Using programmer-written compiler extensions to catch security holes
暂无分享,去创建一个
[1] Michael Rodeh,et al. Cleanness Checking of String Manipulations in C Programs via Integer Analysis , 2001, SAS.
[2] Robert E. Strom,et al. Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.
[3] Fritz Henglein,et al. AnnoDomini: from type theory to Year 2000 conversion tool , 1999, POPL '99.
[4] Michael Burrows,et al. Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.
[5] Alexander Aiken,et al. Detecting Races in Relay Ladder Logic Programs , 1998, TACAS.
[6] Gary McGraw,et al. ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).
[7] Larry Wall,et al. Programming Perl , 1991 .
[8] Andrew C. Myers,et al. A decentralized model for information flow control , 1997, SOSP.
[9] David A. Wagner,et al. Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.
[10] Dawson R. Engler,et al. Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.
[11] David A. Wagner,et al. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.
[12] Matt Bishop,et al. Checking for Race Conditions in File Accesses , 1996, Comput. Syst..
[13] Dawson R. Engler,et al. Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.
[14] David Evans,et al. Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.
[15] William R. Bush,et al. A static analyzer for finding dynamic programming errors , 2000 .
[16] Robert DeLine,et al. Enforcing high-level protocols in low-level software , 2001, PLDI '01.