TAJ: effective taint analysis of web applications
暂无分享,去创建一个
Manu Sridharan | Marco Pistoia | Stephen J. Fink | Omer Tripp | Omri Weisman | Manu Sridharan | Omer Tripp | Marco Pistoia | Omri Weisman
[1] Vivek Sarkar,et al. ABCD: eliminating array bounds checks on demand , 2000, PLDI '00.
[2] Calvin Lin,et al. Efficient and extensible security enforcement using dynamic data flow analysis , 2008, CCS.
[3] Ondrej Lhoták,et al. Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.
[4] Lars Ole Andersen,et al. Program Analysis and Specialization for the C Programming Language , 2005 .
[5] Barbara G. Ryder. Dimensions of Precision in Reference Analysis of Object-Oriented Programming Languages , 2003, CC.
[6] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[7] Barbara G. Ryder,et al. Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.
[8] Zhendong Su,et al. Static detection of cross-site scripting vulnerabilities , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.
[9] Marco Pistoia,et al. Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection , 2005, ECOOP.
[10] Peter J. Denning,et al. Certification of programs for secure information flow , 1977, CACM.
[11] Yasuhiko Minamide. Static approximation of dynamically generated Web pages , 2005, WWW '05.
[12] Eran Yahav,et al. Effective typestate verification in the presence of aliasing , 2006, TSEM.
[13] David W. Binkley,et al. Interprocedural slicing using dependence graphs , 1990, TOPL.
[14] Julian Dolby,et al. Semi-Automatic J2EE Transaction Configuration , 2004 .
[15] Gregor Snelting,et al. Information flow control for Java based on path conditions in dependence graphs , 2006 .
[16] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.
[17] David A. Wagner,et al. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .
[18] Thomas W. Reps,et al. Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.
[19] Benjamin Livshits,et al. Reflection Analysis for Java , 2005, APLAS.
[20] Patrick Cousot,et al. Modular Static Program Analysis , 2002, CC.
[21] Olivier Tardieu,et al. Demand-driven pointer analysis , 2001, PLDI '01.
[22] Alexander Aiken,et al. Flow-sensitive type qualifiers , 2002, PLDI '02.
[23] Larry Wall,et al. Programming Perl , 1991 .
[24] Stephen McCamant,et al. Quantitative information flow as network flow capacity , 2008, PLDI '08.
[25] Monica S. Lam,et al. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.
[26] Manu Sridharan,et al. Thin slicing , 2007, PLDI '07.
[27] Zhendong Su,et al. Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.
[28] Geoffrey Smith,et al. A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..
[29] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.
[30] Susan Horwitz,et al. Using static single assignment form to improve flow-insensitive pointer analysis , 1998, PLDI '98.
[31] Gregor Snelting,et al. Efficient path conditions in dependence graphs for software safety analysis , 2006, TSEM.
[32] Mark N. Wegman,et al. Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.
[33] Andrew C. Myers,et al. JFlow: practical mostly-static information flow control , 1999, POPL '99.
[34] Dawson R. Engler,et al. Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[35] Andrew C. Myers,et al. A decentralized model for information flow control , 1997, SOSP.
[36] Manu Sridharan,et al. Refinement-based context-sensitive points-to analysis for Java , 2006, PLDI '06.