Software Crash Analysis for Automatic Exploit Generation on Binary Programs by Shih-Kun Huang, Min-Hsiang Huang, Po-Yen Huang, Han-Lin Lu, and Chung-Wei Lai - https://drive.google.com/file/d/0BymO5h8P3PgAaE8zOVRYZWRCNEE/edit?usp=sharing
Unleashing MAYHEM on Binary Code - http://diyhpl.us/~bryan/papers2/security/mayhem-oakland-12.pdf
Unleashing MAYHEM on Binary Code - http://diyhpl.us/~bryan/papers2/security/mayhem-oakland-12.pdf
Eliminating Stack Overflow by Abstract Interpretation - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.64.6170&rep=rep1&type=pdf
The Automated Exploitation Grand Challenge (Slides 22 - 27) - http://openwall.info/wiki/_media/people/jvanegue/files/aegc_vanegue.pdf
Software Crash Analysis for Automatic Exploit Generation on Binary Programs by Shih-Kun Huang, Min-Hsiang Huang, Po-Yen Huang, Han-Lin Lu, and Chung-Wei Lai - https://drive.google.com/file/d/0BymO5h8P3PgAaE8zOVRYZWRCNEE/edit?usp=sharing
Unleashing MAYHEM on Binary Code - http://diyhpl.us/~bryan/papers2/security/mayhem-oakland-12.pdf
String Analysis for x86 Binaries - http://pages.cs.wisc.edu/~mihai/publications/String%20Analysis%20for%20x86%20Binaries/String%20Analysis%20for%20x86%20Binaries.pdf
Automated Format String Attack Prevention for Win32/X86 Binaries - https://acsac.org/2007/papers/165.pdf
Modular Bug-finding for Integer Overflows in the Large: Sound, Efficient, Bit-precise Static Analysis - http://research.microsoft.com/pubs/80722/z3prefix.pdf
UQBTng: a tool capable of automatically finnding integer overows in Win32 binaries - http://events.ccc.de/congress/2005/fahrplan/attachments/552-Paper_AToolCapableOfAutomaticallyFindingIntegerOverflowsInWin32Binaries.pdf
IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.153.1801&rep=rep1&type=pdf
New Binary System for Detecting and Locating Integer-based Vulnerability on Run-time Type Analysis
Detecting interger flaws by type-qualified system dependence graph
An ‘Explicit Type Enforcement’ Program Transformation Tool for Preventing Integer Vulnerabilities - http://www.munawarhafiz.com/research/intproblem/H11-SplashDemo_AIC.pdf
Program Transformations to Fix C Integers - http://www.munawarhafiz.com/research/intproblem/H11-SplashDemo_AIC.pdf
CacheAudit: A Tool for the Static Analysis of Cache Side Channels - http://0b4af6cdc2f0c5998459-c0245c5c937c5dedcca3f1764ecc9b2f.r43.cf2.rackcdn.com/12319-sec13-paper_doychev.pdf and http://software.imdea.org/projects/cacheaudit/
Fun with Constrained Programming by Tavis Ormandy - http://blog.cmpxchg8b.com/2012/09/fun-with-constrained-programming.html
Static Analysis for Regular Expression Exponential Runtime via Substructural Logics by Asiri Rathnayake and Hayo Thielecke - http://arxiv.org/pdf/1405.7058v1.pdf and http://www.cs.bham.ac.uk/~hxt/research/rxxr2/
Static Analysis for Regular Expression Denial-of-Service Attacks - http://arxiv.org/pdf/1301.0849v1.pdf and http://www.cs.bham.ac.uk/~hxt/research/rxxr.shtml
Fast and Precise WCET Prediction by Separated Cache and Path Analyses - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.84.1150&rep=rep1&type=pdf
Denial of Service via Algorithmic Complexity Attacks - http://www.rootsecure.net/content/downloads/pdf/dos_via_algorithmic_complexity_attack.pdf
Static WCET analysis based on abstract interpretation and counting of elements - http://www.diva-portal.org/smash/get/diva2:292120/FULLTEXT01.pdf
Static Memory and Timing Analysis of Embedded Systems Code - http://www-fp.cs.st-andrews.ac.uk/embounded/pubs/papers/VVSS07.pdf
Cinderella: A retargetable environment for performance analysis of real-time software - https://drive.google.com/file/d/0BymO5h8P3PgAZ1AwMTM3NU9VZjg/edit?usp=sharing
Modular and generic WCET static analysis with LLVM framework - http://www.lume.ufrgs.br/bitstream/handle/10183/31020/000782100.pdf
Towards a Practical WCET Analysis Approach Based on Testing - http://lundqvist.dyndns.org/Publications/ecrts-wip08/lundqvist_sandin_ecrtswip08.pdf
http://mikegagnon.com/2012/01/01/how-to-defend-against-algorithmic-complexity-attacks/
Undangle: Early Detection of Dangling Pointers in Use-After-Free and Double-Free Vulnerabilities - http://diyhpl.us/~bryan/papers2/security/Undangle%20-%20Early%20Detection%20of%20Dangling%20Pointers%20in%20Use-After-Free.pdf
DieHarder: Securing the Heap - http://people.cs.umass.edu/~emery/pubs/ccs03-novark.pdf
Finding use-after-free bugs with static analysis - http://seanhn.wordpress.com/2009/11/30/finding-bugs-with-static-analysis/
Statically Detecting Use After Free on Binary Code - http://grehack.org/files/2013/GreHack_2013_proceedings-separate_files/3-accepted_papers/3.4_Feist_-_Statically_Detecting_Use_After_Free_on_Binary_Code.pdf ( http://grehack.org/files/2013/talks/talk_3_4_Feist_-_Statically_Detecting_Use_After_Free_on_Binary_Code-grehack.pdf )
Combining Static Analyses for Helping Detection and Exploitability Vulnerabilities in Binary Code - http://seminaire-dga.gforge.inria.fr/2013/20131108_MarieLaurePotet.pdf
Undangle: Early Detection of Dangling Pointers in Use-After-Free and Double-Free Vulnerabilities - http://diyhpl.us/~bryan/papers2/security/Undangle%20-%20Early%20Detection%20of%20Dangling%20Pointers%20in%20Use-After-Free.pdf
Goanna : Syntactic Software Model Checking - http://www.cse.unsw.edu.au/~rhuuck/FHS08-atva.pdf
DieHarder: Securing the Heap - http://people.cs.umass.edu/~emery/pubs/ccs03-novark.pdf
Using Valgrind to detect undefined value errors with bit-precision - https://www.usenix.org/legacy/events/usenix05/tech/general/full_papers/seward/seward.pdf