrial Practices, 24-33.
22. Ernst, M. D. (2003, May). Static and dynamic analysis: Synergy and duality. Proceedings of WODA 2003: ICSE Workshop on Dynamic Analysis, 24-27.
23. Baldoni, R., Coppa, E., D’elia, D. C., Demetrescu, C., & Finocchi, I. (2018). A survey of symbolic execution techniques. ACM Computing Surveys, 51(3).
24. Schwartz, E. J., Avgerinos, T., & Brumley, D. (2010, May). All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). Proceedings of 2010 IEEE Symposium on Security and Privacy, 317-331.
25. Cadar, C., & Sen, K. (2013). Symbolic execution for software testing: three decades later. Communications of the ACM, 56(2), 82-90.
26. Clarke, L. A. (1976). A system to generate test data and symbolically execute programs. IEEE Transactions on Software Engineering, (3), 215-222.
27. King, J. C. (1976). Symbolic execution and program testing. Communications of the ACM, 19(7), 385-394.
28. Binary 自動分析的那些事. Retrieved May 2, 2019, from https://hitcon.org/2016/CMT/slide/day1-r1-a-1.pdf
29. LLVM. Retrieved May 2, 2019, from https://llvm.org/
30. Getting Started with LLVM Core Libraries. Retrieved May 2, 2019, from
https://www.amazon.com/Getting-Started-LLVM-Core-Libraries/dp/1782166920
31. Clang Static Analyzer. Retrieved May 2, 2019, from https://clang-analyzer.llvm.org/
32. Xu, Z., Kremenek, T., & Zhang, J. (2010, October). A memory model for static analysis of C programs. Proceedings of International Symposium On Leveraging Applications of Formal Methods, Verification and Validation, 535-548.
33. llvm之旅第一站. Retrieved May 2, 2019, from http://www.nagain.com/activity/article/4/
34. Cowan, C., Beattie, S., Wright, C., & Kroah-Hartman, G. (2001, August). RaceGuard: Kernel protection from temporary file race vulnerabilities. Proceedings of USENIX Security Symposium, 165-176.
35. Pu, C., & Wei, J. (2006, March). A methodical defense against tocttou attacks: The edgi approach. Proceedings of 2006 International Symposium on Secure Software Engineering.
36. Juliet Test Suite User Guide. Retrieved May 2, 2019, from
https://samate.nist.gov/SARD/resources/Juliet_Test_Suite_v1.2_for_C_Cpp_-_User_Guide.pdf
37. Juliet Test Suite. Retrieved May 2, 2019, from https://samate.nist.gov/SARD/testsuite.php
38. Fatima, A., Bibi, S., & Hanif, R. (2018, January). Comparative study on static code analysis tools for C/C++. Proceedings of the IEEE International Bhurban Conference on Applied Sciences and Technology, 465-469.
|