Securing web application code by static analysis and runtime protection
作者: Yao-Wen Huang , Fang Yu , Christian Hang , Chung-Hung Tsai , Der-Tsai Lee
关键词:
摘要: … by Static Analysis and Runtime Inspection) as a framework for extending existing script languages … language [40]. Given the corresponding grammar, WebSSARI can also support other …
acm.org
core.ac.uk
www2004.org 参考文章(60)
David Wagner, Kunal Talwar, Jeffrey S. Foster, Umesh Shankar, Detecting format string vulnerabilities with type qualifiers usenix security symposium. pp. 16- 16 ,(2001)
Eric A. Brewer, Alexander Aiken, David A. Wagner, Jeffrey S. Foster, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. network and distributed system security symposium. ,(2000)
Ádám Darvas, Reiner Hähnle, David Sands, A theorem proving approach to analysis of secure information flow international workshop on security. ,vol. 3450, pp. 193- 209 ,(2005) , 10.1007/978-3-540-32004-3_20
K. Ashcraft, D. Engler, Using programmer-written compiler extensions to catch security holes ieee symposium on security and privacy. pp. 143- 159 ,(2002) , 10.1109/SECPRI.2002.1004368
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
T. Jensen, D. Le Metayer, T. Thorn, Verification of control flow based security properties ieee symposium on security and privacy. pp. 89- 103 ,(1999) , 10.1109/SECPRI.1999.766902
Jeffrey S. Foster, Manuel Fähndrich, Alexander Aiken, A theory of type qualifiers Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation - PLDI '99. ,vol. 34, pp. 192- 203 ,(1999) , 10.1145/301618.301665
J. A. Goguen, J. Meseguer, Security Policies and Security Models ieee symposium on security and privacy. pp. 11- 11 ,(1982) , 10.1109/SP.1982.10014
Franklin L. DeRemer, Simple
LR(k)
grammars Communications of the ACM. ,vol. 14, pp. 453- 460 ,(1971) , 10.1145/362619.362625
Jean-Pierre Banâtre, Ciarán Bryce, Daniel Le Métayer, Compile-Time Detection of Information Flow in Sequential Programs european symposium on research in computer security. pp. 55- 73 ,(1994) , 10.1007/3-540-58618-0_56