References
[1] B. Arkin, S. Stender, and G. McGraw. Software penetration testing. In IEEE Symposium on
Security and Privacy, 2005.
[2] D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical
Report MTR-2547, Vol. 1, MITRE Corp., Bedford, MA, 1973.
[3] Stephen W. Boyd and Angelos D. Keromytis. Sqlrand: Preventing sql injection attacks. In
International Conference on Applied Cryptography and Network Security (ACNS), pages 292{
302, 2004.
[4] D. E. Denning and P. J. Denning. Certi cation of programs for secure information
ow.
Communications of the ACM, 20(7):504{513, July 1977.
[5] J. S. Fenton. Memoryless subsystems. Computing Journal, 17(2):143{147, May 1974.
[6] Security Focus. ePing remote command execution vulnerability.
http://www.securityfocus.com/bid/13929.
[7] Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, D.T. Lee, and Sy-Yen Kuo.
Securing web application code by static analysis and runtime protection. In Proceedings of
International WWW Conference, New York, USA, 2004.
[8] V. Benjamin Livshits and Monica S. Lam. Finding security vulnerabilities in java applications
with static analysis. In USENIX Security Symposium, 2005.
[9] J. McLean. A general theory of composition for trace sets closed under selective interleaving
functions. In IEEE Symposium on Security and Privacy, pages 79{93, May 1994.
[10] Scott McPeak, George C. Necula, S. P. Rahul, and Westley Weimer. CIL: Intermediate lan-
guage and tools for C program analysis and transformation. In Conference on Compiler
Construction, pages 213{228, 2002.
[11] A. C. Myers. JFlow: Practical mostly-static information
ow control. In ACM Symposium on
Principles of Programming Languages (POPL), pages 228{241, January 1999.
[12] A. C. Myers and B. Liskov. Complete, safe information
ow with decentralized labels. In
IEEE Symposium on Security and Privacy, pages 186{197, May 1998.
[13] Nicholas Nethercote and Julian Seward. Valgrind: A program supervision framework. In
Workshop on Runtime Veri cation (RV), Boulder, Colorado, USA, July 2003.
[14] James Newsome and Dawn Song. Dynamic taint analysis for automatic detection, analysis, and
signature generation of exploits on commodity software. In Network and Distributed System
Security Symposium (NDSS), 2005.
[15] OWASP. The ten most critical web application security vulnerabilities. http://www.owasp.org.
[16] A. Sabelfeld and A. C. Myers. Language-based information-
ow security. IEEE Journal on
Selected Areas in Communications, 21(1), January 2003.
[17] David Scott and Richard Sharp. Abstracting application-level web security. In Proceedings of
14
International WWW Conference, pages 396{407, Honolulu, Hawaii, May 2002.
[18] G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. Secure program execution
via dynamic information
ow tracking. In International Conference on Architectural Support
for Programming Languages and Operating Systems, pages 85{96, Boston, MA, USA, 2004.
[19] D. Volpano, G. Smith, and C. Irvine. A sound type system for secure
ow analysis. Journal
of Computer Security, 4(3):167{187, 1996.
[20] L. Wall, T. Christiansen, and R. Schwartz. Programming Perl. O'Reilly, 1996.
[1] B. Arkin, S. Stender, and G. McGraw. Software penetration testing. In IEEE Symposium on
Security and Privacy, 2005.
[2] D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical
Report MTR-2547, Vol. 1, MITRE Corp., Bedford, MA, 1973.
[3] Stephen W. Boyd and Angelos D. Keromytis. Sqlrand: Preventing sql injection attacks. In
International Conference on Applied Cryptography and Network Security (ACNS), pages 292{
302, 2004.
[4] D. E. Denning and P. J. Denning. Certi cation of programs for secure information
ow.
Communications of the ACM, 20(7):504{513, July 1977.
[5] J. S. Fenton. Memoryless subsystems. Computing Journal, 17(2):143{147, May 1974.
[6] Security Focus. ePing remote command execution vulnerability.
http://www.securityfocus.com/bid/13929.
[7] Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, D.T. Lee, and Sy-Yen Kuo.
Securing web application code by static analysis and runtime protection. In Proceedings of
International WWW Conference, New York, USA, 2004.
[8] V. Benjamin Livshits and Monica S. Lam. Finding security vulnerabilities in java applications
with static analysis. In USENIX Security Symposium, 2005.
[9] J. McLean. A general theory of composition for trace sets closed under selective interleaving
functions. In IEEE Symposium on Security and Privacy, pages 79{93, May 1994.
[10] Scott McPeak, George C. Necula, S. P. Rahul, and Westley Weimer. CIL: Intermediate lan-
guage and tools for C program analysis and transformation. In Conference on Compiler
Construction, pages 213{228, 2002.
[11] A. C. Myers. JFlow: Practical mostly-static information
ow control. In ACM Symposium on
Principles of Programming Languages (POPL), pages 228{241, January 1999.
[12] A. C. Myers and B. Liskov. Complete, safe information
ow with decentralized labels. In
IEEE Symposium on Security and Privacy, pages 186{197, May 1998.
[13] Nicholas Nethercote and Julian Seward. Valgrind: A program supervision framework. In
Workshop on Runtime Veri cation (RV), Boulder, Colorado, USA, July 2003.
[14] James Newsome and Dawn Song. Dynamic taint analysis for automatic detection, analysis, and
signature generation of exploits on commodity software. In Network and Distributed System
Security Symposium (NDSS), 2005.
[15] OWASP. The ten most critical web application security vulnerabilities. http://www.owasp.org.
[16] A. Sabelfeld and A. C. Myers. Language-based information-
ow security. IEEE Journal on
Selected Areas in Communications, 21(1), January 2003.
[17] David Scott and Richard Sharp. Abstracting application-level web security. In Proceedings of
14
International WWW Conference, pages 396{407, Honolulu, Hawaii, May 2002.
[18] G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. Secure program execution
via dynamic information
ow tracking. In International Conference on Architectural Support
for Programming Languages and Operating Systems, pages 85{96, Boston, MA, USA, 2004.
[19] D. Volpano, G. Smith, and C. Irvine. A sound type system for secure
ow analysis. Journal
of Computer Security, 4(3):167{187, 1996.
[20] L. Wall, T. Christiansen, and R. Schwartz. Programming Perl. O'Reilly, 1996.
No comments:
Post a Comment