This Article 
 Bibliographic References 
 Add to: 
Attacking Malicious Code: A Report to the Infosec Research Council
September/October 2000 (vol. 17 no. 5)
pp. 33-41
The accelerating trends of interconnectedness, complexity, and extensibility are aggravating the already-serious threat posed by malicious code. To combat malicious code, these authors argue for creating sound policy about software behavior and enforcing that policy through technological means.

1. J. Viega et al., "ITS4: A Static Vulnerability Scanner for C and C++ Code," Ann. Computer Security Applications Conf. (ACSAC), Applied Computer Security Assoc., 2000; .
2. D. Wagner et al., "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities," Proc. Network and Distributed Systems Security Symposium (NDSS 2000), Internet Soc., Reston, Va., 2000, pp. 3-18.
3. G. McGraw and E. Felten, Securing Java: Getting Down to Business with Mobile Code, John Wiley&Sons, New York, 1999.
4. J.H. Salzter and M.D. Schroeder, "The Protection of Information in Computer Systems," Proc. IEEE, IEEE Press, Piscataway, N.J., Vol. 9, No. 63, 1975, pp. 1278-1308.
5. R. Wahbe, S. Lucco, T. Anderson, and S. Graham, Efficient Software-Based Fault Isolation Proc. 14th ACM Symp. Operating System Principles, pp. 203-216, Dec. 1993.
6. F. Schneider, "Enforceable Security Policies," ACM Trans. Information and System Security, Vol. 2, No. 4, Mar. 2000.
7. U. Erlingsson and F.B. Schneider, "IRM Enforcement of Java Stack Inspection," IEEE Symp. Security and Privacy, IEEE Press, Piscataway, N.J., 2000.
8. D. Evans and A. Twyman, "Policy-Directed Code Safety," Proc. IEEE Symp. Security an Privacy, IEEE Press, Piscataway, N.J., 1999; see also .
9. U. Erlingsson U. and F.B. Schneider, "SASI Enforcement of Security Policies: A Retrospective," Proc. New Security Paradigms Workshop, ACM Press, New York, 1999, pp. 246-255.
10. A.C. Myers, "JFlow: Practical Mostly-Static Information Flow Control," Proc. 26th ACM Symp. Principles of Programming Languages (POPL 99), ACM Press, New York, 1999, pp. 228-241.
11. H. Xi and F. Pfenning, “Dependent Types in Practical Programming,” Proc. 26th Ann. ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, pp. 214–227, Jan. 1999.
12. G. Morrisett et al., "From System-F to Typed Assembly Language," ACM Trans. Programming Languages and Systems, Vol., 21, No. 3, May 1999, pp. 528-569; .
13. G. Necula, “Proof-Carrying Code,” Conf. Record 24th Symp. Principles of Programming Languages, pp. 106–116, Paris, ACM Press, Jan. 1997.
14. P.C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Proc. Advances in Cryptology—CRYPTO 1999, pp. 388-397, 1999.

Gary McGraw, Greg Morrisett, "Attacking Malicious Code: A Report to the Infosec Research Council," IEEE Software, vol. 17, no. 5, pp. 33-41, Sept.-Oct. 2000, doi:10.1109/52.877857
Usage of this product signifies your acceptance of the Terms of Use.