메뉴 건너뛰기




Volumn , Issue , 2009, Pages 291-304

Improving application security with data flow assertions

Author keywords

PHP; Privacy; Python; Security; SQL injection; Web; XSS

Indexed keywords

APPLICATION CODES; APPLICATION DATA; APPLICATION SECURITY; CONFERENCE MANAGEMENT; CROSS SITE SCRIPTING; DATA FLOW; DATA-TRACKING; LINES OF CODE; RUN-TIME CHECKS; RUNTIMES; SECURITY VULNERABILITIES; SQL INJECTION; WEB APPLICATION; WEB FORUMS;

EID: 72249104474     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1629575.1629604     Document Type: Conference Paper
Times cited : (132)

References (52)
  • 1
    • 51849128388 scopus 로고    scopus 로고
    • Systematic policy analysis for high-assurance services in SELinux
    • Palisades, NY, June
    • G. Ahn, X. Zhang, and W. Xu. Systematic policy analysis for high-assurance services in SELinux. In Proc. of the 2008 POLICY Workshop, pages 3-10, Palisades, NY, June 2008.
    • (2008) Proc. of the 2008 POLICY Workshop , pp. 3-10
    • Ahn, G.1    Zhang, X.2    Xu, W.3
  • 2
    • 11244281944 scopus 로고    scopus 로고
    • An introduction to the web services policy language (WSPL)
    • Yorktown Heights, NY, June
    • A. H. Anderson. An introduction to the web services policy language (WSPL). In Proc. of the 2004 POLICY Workshop, pages 189-192, Yorktown Heights, NY, June 2004.
    • (2004) Proc. of the 2004 POLICY Workshop , pp. 189-192
    • Anderson, A.H.1
  • 7
    • 31844457357 scopus 로고    scopus 로고
    • Composing security policies with Polymer
    • Chicago, IL, June
    • L. Bauer, J. Ligatti, and D. Walker. Composing security policies with Polymer. In Proc. of the 2005 PLDI, pages 305-314, Chicago, IL, June 2005.
    • (2005) Proc. of the 2005 PLDI , pp. 305-314
    • Bauer, L.1    Ligatti, J.2    Walker, D.3
  • 8
    • 67649859970 scopus 로고    scopus 로고
    • Efficient and extensible security enforcement using dynamic data flow analysis
    • Alexandria, VA, October
    • W. Chang, B. Streiff, and C. Lin. Efficient and extensible security enforcement using dynamic data flow analysis. In Proc. of the 15th CCS, pages 39-50, Alexandria, VA, October 2008.
    • (2008) Proc. of the 15th CCS , pp. 39-50
    • Chang, W.1    Streiff, B.2    Lin, C.3
  • 10
    • 84877700103 scopus 로고    scopus 로고
    • SIF: Enforcing confidentiality and integrity in web applications
    • Boston, MA, August
    • S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing confidentiality and integrity in web applications. In Proc. of the 16th USENIX Security Symposium, pages 1-16, Boston, MA, August 2007.
    • (2007) Proc. of the 16th USENIX Security Symposium , pp. 1-16
    • Chong, S.1    Vikram, K.2    Myers, A.C.3
  • 13
    • 0016949746 scopus 로고
    • A lattice model of secure information flow
    • May
    • D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236-243, May 1976.
    • (1976) Communications of the ACM , vol.19 , Issue.5 , pp. 236-243
    • Denning, D.E.1
  • 16
  • 17
    • 84975277890 scopus 로고    scopus 로고
    • Checking system rules using system-specific, programmer-written compiler extensions
    • San Diego, CA, October
    • D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proc. of the 4th OSDI, pages 1-16, San Diego, CA, October 2000.
    • (2000) Proc. of the 4th OSDI , pp. 1-16
    • Engler, D.1    Chelf, B.2    Chou, A.3    Hallem, S.4
  • 18
    • 0036147522 scopus 로고    scopus 로고
    • Improving security using extensible lightweight static analysis
    • January/February
    • D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, 19(1):42-51, January/February 2002.
    • (2002) IEEE Software , vol.19 , Issue.1 , pp. 42-51
    • Evans, D.1    Larochelle, D.2
  • 22
    • 34547379435 scopus 로고    scopus 로고
    • Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
    • Portland, OR, November
    • W. G. J. Halfond, A. Orso, and P. Manolios. Using positive tainting and syntax-aware evaluation to counter SQL injection attacks. In Proc. of the 14th FSE, pages 175-185, Portland, OR, November 2006.
    • (2006) Proc. of the 14th FSE , pp. 175-185
    • Halfond, W.G.J.1    Orso, A.2    Manolios, P.3
  • 23
    • 72249105537 scopus 로고    scopus 로고
    • N. Hippert. phpMyAdmin code execution vulnerability. http://fd.the- wildcat.de/pma-e36a091q11.php. CVE-2008-4096.
    • N. Hippert. phpMyAdmin code execution vulnerability. http://fd.the- wildcat.de/pma-e36a091q11.php. CVE-2008-4096.
  • 26
    • 72249106871 scopus 로고    scopus 로고
    • E. Kohler. Hot crap! In Proc. of the Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems, San Francisco, CA, April 2008.
    • E. Kohler. Hot crap! In Proc. of the Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems, San Francisco, CA, April 2008.
  • 27
    • 33845403940 scopus 로고    scopus 로고
    • Building secure high-performance web services with OKWS
    • Boston, MA, June-July
    • M. Krohn. Building secure high-performance web services with OKWS. In Proc. of the 2004 USENIX Annual Technical Conference, pages 185-198, Boston, MA, June-July 2004.
    • (2004) Proc. of the 2004 USENIX Annual Technical Conference , pp. 185-198
    • Krohn, M.1
  • 29
    • 84923564816 scopus 로고    scopus 로고
    • Finding security vulnerabilities in Java applications with static analysis
    • Baltimore, MD, August
    • V. B. Livshits and M. S. Lam. Finding security vulnerabilities in Java applications with static analysis. In Proc. of the 14th USENIX Security Symposium, pages 271-286, Baltimore, MD, August 2005.
    • (2005) Proc. of the 14th USENIX Security Symposium , pp. 271-286
    • Livshits, V.B.1    Lam, M.S.2
  • 30
    • 31744432699 scopus 로고    scopus 로고
    • Finding application errors and security flaws using PQL: A program query language
    • San Diego, CA, October
    • M. Martin, B. Livshits, and M. Lam. Finding application errors and security flaws using PQL: a program query language. In Proc. of the 2005 OOPSLA, pages 365-383, San Diego, CA, October 2005.
    • (2005) Proc. of the 2005 OOPSLA , pp. 365-383
    • Martin, M.1    Livshits, B.2    Lam, M.3
  • 32
    • 0001048139 scopus 로고    scopus 로고
    • Protecting privacy using the decentralized label model
    • October
    • A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM TOCS, 9(4):410-442, October 2000.
    • (2000) ACM TOCS , vol.9 , Issue.4 , pp. 410-442
    • Myers, A.C.1    Liskov, B.2
  • 33
    • 72249103422 scopus 로고    scopus 로고
    • myPHPscripts.net. Login session script. http://www.myphpscripts.net/?sid= 7. CVE-2008-5855.
    • myPHPscripts.net. Login session script. http://www.myphpscripts.net/?sid= 7. CVE-2008-5855.
  • 38
    • 72249094756 scopus 로고    scopus 로고
    • phpMyAdmin. phpMyAdmin 3.1.0. http://www.phpmyadmin.net/.
    • phpMyAdmin. phpMyAdmin 3.1.0. http://www.phpmyadmin.net/.
  • 45
    • 0346609657 scopus 로고    scopus 로고
    • Applying aspect-oriented programming to security
    • February
    • J. Viega, J. T. Bloch, and P. Chandra. Applying aspect-oriented programming to security. Cutter IT Journal, 14(2):31-39, February 2001.
    • (2001) Cutter IT Journal , vol.14 , Issue.2 , pp. 31-39
    • Viega, J.1    Bloch, J.T.2    Chandra, P.3
  • 47
    • 35449004893 scopus 로고    scopus 로고
    • Sound and precise analysis of Web applications for injection vulnerabilities
    • San Diego, CA, June
    • G. Wassermann and Z. Su. Sound and precise analysis of Web applications for injection vulnerabilities. In Proc. of the 2007 PLDI, pages 32-41, San Diego, CA, June 2007.
    • (2007) Proc. of the 2007 PLDI , pp. 32-41
    • Wassermann, G.1    Su, Z.2
  • 48
    • 72249107524 scopus 로고    scopus 로고
    • Web Application Security Consortium. 2007 web application security statistics. http://www.webappsec.org/projects/statistics/wasc-wass-2007.pdf.
    • Web Application Security Consortium. 2007 web application security statistics. http://www.webappsec.org/projects/statistics/wasc-wass-2007.pdf.
  • 49
    • 84910681237 scopus 로고    scopus 로고
    • Static detection of security vulnerabilities in scripting languages
    • Vancouver, BC, Canada, July
    • Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In Proc. of the 15th USENIX Security Symposium, pages 179-192, Vancouver, BC, Canada, July 2006.
    • (2006) Proc. of the 15th USENIX Security Symposium , pp. 179-192
    • Xie, Y.1    Aiken, A.2
  • 50
    • 84991934426 scopus 로고    scopus 로고
    • TightLip: Keeping applications from spilling the beans
    • Cambridge, MA, April
    • A. Yumerefendi, B. Mickle, and L. P. Cox. TightLip: Keeping applications from spilling the beans. In Proc. of the 4th NSDI, pages 159-172, Cambridge, MA, April 2007.
    • (2007) Proc. of the 4th NSDI , pp. 159-172
    • Yumerefendi, A.1    Mickle, B.2    Cox, L.P.3
  • 52
    • 85094632142 scopus 로고    scopus 로고
    • Securing distributed systems with information flow control
    • San Francisco, CA, April
    • N. Zeldovich, S. Boyd-Wickizer, and D. Mazières. Securing distributed systems with information flow control. In Proc. of the 5th NSDI, pages 293-308, San Francisco, CA, April 2008.
    • (2008) Proc. of the 5th NSDI , pp. 293-308
    • Zeldovich, N.1    Boyd-Wickizer, S.2    Mazières, D.3


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.