{"id":"https://openalex.org/W1847604698","doi":"https://doi.org/10.3233/jcs-2011-0434","title":"Using type analysis in compiler to mitigate integer-overflow-to-buffer-overflow threat","display_name":"Using type analysis in compiler to mitigate integer-overflow-to-buffer-overflow threat","publication_year":2011,"publication_date":"2011-12-23","ids":{"openalex":"https://openalex.org/W1847604698","doi":"https://doi.org/10.3233/jcs-2011-0434","mag":"1847604698"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-2011-0434","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-2011-0434","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100460139","display_name":"Chao Zhang","orcid":"https://orcid.org/0000-0002-1018-4144"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chao Zhang","raw_affiliation_strings":["Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108286207","display_name":"Wei Zou","orcid":"https://orcid.org/0000-0003-4215-5361"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Zou","raw_affiliation_strings":["Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057941531","display_name":"Tielei Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tielei Wang","raw_affiliation_strings":["Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100401938","display_name":"Yu Chen","orcid":"https://orcid.org/0000-0001-5950-640X"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yu Chen","raw_affiliation_strings":["Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5062578450","display_name":"Tao Wei","orcid":"https://orcid.org/0000-0002-4765-1826"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Tao Wei","raw_affiliation_strings":["Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China","Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]},{"raw_affiliation_string":"Institute of Computer Science and Technology, Peking University, Beijing, China and Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, China#TAB#","institution_ids":["https://openalex.org/I20231570"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5062578450"],"corresponding_institution_ids":["https://openalex.org/I20231570"],"apc_list":null,"apc_paid":null,"fwci":0.8551,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.78228568,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":"19","issue":"6","first_page":"1083","last_page":"1107"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.8414597511291504},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.817482590675354},{"id":"https://openalex.org/keywords/dataflow","display_name":"Dataflow","score":0.7621572017669678},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.6365483999252319},{"id":"https://openalex.org/keywords/integer","display_name":"Integer (computer science)","score":0.6068445444107056},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5455179214477539},{"id":"https://openalex.org/keywords/test-suite","display_name":"Test suite","score":0.47922900319099426},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.44206956028938293},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.42304784059524536},{"id":"https://openalex.org/keywords/suite","display_name":"Suite","score":0.42202165722846985},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.34794336557388306},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.34785833954811096},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34153079986572266},{"id":"https://openalex.org/keywords/test-case","display_name":"Test case","score":0.23551854491233826},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.0965069830417633},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.07838469743728638}],"concepts":[{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.8414597511291504},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.817482590675354},{"id":"https://openalex.org/C96324660","wikidata":"https://www.wikidata.org/wiki/Q205446","display_name":"Dataflow","level":2,"score":0.7621572017669678},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.6365483999252319},{"id":"https://openalex.org/C97137487","wikidata":"https://www.wikidata.org/wiki/Q729138","display_name":"Integer (computer science)","level":2,"score":0.6068445444107056},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5455179214477539},{"id":"https://openalex.org/C151552104","wikidata":"https://www.wikidata.org/wiki/Q7705809","display_name":"Test suite","level":4,"score":0.47922900319099426},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.44206956028938293},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.42304784059524536},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.42202165722846985},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.34794336557388306},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.34785833954811096},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34153079986572266},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.23551854491233826},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.0965069830417633},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.07838469743728638},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0},{"id":"https://openalex.org/C152877465","wikidata":"https://www.wikidata.org/wiki/Q208042","display_name":"Regression analysis","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-2011-0434","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-2011-0434","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1112477","https://openalex.org/W127238549","https://openalex.org/W1506510492","https://openalex.org/W1531991464","https://openalex.org/W1536898727","https://openalex.org/W1588398995","https://openalex.org/W1710734607","https://openalex.org/W1963569294","https://openalex.org/W1982205631","https://openalex.org/W2009489720","https://openalex.org/W2046699259","https://openalex.org/W2068452798","https://openalex.org/W2096449544","https://openalex.org/W2098010707","https://openalex.org/W2107089133","https://openalex.org/W2114067856","https://openalex.org/W2123527946","https://openalex.org/W2128637495","https://openalex.org/W2130908989","https://openalex.org/W2132897303","https://openalex.org/W2153185479","https://openalex.org/W2156268601","https://openalex.org/W2549548403","https://openalex.org/W2913256667"],"related_works":["https://openalex.org/W2293118914","https://openalex.org/W2998381397","https://openalex.org/W4236419692","https://openalex.org/W3167919718","https://openalex.org/W4251718783","https://openalex.org/W2171015181","https://openalex.org/W4239447582","https://openalex.org/W2181627506","https://openalex.org/W2293245356","https://openalex.org/W2152749196"],"abstract_inverted_index":{"One":[0],"of":[1,6,45,56,74,90],"the":[2,13,22,42,86],"top":[3],"two":[4],"causes":[5],"software":[7,79],"vulnerabilities":[8,62,99,169],"in":[9,100,170],"operating":[10],"systems":[11],"is":[12,21,33],"integer":[14,18,151],"overflow.":[15],"A":[16],"typical":[17],"overflow":[19],"vulnerability":[20,75],"Integer":[23],"Overflow":[24,27],"to":[25,116,126,149],"Buffer":[26],"(IO2BO":[28],"for":[29,51,78,95,145],"short)":[30],"vulnerability.":[31],"IO2BO":[32,46,61,98,119,168],"an":[34,143],"underestimated":[35],"threat.":[36],"Many":[37],"programmers":[38,146],"have":[39,183],"not":[40],"realized":[41],"existenc":[43],"e":[44],"and":[47,59,66,70,88,111,121,133,174],"its":[48],"harm.":[49],"Even":[50],"those":[52],"who":[53,147],"are":[54,63,76,189],"aware":[55],"IO2BO,":[57],"locating":[58],"fixing":[60,71,97],"still":[64],"tedious":[65],"error-prone.":[67],"Automatically":[68],"identifying":[69],"this":[72,82],"kind":[73],"critical":[77],"security.":[80],"In":[81],"article,":[83],"we":[84],"present":[85],"design":[87],"implementation":[89],"IntPatch,":[91],"a":[92,112,158],"compiler":[93],"extension":[94],"automatically":[96],"C/C++":[101],"programs":[102,136],"at":[103],"compile":[104],"time.":[105],"IntPatch":[106,141,156,182],"utilizes":[107],"classic":[108],"type":[109],"theory":[110],"dataflow":[113],"analysis":[114],"framework":[115],"identify":[117],"potential":[118],"vulnerabilities,":[120],"then":[122],"uses":[123],"backward":[124],"slicing":[125],"find":[127],"out":[128],"related":[129],"vulnerable":[130],"arithmetic":[131],"operations,":[132],"finally":[134],"instruments":[135],"with":[137],"runtime":[138,185],"checks.":[139],"Moreover,":[140],"provides":[142],"interface":[144],"want":[148],"check":[150],"overflows":[152],"manually.":[153],"We":[154],"evaluated":[155],"on":[157,190],"few":[159],"real-world":[160],"applications.":[161],"It":[162],"caught":[163],"all":[164],"46":[165],"previously":[166],"known":[167],"our":[171],"test":[172],"suite":[173],"found":[175],"21":[176],"new":[177],"bugs.":[178],"Applications":[179],"patched":[180],"by":[181],"negligible":[184],"performance":[186],"losses":[187],"which":[188],"average":[191],"1%.":[192]},"counts_by_year":[{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}