The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September/October (2000 vol.17)
pp: 33-41
ABSTRACT
The accelerating trends of interconnectedness, complexity, and extensibility are aggravating the already-serious threat posed by malicious code. To combat malicious code, these authors argue for creating sound policy about software behavior and enforcing that policy through technological means.
CITATION
Gary McGraw, Greg Morrisett, "Attacking Malicious Code: A Report to the Infosec Research Council", IEEE Software, vol.17, no. 5, pp. 33-41, September/October 2000, doi:10.1109/52.877857
REFERENCES
1. J. Viega et al., "ITS4: A Static Vulnerability Scanner for C and C++ Code," Ann. Computer Security Applications Conf. (ACSAC), Applied Computer Security Assoc., 2000; .
2. D. Wagner et al., "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities," Proc. Network and Distributed Systems Security Symposium (NDSS 2000), Internet Soc., Reston, Va., 2000, pp. 3-18.
3. G. McGraw and E. Felten, Securing Java: Getting Down to Business with Mobile Code, John Wiley&Sons, New York, 1999.
4. J.H. Salzter and M.D. Schroeder, "The Protection of Information in Computer Systems," Proc. IEEE, IEEE Press, Piscataway, N.J., Vol. 9, No. 63, 1975, pp. 1278-1308.
5. R. Wahbe, S. Lucco, T. Anderson, and S. Graham, Efficient Software-Based Fault Isolation Proc. 14th ACM Symp. Operating System Principles, pp. 203-216, Dec. 1993.
6. F. Schneider, "Enforceable Security Policies," ACM Trans. Information and System Security, Vol. 2, No. 4, Mar. 2000.
7. U. Erlingsson and F.B. Schneider, "IRM Enforcement of Java Stack Inspection," IEEE Symp. Security and Privacy, IEEE Press, Piscataway, N.J., 2000.
8. D. Evans and A. Twyman, "Policy-Directed Code Safety," Proc. IEEE Symp. Security an Privacy, IEEE Press, Piscataway, N.J., 1999; see alsowww.cigital.com/its4www.cs.virginia.edu~evans .
9. U. Erlingsson U. and F.B. Schneider, "SASI Enforcement of Security Policies: A Retrospective," Proc. New Security Paradigms Workshop, ACM Press, New York, 1999, pp. 246-255.
10. A.C. Myers, "JFlow: Practical Mostly-Static Information Flow Control," Proc. 26th ACM Symp. Principles of Programming Languages (POPL 99), ACM Press, New York, 1999, pp. 228-241.
11. H. Xi and F. Pfenning, “Dependent Types in Practical Programming,” Proc. 26th Ann. ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, pp. 214–227, Jan. 1999.
12. G. Morrisett et al., "From System-F to Typed Assembly Language," ACM Trans. Programming Languages and Systems, Vol., 21, No. 3, May 1999, pp. 528-569; .
13. G. Necula, “Proof-Carrying Code,” Conf. Record 24th Symp. Principles of Programming Languages, pp. 106–116, Paris, ACM Press, Jan. 1997.
14. P.C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Proc. Advances in Cryptology—CRYPTO 1999, pp. 388-397, 1999.
74 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool