Attacking malicious code: A report to the Infosec Research Council

IEEE Software

Volumn 17, Issue 5, 2000, Pages 33-41

  McGraw, Gary ^a   Morrisett, Greg ^b  

^a Cigital   (United States)

^b Department of Obstetrics Gynecology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER OPERATING SYSTEMS; COMPUTER VIRUSES; COMPUTER WORMS; DATA COMMUNICATION SYSTEMS; INTERNET; JAVA PROGRAMMING LANGUAGE;

MALICIOUS COMPUTER CODES;

SECURITY OF DATA;

EID: 0034269416     PISSN: 07407459     EISSN: None     Source Type: Journal    
DOI: 10.1109/52.877857     Document Type: Article

References (14)

1. J. Viega et al., "ITS4: A Static Vulnerability Scanner for C and C++ Code," To appear in Proc. Ann. Computer Security Applications Conf. 2000, IEEE Computer Soc. Press, Los Alamitos, Calif: the ITS4 tool is available at www.rstcorp.com/its4.
2. D. Wagner et al., "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities," Proc. Network and Distributed Systems Security Symposium (NDSS 2000), Internet Soc., Reston, Va., 2000, pp. 3-18.
3. G. McGraw and E. Felten, Securing Java: Getting Down to Business with Mobile Code, John Wiley & Sons, New York, 1999; complete Web edition at www.securingjava.com.
4. J.H. Salzter and M.D. Schroeder, "The Protection of Information in Computer Systems," Proc. IEEE, IEEE Press, Piscataway, N.J., Vol. 9, No. 63, 1975, pp. 1278-1308.
5. R. Wahbe et al., "Efficient Software-Based Fault Isolation," Proc. 14th ACM Symp. Operating System Principles (SOSP), ACM Press, New York, 1993, pp. 203-216.
6. F. Schneider, "Enforceable Security Policies," ACM Trans. Information and System Security, Vol. 2, No. 4, Mar. 2000.
7. U. Erlingsson and F.B. Schneider, "IRM Enforcement of Java Stack Inspection," IEEE Symp. Security and Privacy, IEEE Press, Piscataway, N.J., 2000.
8. D. Evans and A. Twyman, "Policy-Directed Code Safety," Proc. IEEE Symp. Security an Privacy, IEEE Press, Piscataway, N.J., 1999; see also www.cs.virginia. edu/∼evans.
9. U. Erlingsson, U. and F.B. Schneider, ∼SASI Enforcement of Security Policies: A Retrospective,∼ Proc. New Security Paradigms Workshop, ACM Press, New York, 1999, pp. 246-255.
10. A.C. Myers, ∼JFlow: Practical Mostly Static Information Flow Control,∼ Proc. 26th ACM Symp. Principles of Programming Languages (POPL), ACM Press, New York, 1999, pp. 228-241.
11. H. Xi and F. Pfenning, "Dependent Types in Practical Programming," Proc. 26th ACM Symp. Principles of Programming Languages (POPL), ACM Press, New York, 1999, pp. 214-227.
12. G. Morrisett et al., "From System-F to Typed Assembly Language," ACM Trans. Programming Languages and Systems, Vol., 21, No. 3, May 1999, pp. 528-569; www.cs.cornell.edu/talc.
13. G.C. Necula, "Proof-Carrying Code," Proc. 24th ACM Symp. Principles of Programming Languages (POPL), ACM Press, New York, 1997, pp. 106-119; wwwnt.cs.Berkeley.edu/home/necula/public_html/pcc.html.
14. P. Kocher, J. Jaffee, and B. Jun, "Differential Power Analysis: Leaking Secrets," Advances in Cryptology-CRYPTO'99. . In M. Weiner, ed., Lecture Notes in Computer Science, Vol. 1666, Springer, New York, Aug. 1999, pp. 388-397; www.cryptography.com/dpa/Dpa.pdf.