2005. Programming Languages Security - A Survey, страница 12
Описание файла
PDF-файл из архива "2005. Programming Languages Security - A Survey", который расположен в категории "". Всё это находится в предмете "конструирование компиляторов" из 7 семестр, которые можно найти в файловом архиве МГУ им. Ломоносова. Не смотря на прямую связь этого архива с МГУ им. Ломоносова, его также можно найти и в других разделах. .
Просмотр PDF-файла онлайн
Текст 12 страницы из PDF
of the 12th Usenix SecuritySymposium, Aug 2003.http://www.usenix.org/events/sec03/tech/full papers/cowan/cowan.pdf. 19C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie,A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard:Automatic adaptive detection and prevention ofbuffer-overflow attacks. In Proc. of the 7th Usenix SecuritySymposium, pages 63–78, Jan 1998.http://www.usenix.org/publications/library/proceedings/sec98/full papers/cowan/cowan.pdf. 17C. Cowan, F. Wagle, C.
Pu, S. Beattie, and J. Walpole. Bufferoverflows: Attacks and defenses for the vulnerability of thedecade. In DARPA Information Survivability Conference &Exposition – Volume 2, pages 119–129, Jan 2000. 10Cyclone - The Language.http://cyclone.thelanguage.org/. 5Cpogramming.com – Writing Secure Code.
http://cprogramming.com/tutorial/secure.html. 2The DynamoRIO Collaboration.http://www.cag.lcs.mit.edu/dynamorio/. 16Dawson R. Engler, M. Frans Kaashoek, and James O’TooleJr. Exokernel: an operating system architecture forapplication-level resource management.
In Proceedings ofthe 15th ACM Symposium on Operating Systems Principles(SOSP ’95), pages 251–266, Copper Mountain Resort,Colorado, December 1995. 16Hiroaki Etoh and Kunikazu Yoda. Protecting fromstack-smashing attacks. http://www.research.ibm.com/trl/projects/security/ssp/main.html,June 2000. 18David Evans and David Larochelle.
Improving SecurityUsing Extensible Lightweight Static Analysis. IEEE Softw.,19(1):42–51, 2002.http://dx.doi.org/10.1109/52.976940. 11About Fail-Safe C. http://web.yl.is.s.u-tokyo.ac.jp/∼oiwa/FailSafe-C.html. 17S. Forrest, A. Somayaji, and D.H. Ackley. Building diversecomputer systems. In Proc.
of the 6th IEEE Workshop on HotTopics in Operating Systems, pages 67–72, 1997.http://www.cs.unm.edu/∼immsec/publications/hotos-97.pdf. 19Fortify Extra - A Taxonomy of Software Security Errors.http://vulncat.fortifysoftware.com/. 3Fortify Source Code Analysis Suite. http://www.fortifysoftware.com/products/sca.jsp. 13Sudhakar Govindavajhala and Andrew W.
Appel. UsingMemory Errors to Attack a Virtual Machine. In SP ’03:Proceedings of the 2003 IEEE Symposium on Security andPrivacy, page 154, Washington, DC, USA, 2003. IEEEComputer Society. http://www.cs.princeton.edu/sip/pub/memerr.pdf. 8[32] GreenCard: A Haskell FFI Preprocessor.http://haskell.org/greencard/.
8Francisco, August 2002. http://cag.lcs.mit.edu/commit/papers/02/RIO-security-usenix.pdf.16[33] Dan Grossman, J. Gregory Morrisett, Trevor Jim, Michael W.Hicks, Yanling Wang, and James Cheney. Region-BasedMemory Management in Cyclone. In PLDI, pages 282–293,2002.http://doi.acm.org/10.1145/512529.512563.5[34] Haskell. http://www.haskell.org/haskellwiki/Haskell.
8[48] Vladimir Kiriansky, Derek Bruening, and SamanAmarasinghe. Execution Model Enforcement Via ProgramShepherding. MIT/LCS Technical Memo MIT/LCSTechnical Memo LCS-TM-638, Massachusetts Institute ofTechnology, Cambridge, MA, May 2003.http://cag.lcs.mit.edu/commit/papers/03/RIO-security-TM-638.pdf. 16[35] The Haskell 98 Foreign Function Interface 1.0: AnAddendum to the Haskell 98 Report.
http://www.cse.unsw.edu.au/∼chak/haskell/ffi/.8[49] klog. The Frame Pointer Overwrite. Phrack, 9(55), Sep1999.http://www.phrack.org/phrack/55/P55-08. 2,18[36] The Haskell FFI Binding Modules Generator (HSFFIG).http://hsffig.sourceforge.net/. 8[50] Eugene E. Kohlbecker. Syntactic Extensions in theProgramming Language Lisp, 1986. 10[37] HaskellDirect.
http://haskell.org/hdirect/. 8[51] Andreas Krennmair. ContraPolice: a libc Extension forProtecting Applications from Heap-Smashing Attacks.http://synflood.at/contrapolice.html, Nov2003. 21[38] R. Hastings and B. Joyce. Purify: Fast Detection of MemoryLeaks and Access Errors. In Proc. of the Winter 1992USENIX Conference, pages 125–138, San Francisco,California, 1991. 14[52] David Larochelle and David Evans.
Statically detectinglikely buffer overflow vulnerabilities. In 10th USENIXSecurity Symposium, pages 177–190. University of Virginia,Department of Computer Science, USENIX Association,August 2001. http://www.usenix.org/events/sec01/larochelle.html. 11[39] Jason Hickey. Introduction to the Objective CamlProgramming Language. http://www.cs.caltech.edu/courses/cs134/cs134b/book.pdf. 7[40] IBM Rational Purify. http://www-306.ibm.com/software/awdtools/purify/. 14[53] Peng Li. Safe Systems Programming Languages, Oct 2004.http://www.seas.upenn.edu/∼lipeng/homepage/papers/wpeii.pdf.
17[41] Igor Dobrovitski. Exploit for CVS double free() for Linuxpserver, February 2003. http://seclists.org/lists/bugtraq/2003/Feb/0042.html. 2[54] Avaya Labs Research Libsafe. http://www.research.avayalabs.com/gcm/usa/en-us/initiatives/all/nsr.htm&Filter=ProjectTitle:Libsafe&Wrapper=LabsProjectDetails&View=LabsProjectDetails. 20[42] ITS4 - Software Security Tool.http://www.cigital.com/its4/. 11[43] Daniel Jackson and Martin C. Rinard.
Software Analysis: ARoadmap. In ICSE - Future of SE Track, pages 133–145,2000.http://doi.acm.org/10.1145/336512.336545.13[55] Linux kernel patch from the Openwall Project. http://www.openwall.com/linux/README.shtml. 20[56] Gary McGraw and John Viega. Improving host security withsystem call policies.http://www-128.ibm.com/developerworks/library/s-buffer-defend.html, 2000. 16[44] White Paper - The Java Language Environment.http://java.sun.com/docs/white/langenv/Intro.doc.html#318. 8[45] JavaTM 2 Platform Security Architecture. http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-spec.doc.html. 8[57] The Memory Management Glossary.
http://www.memorymanagement.org/glossary/d.html. 2[46] T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, andY. Wang. Cyclone: A safe dialect of C. In Proc. of the 2002Usenix Annual Techincal Conference, pages 275–288, Jun2002.http://www.research.att.com/projects/cyclone/papers/cyclone-safety.pdf. 5, 6[58] Meta-Level Compilation.http://metacomp.stanford.edu/. 12[59] Microsogt .NET Homepage. http://www.microsoft.com/net/default.mspx. 9[60] Microsogt Visual Studio Development Center.http://msdn.microsoft.com/vstudio/. 9[47] Vladimir Kiriansky, Derek Bruening, and SamanAmarasinghe.
Secure Execution Via Program Shepherding.In Proc. of the 11th Usenix Security Symposium, San[61] Mono Project.http://www.mono-project.com/Main Page. 924[62] George C. Necula, Jeremy Condit, Matthew Harren, ScottMcPeak, and Westley Weimer. CCured: type-safe retrofittingof legacy software. ACM Trans. Program. Lang. Syst.,27(3):477–526, 2005. http://doi.acm.org/10.1145/1065887.1065892. 4[77] SCC: The Safe C Compiler.http://www.cs.wisc.edu/∼austin/scc.html.17[78] The Scheme Programming Language. http://www.swiss.ai.mit.edu/projects/scheme/. 9[63] The Caml Language. http://caml.inria.fr/.
7[79] Scheme Requests for Implementation.http://srfi.schemers.org/. 10[64] The OCaml Tutorial.http://www.ocaml-tutorial.org/the basics.7[80] Resources for the Scheme programming language.http://www.schemers.org/. 10[65] Yutaka Oiwa. Implementation of a Fail-Safe ANSI CCompiler. http://web.yl.is.s.u-tokyo.ac.jp/∼oiwa/thesis.pdf, Dec 2004. 17[81] Fred B.
Schneider. Least privilege and more.j-IEEE-SEC-PRIV, 1(5):55–59, September/October 2003. 14[82] Security and the Java Platform.http://java.sun.com/security/index.jsp. 8,9[66] Yutaka Oiwa, Tatsurou Sekiguchi, Eijiro Sumii, and AkinoriYonezawa. Fail-safe ANSI-C compiler: An approach tomaking c programs secure.
http://www.kb.ecei.tohoku.ac.jp/∼sumii/pub/safe-C.pdf. 10, 17[83] Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh,Nagendra Modadugu, and Dan Boneh. On the effectivenessof address-space randomization. In ACM Conference onComputer and Communications Security, pages 298–307,2004. http://doi.acm.org/10.1145/1030083.1030124. 19,20[67] Ounce Labs – Prexis/Engine. http://www.ouncelabs.com/prexis engine.html. 13[68] Homepage of The PaX Team.http://pax.grsecurity.net/. 20[69] PaX Project. The PaX project, Nov 2003.http://pax.grsecurity.net/docs/pax.txt.19, 20[84] Istvan Simon. A Comparative Analysis of Methods ofDefense against Buffer Overflow Attacks.http://www.mcs.csuhayward.edu/∼simon/security/boflo.html, Jan 2001.
20[70] Coverity Prevent. http://www.coverity.com/products/prevent.html.12[85] Christian Skalka. Programming Languages and SystemsSecurity. http://ieeexplore.ieee.org/iel5/8013/31002/01439509.pdf?tp=&arnumber=1439509&isnumber=31002. 21[71] N. Provos. Improving Host Security with System CallPolicies. In Proc. of the 12th Usenix Security Symposium,Aug 2003.
http://www.usenix.org/events/sec03/tech/full papers/provos/provos.pdf.15[86] Splint - Secure Programming Lint.http://www.splint.org/. 11[72] RAD: A Compiler Time Solution to Buffer OverflowAttacks. http://www.ecsl.cs.sunysb.edu/RAD/index.html.19[87] Splint User’s Manual. http://www.splint.org/downloads/manual.pdf. 11[88] Systrace Policy Generation.http://www.systrace.org/. 15[73] RATS - Rough Auditing Tool for Security.http://www.securesoftware.com/resources/download rats.html. 12[89] Valgrind Home.
http://valgrind.org/. 14[90] Microsoft. Vault: a programming language for reliablesystems.http://research.microsoft.com/vault/. 6[74] Gerardo Richarte. Four different tricks to bypass StackShieldand StackGuard protection. http://www2.corest.com/files/files/11/StackguardPaper.pdf,April-June 2002. 18[91] J. Viega, J. T. Bloch, Y.
Kohno, and G. McGraw. ITS4: Astatic vulnerability scanner for C and C++ code. In ACSAC’00: Proceedings of the 16th Annual Computer SecurityApplications Conference, page 257, Washington, DC, USA,2000. IEEE Computer Society. http://www.cigital.com/papers/download/its4.pdf. 4, 11[75] rix.