Next: ``Safe'' Functions List
Up: Using CQUAL for Static
Previous: Acknowledgments
- 1
-
K. Ashcraft and D. Engler.
Using programmer-written compiler extensions to catch security holes.
In Proceedings of the IEEE Symposium on Security and Privacy
2002, May 2002.
- 2
-
M. Bishop and M. Dilger.
Checking for race conditions in file accesses.
Computing Systems, 9(2):131-152, 1996.
- 3
-
LSM Community.
Linux Security Module.
Available at https://lsm.immunix.org.
- 4
-
Wirex Corp.
Immunix security technology.
Available at https://www.immunix.com/Immunix/index.html.
- 5
-
A Edwards.
[PATCH] add lock hook to prevent race, January 2002.
Linux Security Modules mailing list at
https://mail.wirex.com/pipermail/linux-security-module/2002-January/002570.html.
- 6
-
A. Edwards, T. Jaeger, and X. Zhang.
Verifying authorization hook placement for the Linux Security
Modules framework.
Technical Report 22254, IBM, December 2001.
- 7
-
D. Engler, B. Chelf, A. Chou, and S. Hallem.
Checking system rules using system-specific, programmer-written
compiler extensions.
In Proceedings of the Fourth Symposium on Operation System
Design and Implementation (OSDI), October 2000.
- 8
-
J. Foster.
Personal communication, January 2002.
- 9
-
J. Foster, M. Fahndrich, and A. Aiken.
A theory of type qualifiers.
In ACM SIGPLAN Conference on Programming Language Design and
Implementation (PLDI '99), pages 192-203, May 1999.
- 10
-
L. Koved, M. Pistoia, and A. Kershenbaum.
Access rights analysis for java.
In Proceedings of the 17th Annual ACM Conference on
Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA
2002), November 2002.
Accepted for publication.
- 11
-
D. Larochelle and D. Evans.
Statically detecting likely buffer overflow vulnerabilities.
In Proceedings of the Tenth USENIX Security Symposium, pages
177-190, 2001.
- 12
-
G. C. Necula, S. McPeak, and W. Weimer.
CCured: Type-safe retrofitting of legacy code.
In Proceedings of the 29th ACM Symposium on Principles of
Programming Languages (POPL02), January 2002.
- 13
-
NSA.
Security-Enhanced Linux (SELinux).
Available at https://www.nsa.gov/selinux.
- 14
-
U. Shankar, K. Talwar, J. S. Foster, and D. Wagner.
Detecting format string vulnerabilities with type qualifiers.
In Proceedings of the Tenth USENIX Security Symposium, pages
201-216, 2001.
Catherine Zhang
2002-05-13