Information Flow Control for Secure Cloud Computing
暂无分享,去创建一个
David M. Eyers | Peter R. Pietzuch | Jatinder Singh | Jean Bacon | Ioannis Papagiannis | Thomas F. J.-M. Pasquier | J. Bacon | D. Eyers | Jatinder Singh | Thomas Pasquier | P. Pietzuch | I. Papagiannis
[1] K. J. Bma. Integrity considerations for secure computer systems , 1977 .
[2] Eddie Kohler,et al. Information flow control for standard OS abstractions , 2007, SOSP.
[3] Marianne Winslett,et al. VEX: Vetting Browser Extensions for Security Vulnerabilities , 2010, USENIX Security Symposium.
[4] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[5] D. M. Hutton,et al. Securing the Cloud: Cloud Computer Security Techniques and Tactics , 2012 .
[6] Michael K. Reiter,et al. Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.
[7] Alejandro Russo,et al. From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research , 2009, Ershov Memorial Conference.
[8] Hao Chen,et al. DBTaint: Cross-Application Information Flow Tracking via Databases , 2010, WebApps.
[9] Jean Bacon,et al. Enforcing User Privacy in Web Applications using Erlang , 2010 .
[10] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[11] Adrian Perrig,et al. CLAMP: Practical Prevention of Large-Scale Data Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[12] R. V. van Nieuwpoort,et al. The Grid 2: Blueprint for a New Computing Infrastructure , 2003 .
[13] Dan Suciu. SQL on an encrypted database: technical perspective , 2012, CACM.
[14] Alejandro Russo,et al. Dynamic vs. Static Flow-Sensitive Security Analysis , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.
[15] Donald E. Porter,et al. Laminar: practical fine-grained decentralized information flow control , 2009, PLDI '09.
[16] Christopher Krügel,et al. Scalable, Behavior-Based Malware Clustering , 2009, NDSS.
[17] Peter R. Pietzuch,et al. PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks , 2011, WebApps.
[18] Thomas Santen,et al. Verifying the Microsoft Hyper-V Hypervisor with VCC , 2009, FM.
[19] Eddie Kohler,et al. Making information flow explicit in HiStar , 2006, OSDI '06.
[20] Marianne Winslett,et al. Vetting browser extensions for security vulnerabilities with VEX , 2011, CACM.
[21] Patrick Mutchler,et al. GuardRails: A Data-Centric Web Application Security Framework , 2011, WebApps.
[22] John McHugh. An Information Flow Tool for Gypsy , 1985, 1985 IEEE Symposium on Security and Privacy.
[23] Guilherme Ottoni,et al. RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).
[24] Steven B. Lipner,et al. A comment on the confinement problem , 1975, SOSP.
[25] Herbert Bos,et al. Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.
[26] Vincent Simonet. Flow Caml in a Nutshell , 2003 .
[27] Alfred V. Aho,et al. Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.
[28] Steve Hanna,et al. A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.
[29] Alejandro Russo,et al. A Taint Mode for Python via a Library , 2010, NordSec.
[30] Herbert Bos,et al. Minemu: The World's Fastest Taint Tracker , 2011, RAID.
[31] Christopher Krügel,et al. Dynamic Analysis of Malicious Code , 2006, Journal in Computer Virology.
[32] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[33] Alberto G. Araiza. Electronic Discovery in the Cloud , 2011 .
[34] Manu Sridharan,et al. TAJ: effective taint analysis of web applications , 2009, PLDI '09.
[35] Butler W. Lampson,et al. A note on the confinement problem , 1973, CACM.
[36] Angelos D. Keromytis,et al. libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.
[37] Jens Palsberg,et al. Trust in the λ-calculus , 1995, Journal of Functional Programming.
[38] P. Mell,et al. The NIST Definition of Cloud Computing , 2011 .
[39] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..
[40] Michael K. Reiter,et al. Cross-VM side channels and their use to extract private keys , 2012, CCS.
[41] Stephen Biggs,et al. Cloud Computing: The impact on digital forensic investigations , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).
[42] Hakan Hacigümüs,et al. Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.
[43] Dawson R. Engler,et al. EXE: Automatically Generating Inputs of Death , 2008, TSEC.
[44] David Evans,et al. Enforcing End-to-End Application Security in the Cloud - (Big Ideas Paper) , 2010, Middleware.
[45] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.
[46] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.
[47] Matthias Schunter,et al. Secure cloud maintenance: protecting workloads against insider attacks , 2012, ASIACCS '12.
[48] Thomas H. Austin,et al. Permissive dynamic information flow analysis , 2010, PLAS '10.
[49] Wenke Lee,et al. A layered approach to simplified access control in virtualized systems , 2007, OPSR.
[50] Ben Hardekopf,et al. Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach , 2011, 2011 IEEE Symposium on Security and Privacy.
[51] Dorothy E. Denning,et al. Cryptography and Data Security , 1982 .
[52] Silas Boyd-Wickizer,et al. Securing Distributed Systems with Information Flow Control , 2008, NSDI.
[53] Dawson R. Engler,et al. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.
[54] Vitaly Shmatikov,et al. Airavat: Security and Privacy for MapReduce , 2010, NSDI.
[55] Andrew C. Myers,et al. Secure Information Flow and CPS , 2001, ESOP.
[56] James W. Gray,et al. Probabilistic interference , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.
[57] Randy H. Katz,et al. Above the Clouds: A Berkeley View of Cloud Computing , 2009 .
[58] Winnie Cheng,et al. Abstractions for Usable Information Flow Control in Aeolus , 2012, USENIX Annual Technical Conference.
[59] Steve Vandebogart,et al. Make Least Privilege a Right (Not a Privilege) , 2005, HotOS.
[60] SUMMARY OF RESPONSES TO THE PUBLIC CONSULTATION , 2010 .
[61] Geoffrey Smith,et al. A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..
[62] David Evans,et al. SafeWeb: A Middleware for Securing Ruby-Based Web Applications , 2011, Middleware.
[63] Wenke Lee,et al. xBook: Redesigning Privacy Control in Social Networking Platforms , 2009, USENIX Security Symposium.
[64] Steven B. Lipner,et al. Trusted Computer System Evaluation Criteria ( Orange Book ) December , 2001 .
[65] Fabrice Bellard,et al. QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX Annual Technical Conference, FREENIX Track.
[66] Stephen McCamant,et al. DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation , 2011, NDSS.
[67] Mukesh Singhal,et al. Information flow control in cloud computing , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).
[68] Heng Yin,et al. Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.
[69] David M. Eyers,et al. Big Ideas Paper : Enforcing End-to-end Application Security in the Cloud , 2010 .
[70] Andrew C. Myers,et al. JFlow: practical mostly-static information flow control , 1999, POPL '99.
[71] Peter G. Neumann,et al. CHERI: a research platform deconflating hardware virtualisation and protection , 2012 .
[72] Geoffrey Smith,et al. A Type-Based Approach to Program Security , 1997, TAPSOFT.
[73] Hovav Shacham,et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.
[74] Richard J. Feiertag. A Technique for Proving Specifications are Multilevel Secure , 1980 .
[75] Thomas H. Austin,et al. Efficient purely-dynamic information flow analysis , 2009, PLAS '09.
[76] Steve Vandebogart,et al. Labels and event processes in the Asbestos operating system , 2005, TOCS.
[77] The Sarbanes-Oxley Act: Implications for large-scale IT outsourcing , 2007 .
[78] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[79] Peter J. Denning,et al. Certification of programs for secure information flow , 1977, CACM.
[80] Christoforos E. Kozyrakis,et al. Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications , 2009, USENIX Security Symposium.
[81] Andrew C. Myers,et al. Protecting privacy using the decentralized label model , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].
[82] Alejandro Russo,et al. Towards a taint mode for cloud computing web applications , 2012, PLAS.
[83] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[84] Geoffrey Smith,et al. Eliminating covert flows with minimum typings , 1997, Proceedings 10th Computer Security Foundations Workshop.
[85] Rebecca T. Mercuri. The HIPAA-potamus in health care data security , 2004, CACM.
[86] Cheng Wang,et al. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).
[87] Andrew C. Myers,et al. A decentralized model for information flow control , 1997, SOSP.
[88] David Brumley,et al. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.
[89] Paul F. Syverson,et al. The epistemic representation of information flow security in probabilistic systems , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.
[90] Andrew C. Myers,et al. SIF: Enforcing Confidentiality and Integrity in Web Applications , 2007, USENIX Security Symposium.
[91] Byung-Gon Chun,et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.
[92] David Lie,et al. Auditing cloud management using information flow tracking , 2012, STC '12.
[93] David A. Wagner,et al. Efficient character-level taint tracking for Java , 2009, SWS '09.
[94] Xi Wang,et al. Improving application security with data flow assertions , 2009, SOSP '09.
[95] Dongxi Liu,et al. Query encrypted databases practically , 2012, CCS '12.
[96] David Zhang,et al. Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.