diff --git a/work/01paper.pdf b/work/01paper.pdf
index 2adc218..4be3c8d 100644
Binary files a/work/01paper.pdf and b/work/01paper.pdf differ
diff --git a/work/01paper.tex b/work/01paper.tex
index b2773c6..320e2c8 100644
--- a/work/01paper.tex
+++ b/work/01paper.tex
@@ -1,7 +1,11 @@
 \documentclass[conference]{IEEEtran}
 \IEEEoverridecommandlockouts{}
 % The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.
-\usepackage{cite}
+\usepackage{csquotes}
+\usepackage[style=ieee,backend=biber]{biblatex}
+
+\addbibresource{./bibliography.bib}
+
 \usepackage{amsmath,amssymb,amsfonts}
 \usepackage{algorithmic}
 \usepackage{booktabs}
@@ -99,17 +103,18 @@ is to check, if a write or read operation is out of bounds. This requires
 storing the size of a buffer together with the pointer to the buffer and check
 for each read or write in the buffer, if it is in bounds at runtime.
 
-\subsubsection{Prevent Overriding Return Address}
+\subsubsection{Prevent/Detect Overriding Return Address}
 
 Since most traditional buffer overflow exploits work by overriding the return
 address in the current stack frame, preventing or at least detecting this, can
-be quite effective without much overhead at runtime. Chiueh et al describe a
-technique that stores a redudnant copy of the return address in a secure memory
-area that is guarded by read-only memory, so it cannot be overwritten by
-overflows. When returning, the copy of the return address is compared to the one
-in the current stack frame and only, if it matches, the ret instruction is
-actually executed\cite{Rad2001}. While this is effective against return oriented
-programming based exploits, it does not protect against vtable overrides.
+be quite effective without much overhead at runtime. \citeauthor{Rad2001}
+describe a technique that stores a redudnant copy of the return address in a
+secure memory area that is guarded by read-only memory, so it cannot be
+overwritten by overflows. When returning, the copy of the return address is
+compared to the one in the current stack frame and only, if it matches, the ret
+instruction is actually executed\cite{Rad2001}. While this is effective against
+return oriented programming based exploits, it does not protect against vtable
+overrides.
 
 An older technique from 1998 proposes to put a canary word between the data of a
 stack frame and the return address\cite{Stackguard1998}. When returning, the
@@ -123,10 +128,10 @@ canary intact.
 \subsubsection{Static Analysis}
 \subsubsection{Type System Solutions}
 
-Condit et al propose an extension to the C type system that extends it with
-dependent types. These types have an associated value, e.g. a pointer type can
-have the buffer size associated to it. This prevents indexing into a buffer with
-out of bounds values.
+\citeauthor{Dep2007} propose an extension to the C type system that extends it
+with dependent types. These types have an associated value, e.g. a pointer type
+can have the buffer size associated to it. This prevents indexing into a buffer
+with out of bounds values.
 
 \subsubsection{ASLR}
 
@@ -197,9 +202,9 @@ unsafe C.
 \end{itemize}
 
 
-
-\bibliographystyle{IEEEtran}
-\bibliography{bibliography}
+\printbibliography
+% \bibliographystyle{IEEEtran}
+% \bibliography{bibliography}
 
 \end{document}
 % vim: set filetype=tex ts=2 sw=2 tw=80 et spell :