Taint analysis of security code in the KLEE symbolic execution engine

The program structure tree: computing control regions in linear time

PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation

Symbolic execution and program testing

Communications of the ACM

Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology

Non-interference for a JVM-like language

TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation

Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium

A decision procedure for bit-vectors and arrays

CAV'07 Proceedings of the 19th international conference on Computer aided verification

All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy

KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs

OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation

Practical padding oracle attacks

WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies

Efficient symbolic execution for analysing cryptographic protocol implementations

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems

Formalizing the LLVM intermediate representation for verified program transformations

POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Language-based information-flow security

IEEE Journal on Selected Areas in Communications