Check out the new USENIX Web site. next up previous
Next: ``Safe'' Functions List Up: Using CQUAL for Static Previous: Acknowledgments

Bibliography

1
K. Ashcraft and D. Engler.
Using programmer-written compiler extensions to catch security holes.
In Proceedings of the IEEE Symposium on Security and Privacy 2002, May 2002.

2
M. Bishop and M. Dilger.
Checking for race conditions in file accesses.
Computing Systems, 9(2):131-152, 1996.

3
LSM Community.
Linux Security Module.
Available at https://lsm.immunix.org.

4
Wirex Corp.
Immunix security technology.
Available at https://www.immunix.com/Immunix/index.html.

5
A Edwards.
[PATCH] add lock hook to prevent race, January 2002.
Linux Security Modules mailing list at https://mail.wirex.com/pipermail/linux-security-module/2002-January/002570.html.

6
A. Edwards, T. Jaeger, and X. Zhang.
Verifying authorization hook placement for the Linux Security Modules framework.
Technical Report 22254, IBM, December 2001.

7
D. Engler, B. Chelf, A. Chou, and S. Hallem.
Checking system rules using system-specific, programmer-written compiler extensions.
In Proceedings of the Fourth Symposium on Operation System Design and Implementation (OSDI), October 2000.

8
J. Foster.
Personal communication, January 2002.

9
J. Foster, M. Fahndrich, and A. Aiken.
A theory of type qualifiers.
In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '99), pages 192-203, May 1999.

10
L. Koved, M. Pistoia, and A. Kershenbaum.
Access rights analysis for java.
In Proceedings of the 17th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2002), November 2002.
Accepted for publication.

11
D. Larochelle and D. Evans.
Statically detecting likely buffer overflow vulnerabilities.
In Proceedings of the Tenth USENIX Security Symposium, pages 177-190, 2001.

12
G. C. Necula, S. McPeak, and W. Weimer.
CCured: Type-safe retrofitting of legacy code.
In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL02), January 2002.

13
NSA.
Security-Enhanced Linux (SELinux).
Available at https://www.nsa.gov/selinux.

14
U. Shankar, K. Talwar, J. S. Foster, and D. Wagner.
Detecting format string vulnerabilities with type qualifiers.
In Proceedings of the Tenth USENIX Security Symposium, pages 201-216, 2001.


































Catherine Zhang 2002-05-13