论文信息 - Attacking Malicious Code: A Report to the Infosec Research Council

Attacking Malicious Code: A Report to the Infosec Research Council

The accelerating trends of interconnectedness, complexity, and extensibility are aggravating the already-serious threat posed by malicious code. To combat malicious code, these authors argue for creating sound policy about software behavior and enforcing that policy through technological means.

Gary McGraw | J. Gregory Morrisett | G. Morrisett | G. McGraw | Greg Morrisett

[1] Gary McGraw,et al. ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[2] Úlfar Erlingsson,et al. SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[3] Robert Wahbe,et al. Efficient software-based fault isolation , 1994, SOSP '93.

[4] David E. Evans,et al. Policy-directed code safety , 2000 .

[5] Margo I. Seltzer,et al. Dealing with disaster: surviving misbehaved kernel extensions , 1996, OSDI '96.

[6] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[7] Úlfar Erlingsson,et al. IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8] Andrew C. Myers,et al. JFlow: practical mostly-static information flow control , 1999, POPL '99.

[9] Gary McGraw,et al. Securing Java: getting down to business with mobile code , 1999 .

[10] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.

[11] Karl Crary,et al. From system F to typed assembly language , 1999 .

[12] Frank Pfenning,et al. Dependent types in practical programming , 1999, POPL '99.

[13] Ken Thompson,et al. Reflections on trusting trust , 1984, CACM.

[14] David A. Wagner,et al. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.