-
1
-
-
0024663403
-
With microscope and tweezers: An analysis of the internet virus of november 1988
-
M.W. Eichin and J.A. Rochlis, "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988," Proc. IEEE Symp. Security and Privacy, pp. 326-343, 1989.
-
(1989)
Proc. IEEE Symp. Security and Privacy
, pp. 326-343
-
-
Eichin, M.W.1
Rochlis, J.A.2
-
3
-
-
0024681099
-
Crisis and aftermath
-
E.H. Spafford, "Crisis and Aftermath," Comm. ACM, vol. 32, no. 6, pp. 678-687, 1989.
-
(1989)
Comm. ACM
, vol.32
, Issue.6
, pp. 678-687
-
-
Spafford, E.H.1
-
4
-
-
8744281125
-
-
CERT, CERT Advisory CA-2003-20, Aug.
-
CERT, "W32/Blaster Worm," CERT Advisory CA-2003-20, http://www.cert.org/advisories/CA-2003-20.html, Aug. 2003.
-
(2003)
W32/Blaster Worm
-
-
-
5
-
-
2642519394
-
-
CERT, CERT Advisory CA-2003-04, Jan.
-
CERT, "MS-SQL Server Worm," CERT Advisory CA-2003-04, http://www.cert.org/advisories/CA-2003-04.html, Jan. 2003.
-
(2003)
MS-SQL Server Worm
-
-
-
6
-
-
33744935097
-
-
CERT, CERT Advisory CA-2002-27, Oct.
-
CERT, "Apache/mod-ssl Worm," CERT Advisory CA-2002-27, http://www.cert.org/advisories/CA-2002-27.html, Oct. 2002.
-
(2002)
Apache/mod-ssl Worm
-
-
-
8
-
-
4244165283
-
-
CERT, CERT Advisory CA-2001-23, July
-
CERT, "Continuing Threat of the 'Code Red' Worm," CERT Advisory CA-2001-23, http://www.cert.org/advisories/CA-2001-23.html, July 2001.
-
(2001)
Continuing Threat of the 'Code Red' Worm
-
-
-
10
-
-
0003513832
-
-
ICET, Nat'l Bureau of Standards NBSIR,Apr.
-
R. Abbott, J. Chin, J. Donnelley, W. Konigsford, S. Tokubo, and D. Webb, Security Analysis and Enhancements of Computer Operating Systems, ICET, Nat'l Bureau of Standards NBSIR 76-1041, Apr. 1976.
-
(1976)
Security Analysis and Enhancements of Computer Operating Systems
, pp. 76-1041
-
-
Abbott, R.1
Chin, J.2
Donnelley, J.3
Konigsford, W.4
Tokubo, S.5
Webb, D.6
-
12
-
-
2442605789
-
Protection analysis: Final report technical report ISI/SR-78-13
-
Univ. of Southern California, May
-
R. Bisbey II and D. Hollingsworth, "Protection Analysis: Final Report," Technical Report ISI/SR-78-13, Information Sciences Inst., Univ. of Southern California, May 1978.
-
(1978)
Information Sciences Inst.
-
-
Bisbey II, R.1
Hollingsworth, D.2
-
13
-
-
0028514027
-
A taxonomy of computer program security flaws
-
C.E. Landwehr, A.R. Bull, J.P. McDermott, and W.S. Choi, "A Taxonomy of Computer Program Security Flaws," ACM Computing Surveys, vol. 26, no. 3, pp. 211-254, 1994.
-
(1994)
ACM Computing Surveys
, vol.26
, Issue.3
, pp. 211-254
-
-
Landwehr, C.E.1
Bull, A.R.2
McDermott, J.P.3
Choi, W.S.4
-
15
-
-
84946237235
-
Buffer overflows: Attacks and defenses for the vulnerability of the decade
-
C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole, "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade," Proc. Foundations of Intrusion Tolerant Systems, pp. 227-237, 2003.
-
(2003)
Proc. Foundations of Intrusion Tolerant Systems
, pp. 227-237
-
-
Cowan, C.1
Wagle, P.2
Pu, C.3
Beattie, S.4
Walpole, J.5
-
16
-
-
0006100649
-
Smashing the stack for fun and profit
-
AlephOne
-
AlephOne, "Smashing the Stack for Fun and Profit," Phrack, vol. 7, no. 49, 1996.
-
(1996)
Phrack
, vol.7
, Issue.49
-
-
-
20
-
-
78649987048
-
Heap feng shui in javascript
-
A. Sotirov, "Heap Feng Shui in Javascript," Proc. Black Hat Europe, http://www.blackhat.com/presentations/bh-europe-07/FSotirov/ Presentation/bh-eu-07-sotirov-apr19.pdf, 2007.
-
(2007)
Proc. Black Hat Europe
-
-
Sotirov, A.1
-
22
-
-
12344288334
-
-
technical report, Guardent, Inc. Sept.
-
T. Newsham, "Format String Attacks," technical report, Guardent, Inc., Sept. 2000.
-
(2000)
Format String Attacks
-
-
Newsham, T.1
-
25
-
-
84858640092
-
-
PhD dissertation Dept. of Computer Science, Univ. of California, Davis, June
-
S. Engle, "A Policy-Based Vulnerability Analysis Framework," PhD dissertation, Dept. of Computer Science, Univ. of California, Davis, June 2010.
-
(2010)
A Policy-Based Vulnerability Analysis Framework
-
-
Engle, S.1
-
27
-
-
85081874807
-
A first step towards automated detection of buffer overrun vulnerabilities
-
D. Wagner, J.S. Foster, E. Brewer, and A. Aiken, "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities," Proc. Symp. Network and Distributed Systems Security, pp. 3-17, 2000.
-
(2000)
Proc. Symp. Network and Distributed Systems Security
, pp. 3-17
-
-
Wagner, D.1
Foster, J.S.2
Brewer, E.3
Aiken, A.4
-
29
-
-
0038005495
-
Buffer overflow and format string overflow vulnerabilities
-
K.-S. Lhee and S.J. Chapin, "Buffer Overflow and Format String Overflow Vulnerabilities," Software: Practice and Experience, vol. 33, no. 5, pp. 423-460, 2003.
-
(2003)
Software: Practice and Experience
, vol.33
, Issue.5
, pp. 423-460
-
-
Lhee, K.-S.1
Chapin, S.J.2
-
31
-
-
84944726311
-
Defending embedded systems against buffer overflow via hardware/software
-
Z. Shao, Q. Zhuge, Y. He, and E. Sha, "Defending Embedded Systems against Buffer Overflow via Hardware/Software," Proc. 19th Ann. Computer Security Applications Conf., pp. 351-361, 2003.
-
(2003)
Proc. 19th Ann. Computer Security Applications Conf.
, pp. 351-361
-
-
Shao, Z.1
Zhuge, Q.2
He, Y.3
Sha, E.4
-
32
-
-
85084160243
-
Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks
-
C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "Stackguard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," Proc. Seven USENIX Security Symp., 1998.
-
(1998)
Proc. Seven USENIX Security Symp.
-
-
Cowan, C.1
Pu, C.2
Maier, D.3
Walpole, J.4
Bakke, P.5
Beattie, S.6
Grier, A.7
Wagle, P.8
Zhang, Q.9
Hinton, H.10
-
33
-
-
85009448253
-
PointguardTM: Protecting pointers from buffer overflow vulnerabilities
-
C. Cowan, S. Beattie, J. Johansen, and P. Wagle, "PointguardTM: Protecting Pointers from Buffer Overflow Vulnerabilities," Proc. 12th Conf. USENIX Security Symp., pp. 91-104, 2003.
-
(2003)
Proc. 12th Conf. USENIX Security Symp.
, pp. 91-104
-
-
Cowan, C.1
Beattie, S.2
Johansen, J.3
Wagle, P.4
-
34
-
-
12344316966
-
Architecture support for defending against buffer overflow attacks
-
J. Xu, Z. Kalbarczyk, S. Patel, and R.K. Iyer, "Architecture Support for Defending against Buffer Overflow Attacks," Proc. Workshop Evaluating and Architecting System Dependability, 2002.
-
(2002)
Proc. Workshop Evaluating and Architecting System Dependability
-
-
Xu, J.1
Kalbarczyk, Z.2
Patel, S.3
Iyer, R.K.4
-
36
-
-
80054829436
-
Instruction-level countermeasures against stack-based buffer overflow attacks
-
F. Gadaleta, Y. Younan, B. Jacobs, W. Joosen, E.D. Neve, and N. Beosier, "Instruction-Level Countermeasures against Stack-Based Buffer Overflow Attacks," Proc. First EuroSys Workshop Virtualization Technology for Dependable Systems, pp. 7-12, 2009.
-
(2009)
Proc. First EuroSys Workshop Virtualization Technology for Dependable Systems
, pp. 7-12
-
-
Gadaleta, F.1
Younan, Y.2
Jacobs, B.3
Joosen, W.4
Neve, E.D.5
Beosier, N.6
-
37
-
-
84954188728
-
Efficient techniques for comprehensive protection from memory error exploits
-
S. Bhatkar, R. Sekar, and D.C. DuVarney, "Efficient Techniques for Comprehensive Protection from Memory Error Exploits," Proc. 14th USENIX Security Conf., pp. 255-270, 2005.
-
(2005)
Proc. 14th USENIX Security Conf.
, pp. 255-270
-
-
Bhatkar, S.1
Sekar, R.2
DuVarney, D.C.3
-
38
-
-
31344451091
-
Security vulnerabilities: From analysis to detection and masking techniques
-
DOI 10.1109/JPROC.2005.862473
-
S. Chen, J. Xu, Z. Kalbarczyk, and R.K. Iyer, "Security Vulnerabilities: From Analysis to Detection and Masking Techniques," Proc. IEEE, vol. 94, no. 2, pp. 407-418, Feb. 2006. (Pubitemid 43145993)
-
(2006)
Proceedings of the IEEE
, vol.94
, Issue.2
, pp. 407-418
-
-
Chen, S.1
Jun, X.U.2
Kalbarczyk, Z.3
Iyer, R.K.4
-
39
-
-
0030697765
-
Building diverse computer systems
-
S. Forrest, A. Somayaji, and D.H. Ackley, "Building Diverse Computer Systems," Proc. Sixth Workshop Hot Topics in Operating Systems, pp. 67-72, 1997.
-
(1997)
Proc. Sixth Workshop Hot Topics in Operating Systems
, pp. 67-72
-
-
Forrest, S.1
Somayaji, A.2
Ackley, D.H.3
-
40
-
-
27644457078
-
Transparent runtime randomization for security
-
Proceedings - 22nd International Symposium on Reliable Distributed Systems, SRDS 2003
-
J. Xu, Z. Kalbarczyk, and R.K. Iyer, "Transparent Runtime Randomization for Security," Proc. 22nd Int'l Symp. Reliable Distributed Systems, pp. 260-269, 2003. (Pubitemid 41550528)
-
(2003)
Proceedings of the IEEE Symposium on Reliable Distributed Systems
, pp. 260-269
-
-
Xu, J.1
Kalbarczyk, Z.2
Iyer, R.K.3
-
41
-
-
14844317200
-
Countering code-injection attacks with instruction-set randomization
-
Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003
-
G.S. Kc, A.D. Keromytis, and V. Prevelakis, "Countering Code-Injection Attacks with Instruction-Set Randomiztion," Proc. 10th ACM Conf. Computer and Comm. Security, pp. 272-280, 2003. (Pubitemid 40673809)
-
(2003)
Proceedings of the ACM Conference on Computer and Communications Security
, pp. 272-280
-
-
Kc, G.S.1
Keromytis, A.D.2
Prevelakis, V.3
-
42
-
-
84924734121
-
NOZZLE: A defense against heap-spraying code injection attacks
-
P. Ratanaworabhan, B. Livshits, and B. Zorn, "NOZZLE: A Defense against Heap-Spraying Code Injection Attacks," Proc. 18th USENIX Security Symp., pp. 169-186, 2009.
-
(2009)
Proc. 18th USENIX Security Symp.
, pp. 169-186
-
-
Ratanaworabhan, P.1
Livshits, B.2
Zorn, B.3
-
43
-
-
70350626575
-
Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks
-
M. Egele, P. Wurzinger, C. Kruegel, and E. Kirda, "Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks," Proc. Sixth Int'l Conf. Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 88-106, 2009.
-
(2009)
Proc. Sixth Int'l Conf. Detection of Intrusions and Malware, and Vulnerability Assessment
, pp. 88-106
-
-
Egele, M.1
Wurzinger, P.2
Kruegel, C.3
Kirda, E.4
-
44
-
-
77949446893
-
BuBBle: A javascript engine level countermeasure against heap-spraying attacks
-
F. Gadaleta, Y. Younan, and W. Joosen, "BuBBle: A Javascript Engine Level Countermeasure against Heap-spraying Attacks," Proc. Second Int'l Symp. Eng. Secure Software and Systems, pp. 1-17, 2010.
-
(2010)
Proc. Second Int'l Symp. Eng. Secure Software and Systems
, pp. 1-17
-
-
Gadaleta, F.1
Younan, Y.2
Joosen, W.3
|