Security on demand
暂无分享,去创建一个
[1] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.
[2] Yannis Smaragdakis,et al. J-Orchestra: Automatic Java Application Partitioning , 2002, ECOOP.
[3] Ralph Johnson,et al. Evolution of the MTA architecture: the impact of security , 2008 .
[4] Spiros Mancoridis,et al. Using program transformation to secure C programs against buffer overflows , 2003, 10th Working Conference on Reverse Engineering, 2003. WCRE 2003. Proceedings..
[5] Martin Fowler,et al. Refactoring - Improving the Design of Existing Code , 1999, Addison Wesley object technology series.
[6] Niels Provos,et al. Preventing Privilege Escalation , 2003, USENIX Security Symposium.
[7] David H. Ackley,et al. Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.
[8] Frank Swiderski,et al. Threat Modeling , 2018, Hacking Connected Cars.
[9] David Garlan,et al. A compositional approach for constructing connectors , 2001, Proceedings Working IEEE/IFIP Conference on Software Architecture.
[10] Steven B. Lipner,et al. The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.
[11] David Lorge Parnas,et al. Software aging , 1994, Proceedings of 16th International Conference on Software Engineering.
[12] David A. Wagner,et al. Setuid Demystified , 2002, USENIX Security Symposium.
[13] Peter Mell,et al. Procedures for Handling Security Patches: Recommendations of the National Institute of Standards and Technology , 2003 .
[14] Alistair Cockburn,et al. Agile Software Development , 2001 .
[15] Robert Hanmer,et al. Patterns for Fault Tolerant Software , 2007 .
[16] Ramesh Nagappan,et al. Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .
[17] Peter Mell,et al. Creating a Patch and Vulnerability Management Program , 2005 .
[18] Mik Kersten,et al. How are Java software developers using the Elipse IDE? , 2006, IEEE Software.
[19] Terry Bollinger,et al. Information Assurance for Enterprise Engineering , 2002 .
[20] Jon A. Rochlis,et al. With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.
[21] Galen C. Hunt,et al. The Coign automatic distributed partitioning system , 1999, OSDI '99.
[22] Eduardo B. Fernandez,et al. The Authenticator Pattern , 1999 .
[23] Dipanwita Sarkar,et al. Flow-insensitive static analysis for detecting integer anomalies in programs , 2007 .
[24] Claire Le Goues,et al. Automatically finding patches using genetic programming , 2009, 2009 IEEE 31st International Conference on Software Engineering.
[25] Philippe Kruchten,et al. Towards agile security assurance , 2004, NSPW '04.
[26] W. W. Royce,et al. Managing the development of large software systems: concepts and techniques , 1987, ICSE '87.
[27] Kent L. Beck,et al. Extreme programming explained - embrace change , 1990 .
[28] David Brumley,et al. Privtrans: Automatically Partitioning Programs for Privilege Separation , 2004, USENIX Security Symposium.
[29] Wouter Joosen,et al. On the Secure Software Development Process: CLASP and SDL Compared , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).
[30] Saumya K. Debray,et al. Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.
[31] Murray Silverstein,et al. A Pattern Language , 1977 .
[32] Michael Gertz,et al. Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs , 2006, DIMVA.
[33] Torbjörn Ekman,et al. Pluggable checking and inferencing of nonnull types for Java , 2007, J. Object Technol..
[34] M. Hafiz. A collection of privacy design patterns , 2006, PLoP '06.
[35] James P Anderson,et al. Computer Security Technology Planning Study , 1972 .
[36] Ken Frazer,et al. Building secure software: how to avoid security problems the right way , 2002, SOEN.
[37] Ralph E. Johnson,et al. A Refactoring Tool for Smalltalk , 1997, Theory Pract. Object Syst..
[38] Bashar Nuseibeh,et al. A framework for security requirements engineering , 2006, SESS '06.
[39] Gary Mcgraw. Software security , 2004, IEEE Security & Privacy Magazine.
[40] Eelco Visser,et al. Stratego: A Language for Program Transformation Based on Rewriting Strategies , 2001, RTA.
[41] B. F. Castro. Buschmann, Frank; Meunier, Regine; Rohnert, Hans; Sommerlad, Peter; Stal, Michael. Pattern-oriented software architecture: a system of patterns, John Wiley & Sons Ltd, 1996 , 1997 .
[42] William Cheswick. An evening with Berferd , 1997 .
[43] Martin Vuagnoux,et al. Autodafé: an Act of Software Torture , 2005 .
[44] Philippe Kruchten,et al. The Rational Unified Process: An Introduction , 1998 .
[45] Michael D. Ernst,et al. Automatically patching errors in deployed software , 2009, SOSP '09.
[46] Christopher Krügel,et al. Precise alias analysis for static detection of web application vulnerabilities , 2006, PLAS '06.
[47] John Johansen,et al. PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.
[48] Laurie A. Williams,et al. Using Automated Fix Generation to Secure SQL Statements , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).
[49] David A. Wagner,et al. Preventing Secret Leakage from fork(): Securing Privilege-Separated Applications , 2006, 2006 IEEE International Conference on Communications.
[50] Konstantin Beznosov,et al. Extreme Security Engineering: On Employing XP Practices to Achieve , 2003 .
[51] Ralph E. Johnson,et al. Organizing Security Patterns , 2007, IEEE Software.
[52] Peter Mell,et al. Procedures for handling security patches , 2002 .
[53] Watts S. Humphrey,et al. Introduction to the Team Software Process , 1999 .
[54] Paul Clements,et al. ATAM: Method for Architecture Evaluation , 2000 .
[55] Alexander Aiken,et al. Flow-sensitive type qualifiers , 2002, PLDI '02.
[56] V. N. Venkatakrishnan,et al. CANDID: preventing sql injection attacks using dynamic candidate evaluations , 2007, CCS '07.
[57] George C. Necula,et al. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.
[58] Barry W. Boehm,et al. Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.
[59] Tao Wei,et al. IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution , 2009, NDSS.
[60] Shawn A. Butler. Security attribute evaluation method: a cost-benefit approach , 2002, ICSE '02.
[61] Ralph Johnson,et al. A Catalog of Security-oriented Program Transformations , 2009 .
[62] Alessandro Orso,et al. Preventing SQL injection attacks using AMNESIA , 2006, ICSE.
[63] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[64] Joseph W. Yoder,et al. Architectural Patterns for Enabling Application Security , 1998 .
[65] Andrew C. Myers,et al. Secure program partitioning , 2002, TOCS.
[66] Richard F. Paige,et al. Extreme Programming Security Practices , 2007, XP.
[67] Ajith K. Narayanan. Design of a safe string library for C , 1994, Softw. Pract. Exp..
[68] Barry W. Boehm,et al. A spiral model of software development and enhancement , 1986, Computer.
[69] Gary McGraw,et al. ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).
[70] Christopher G. Lasater,et al. Design Patterns , 2008, Wiley Encyclopedia of Computer Science and Engineering.
[71] Todd C. Miller,et al. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation , 1999, USENIX Annual Technical Conference, FREENIX Track.
[72] Prashant Jain,et al. Pattern Oriented Software Architecture: Patterns for Resource Management , 2007, 2007 Working IEEE/IFIP Conference on Software Architecture (WICSA'07).
[73] Richard F. Paige,et al. Agile Security Using an Incremental Security Architecture , 2005, XP.
[74] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.
[75] J. Hogg. Web service security : scenarios, patterns, and implementation guidance for Web services enhancements (WSE) 3.0 , 2005 .
[76] Premkumar T. Devanbu,et al. Software engineering for security: a roadmap , 2000, ICSE '00.
[77] Munawar Hafiz. Security oriented program transformations (or how to add security on demand) , 2008, OOPSLA Companion.
[78] David A. Wagner,et al. Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs , 2009, USENIX Security Symposium.
[79] David A. Wagner,et al. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.
[80] James R. Cordy,et al. Source transformation, analysis and generation in TXL , 2006, PEPM '06.
[81] Shigeru Chiba,et al. A Bytecode Translator for Distributed Execution of "Legacy" Java Software , 2001, ECOOP.
[82] David H. Ackley,et al. Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).
[83] Shane Markstrum,et al. JavaCOP: Declarative pluggable types for java , 2010, TOPL.
[84] K. Rustan M. Leino,et al. Declaring and checking non-null types in an object-oriented language , 2003, OOPSLA 2003.
[85] Rick Kazman,et al. Architecture, design, implementation , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..
[86] André Spiegel. PANGAEA: An Automatic Distribution Front-End for JAVA , 1999, IPPS/SPDP Workshops.
[87] Dianxiang Xu,et al. Threat-Driven Architectural Design of Secure Information Systems , 2018, ICEIS.
[88] John Crupi,et al. Core J2EE Patterns: Best Practices and Design Strategies , 2001 .
[89] Joshua Kerievsky,et al. Refactoring to Patterns , 2004, XP/Agile Universe.
[90] Ken Thompson,et al. Password security: a case history , 1979, CACM.
[91] De WinBart,et al. On the secure software development process , 2009 .
[92] Douglas Kilpatrick,et al. Privman: A Library for Partitioning Applications , 2003, USENIX Annual Technical Conference, FREENIX Track.
[93] David Garlan,et al. Design fragments make using frameworks easier , 2006, OOPSLA '06.
[94] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[95] Matt Bishop,et al. Testing C Programs for Buffer Overflow Vulnerabilities , 2003, NDSS.
[96] Gustav Boström,et al. Security Engineering and eXtreme Programming: An Impossible Marriage? , 2004, XP/Agile Universe.
[97] Mark C. Paulk,et al. Capability Maturity Model , 1991 .
[98] Richard F. Paige,et al. Security Planning and Refactoring in Extreme Programming , 2006, XP.
[99] Navjot Singh,et al. Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.
[100] Robert A. Martin,et al. Vulnerability Type Distributions in CVE , 2007 .
[101] Markus Schumacher,et al. Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.
[102] Peter Sommerlad,et al. Security Patterns: Integrating Security and Systems Engineering , 2006 .
[103] Dawson R. Engler,et al. Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[104] Alessandro Orso,et al. Using positive tainting and syntax-aware evaluation to counter SQL injection attacks , 2006, SIGSOFT '06/FSE-14.
[105] Michael D. Ernst,et al. Practical pluggable types for java , 2008, ISSTA '08.
[106] Andreas L. Opdahl,et al. Eliciting security requirements with misuse cases , 2004, Requirements Engineering.
[107] John A. Zachman,et al. A Framework for Information Systems Architecture , 1987, IBM Syst. J..
[108] Angelos D. Keromytis,et al. SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.
[109] Andrew P. Black,et al. How we refactor, and how we know it , 2009, 2009 IEEE 31st International Conference on Software Engineering.
[110] Matt Bishop,et al. Checking for Race Conditions in File Accesses , 1996, Comput. Syst..
[111] Martin C. Rinard,et al. Living in the comfort zone , 2007, OOPSLA.
[112] Eduardo B. Fernández,et al. More Patterns for Operating System Access Control , 2003, EuroPLoP.