-
1
-
-
51849128388
-
Systematic policy analysis for high-assurance services in SELinux
-
Palisades, NY, June
-
G. Ahn, X. Zhang, and W. Xu. Systematic policy analysis for high-assurance services in SELinux. In Proc. of the 2008 POLICY Workshop, pages 3-10, Palisades, NY, June 2008.
-
(2008)
Proc. of the 2008 POLICY Workshop
, pp. 3-10
-
-
Ahn, G.1
Zhang, X.2
Xu, W.3
-
2
-
-
11244281944
-
An introduction to the web services policy language (WSPL)
-
Yorktown Heights, NY, June
-
A. H. Anderson. An introduction to the web services policy language (WSPL). In Proc. of the 2004 POLICY Workshop, pages 189-192, Yorktown Heights, NY, June 2004.
-
(2004)
Proc. of the 2004 POLICY Workshop
, pp. 189-192
-
-
Anderson, A.H.1
-
5
-
-
33749664425
-
Boogie: A modular reusable verifier for object-oriented programs
-
Amsterdam, The Netherlands, November
-
M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Proc. of the 4th International Symposium on Formal Methods for Components and Objects, pages 364-387, Amsterdam, The Netherlands, November 2005.
-
(2005)
Proc. of the 4th International Symposium on Formal Methods for Components and Objects
, pp. 364-387
-
-
Barnett, M.1
Chang, B.-Y.E.2
DeLine, R.3
Jacobs, B.4
Leino, K.R.M.5
-
6
-
-
25844470866
-
-
The Spec# programming system: An overview, Marseille, France, March
-
M. Barnett, K. Rustan, M. Leino, and W. Schulte. The Spec# programming system: An overview. In Proc. of the Workshop on Construction and Analysis of Safe, Secure and Interoperable Smart devices, pages 49-69, Marseille, France, March 2004.
-
(2004)
Proc. of the Workshop on Construction and Analysis of Safe, Secure and Interoperable Smart devices
, pp. 49-69
-
-
Barnett, M.1
Rustan, K.2
Leino, M.3
Schulte, W.4
-
7
-
-
31844457357
-
Composing security policies with Polymer
-
Chicago, IL, June
-
L. Bauer, J. Ligatti, and D. Walker. Composing security policies with Polymer. In Proc. of the 2005 PLDI, pages 305-314, Chicago, IL, June 2005.
-
(2005)
Proc. of the 2005 PLDI
, pp. 305-314
-
-
Bauer, L.1
Ligatti, J.2
Walker, D.3
-
8
-
-
67649859970
-
Efficient and extensible security enforcement using dynamic data flow analysis
-
Alexandria, VA, October
-
W. Chang, B. Streiff, and C. Lin. Efficient and extensible security enforcement using dynamic data flow analysis. In Proc. of the 15th CCS, pages 39-50, Alexandria, VA, October 2008.
-
(2008)
Proc. of the 15th CCS
, pp. 39-50
-
-
Chang, W.1
Streiff, B.2
Lin, C.3
-
9
-
-
70450092979
-
Secure web applications via automatic partitioning
-
Stevenson, WA, October
-
S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Secure web applications via automatic partitioning. In Proc. of the 21st SOSP, pages 31-44, Stevenson, WA, October 2007.
-
(2007)
Proc. of the 21st SOSP
, pp. 31-44
-
-
Chong, S.1
Liu, J.2
Myers, A.C.3
Qi, X.4
Vikram, K.5
Zheng, L.6
Zheng, X.7
-
10
-
-
84877700103
-
SIF: Enforcing confidentiality and integrity in web applications
-
Boston, MA, August
-
S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing confidentiality and integrity in web applications. In Proc. of the 16th USENIX Security Symposium, pages 1-16, Boston, MA, August 2007.
-
(2007)
Proc. of the 16th USENIX Security Symposium
, pp. 1-16
-
-
Chong, S.1
Vikram, K.2
Myers, A.C.3
-
12
-
-
84944048132
-
The Ponder policy specification language
-
Bristol, UK, January
-
N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder policy specification language. In Proc. of the 2001 POLICY Workshop, pages 18-38, Bristol, UK, January 2001.
-
(2001)
Proc. of the 2001 POLICY Workshop
, pp. 18-38
-
-
Damianou, N.1
Dulay, N.2
Lupu, E.3
Sloman, M.4
-
13
-
-
0016949746
-
A lattice model of secure information flow
-
May
-
D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236-243, May 1976.
-
(1976)
Communications of the ACM
, vol.19
, Issue.5
, pp. 236-243
-
-
Denning, D.E.1
-
15
-
-
84885664275
-
Labels and event processes in the Asbestos operating system
-
Brighton, UK, October
-
P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In Proc. of the 20th SOSP, pages 17-30, Brighton, UK, October 2005.
-
(2005)
Proc. of the 20th SOSP
, pp. 17-30
-
-
Efstathopoulos, P.1
Krohn, M.2
VanDeBogart, S.3
Frey, C.4
Ziegler, D.5
Kohler, E.6
Mazières, D.7
Kaashoek, F.8
Morris, R.9
-
17
-
-
84975277890
-
Checking system rules using system-specific, programmer-written compiler extensions
-
San Diego, CA, October
-
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proc. of the 4th OSDI, pages 1-16, San Diego, CA, October 2000.
-
(2000)
Proc. of the 4th OSDI
, pp. 1-16
-
-
Engler, D.1
Chelf, B.2
Chou, A.3
Hallem, S.4
-
18
-
-
0036147522
-
Improving security using extensible lightweight static analysis
-
January/February
-
D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, 19(1):42-51, January/February 2002.
-
(2002)
IEEE Software
, vol.19
, Issue.1
, pp. 42-51
-
-
Evans, D.1
Larochelle, D.2
-
20
-
-
57349099221
-
Detecting and resolving policy misconfigurations in access-control systems
-
Estes Park, CO, June
-
S. Garriss, L. Bauer, and M. K. Reiter. Detecting and resolving policy misconfigurations in access-control systems. In Proc. of the 13th ACM Symposium on Access Control Models and Technologies, pages 185-194, Estes Park, CO, June 2008.
-
(2008)
Proc. of the 13th ACM Symposium on Access Control Models and Technologies
, pp. 185-194
-
-
Garriss, S.1
Bauer, L.2
Reiter, M.K.3
-
22
-
-
34547379435
-
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
-
Portland, OR, November
-
W. G. J. Halfond, A. Orso, and P. Manolios. Using positive tainting and syntax-aware evaluation to counter SQL injection attacks. In Proc. of the 14th FSE, pages 175-185, Portland, OR, November 2006.
-
(2006)
Proc. of the 14th FSE
, pp. 175-185
-
-
Halfond, W.G.J.1
Orso, A.2
Manolios, P.3
-
23
-
-
72249105537
-
-
N. Hippert. phpMyAdmin code execution vulnerability. http://fd.the- wildcat.de/pma-e36a091q11.php. CVE-2008-4096.
-
N. Hippert. phpMyAdmin code execution vulnerability. http://fd.the- wildcat.de/pma-e36a091q11.php. CVE-2008-4096.
-
-
-
-
25
-
-
33646010754
-
Privman: A library for partitioning applications
-
San Antonio, TX, June
-
D. Kilpatrick. Privman: A library for partitioning applications. In Proc. of the 2003 USENIX Annual Technical Conference, FREENIX track, pages 273-284, San Antonio, TX, June 2003.
-
(2003)
Proc. of the 2003 USENIX Annual Technical Conference, FREENIX track
, pp. 273-284
-
-
Kilpatrick, D.1
-
26
-
-
72249106871
-
-
E. Kohler. Hot crap! In Proc. of the Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems, San Francisco, CA, April 2008.
-
E. Kohler. Hot crap! In Proc. of the Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems, San Francisco, CA, April 2008.
-
-
-
-
27
-
-
33845403940
-
Building secure high-performance web services with OKWS
-
Boston, MA, June-July
-
M. Krohn. Building secure high-performance web services with OKWS. In Proc. of the 2004 USENIX Annual Technical Conference, pages 185-198, Boston, MA, June-July 2004.
-
(2004)
Proc. of the 2004 USENIX Annual Technical Conference
, pp. 185-198
-
-
Krohn, M.1
-
28
-
-
57749192483
-
Information flow control for standard OS abstractions
-
Stevenson, WA, October
-
M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard OS abstractions. In Proc. of the 21st SOSP, pages 321-334, Stevenson, WA, October 2007.
-
(2007)
Proc. of the 21st SOSP
, pp. 321-334
-
-
Krohn, M.1
Yip, A.2
Brodsky, M.3
Cliffer, N.4
Kaashoek, M.F.5
Kohler, E.6
Morris, R.7
-
29
-
-
84923564816
-
Finding security vulnerabilities in Java applications with static analysis
-
Baltimore, MD, August
-
V. B. Livshits and M. S. Lam. Finding security vulnerabilities in Java applications with static analysis. In Proc. of the 14th USENIX Security Symposium, pages 271-286, Baltimore, MD, August 2005.
-
(2005)
Proc. of the 14th USENIX Security Symposium
, pp. 271-286
-
-
Livshits, V.B.1
Lam, M.S.2
-
30
-
-
31744432699
-
Finding application errors and security flaws using PQL: A program query language
-
San Diego, CA, October
-
M. Martin, B. Livshits, and M. Lam. Finding application errors and security flaws using PQL: a program query language. In Proc. of the 2005 OOPSLA, pages 365-383, San Diego, CA, October 2005.
-
(2005)
Proc. of the 2005 OOPSLA
, pp. 365-383
-
-
Martin, M.1
Livshits, B.2
Lam, M.3
-
32
-
-
0001048139
-
Protecting privacy using the decentralized label model
-
October
-
A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM TOCS, 9(4):410-442, October 2000.
-
(2000)
ACM TOCS
, vol.9
, Issue.4
, pp. 410-442
-
-
Myers, A.C.1
Liskov, B.2
-
33
-
-
72249103422
-
-
myPHPscripts.net. Login session script. http://www.myphpscripts.net/?sid= 7. CVE-2008-5855.
-
myPHPscripts.net. Login session script. http://www.myphpscripts.net/?sid= 7. CVE-2008-5855.
-
-
-
-
34
-
-
84871349041
-
Automatically hardening Web applications using precise tainting
-
Chiba, Japan, May
-
A. Nguyen-tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening Web applications using precise tainting. In Proc. of the 20th IFIP International Information Security Conference, pages 295-307, Chiba, Japan, May 2005.
-
(2005)
Proc. of the 20th IFIP International Information Security Conference
, pp. 295-307
-
-
Nguyen-tuong, A.1
Guarnieri, S.2
Greene, D.3
Shirley, J.4
Evans, D.5
-
38
-
-
72249094756
-
-
phpMyAdmin. phpMyAdmin 3.1.0. http://www.phpmyadmin.net/.
-
phpMyAdmin. phpMyAdmin 3.1.0. http://www.phpmyadmin.net/.
-
-
-
-
40
-
-
50249112702
-
Fable: A language for enforcing user-defined security policies
-
Oakland, CA, May
-
N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In Proc. of the 2008 IEEE Symposium on Security and Privacy, pages 369-383, Oakland, CA, May 2008.
-
(2008)
Proc. of the 2008 IEEE Symposium on Security and Privacy
, pp. 369-383
-
-
Swamy, N.1
Corcoran, B.J.2
Hicks, M.3
-
45
-
-
0346609657
-
Applying aspect-oriented programming to security
-
February
-
J. Viega, J. T. Bloch, and P. Chandra. Applying aspect-oriented programming to security. Cutter IT Journal, 14(2):31-39, February 2001.
-
(2001)
Cutter IT Journal
, vol.14
, Issue.2
, pp. 31-39
-
-
Viega, J.1
Bloch, J.T.2
Chandra, P.3
-
47
-
-
35449004893
-
Sound and precise analysis of Web applications for injection vulnerabilities
-
San Diego, CA, June
-
G. Wassermann and Z. Su. Sound and precise analysis of Web applications for injection vulnerabilities. In Proc. of the 2007 PLDI, pages 32-41, San Diego, CA, June 2007.
-
(2007)
Proc. of the 2007 PLDI
, pp. 32-41
-
-
Wassermann, G.1
Su, Z.2
-
48
-
-
72249107524
-
-
Web Application Security Consortium. 2007 web application security statistics. http://www.webappsec.org/projects/statistics/wasc-wass-2007.pdf.
-
Web Application Security Consortium. 2007 web application security statistics. http://www.webappsec.org/projects/statistics/wasc-wass-2007.pdf.
-
-
-
-
49
-
-
84910681237
-
Static detection of security vulnerabilities in scripting languages
-
Vancouver, BC, Canada, July
-
Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In Proc. of the 15th USENIX Security Symposium, pages 179-192, Vancouver, BC, Canada, July 2006.
-
(2006)
Proc. of the 15th USENIX Security Symposium
, pp. 179-192
-
-
Xie, Y.1
Aiken, A.2
-
50
-
-
84991934426
-
TightLip: Keeping applications from spilling the beans
-
Cambridge, MA, April
-
A. Yumerefendi, B. Mickle, and L. P. Cox. TightLip: Keeping applications from spilling the beans. In Proc. of the 4th NSDI, pages 159-172, Cambridge, MA, April 2007.
-
(2007)
Proc. of the 4th NSDI
, pp. 159-172
-
-
Yumerefendi, A.1
Mickle, B.2
Cox, L.P.3
-
51
-
-
84888352157
-
Making information flow explicit in HiStar
-
Seattle, WA, November
-
N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proc. of the 7th OSDI, pages 263-278, Seattle, WA, November 2006.
-
(2006)
Proc. of the 7th OSDI
, pp. 263-278
-
-
Zeldovich, N.1
Boyd-Wickizer, S.2
Kohler, E.3
Mazières, D.4
-
52
-
-
85094632142
-
Securing distributed systems with information flow control
-
San Francisco, CA, April
-
N. Zeldovich, S. Boyd-Wickizer, and D. Mazières. Securing distributed systems with information flow control. In Proc. of the 5th NSDI, pages 293-308, San Francisco, CA, April 2008.
-
(2008)
Proc. of the 5th NSDI
, pp. 293-308
-
-
Zeldovich, N.1
Boyd-Wickizer, S.2
Mazières, D.3
|