Merlin: Specification Inference for Explicit Information Flow Problems - Mining Software Specifications: Methodologies and Applications

Databases Reference

In-Depth Information

[16] Benjamin Livshits and Thomas Zimmermann. DynaMine: finding com-

mon error patterns by mining software revision histories. In Proceedings

of the International Symposium on the Foundations of Software Engi-

neering, pages 296{305, September 2005.

[17] Michael Martin, Benjamin Livshits, and Monica S. Lam. Finding appli-

cation errors and security vulnerabilities using PQL: a program query

language. In Proceedings of the Conference on Object-Oriented Program-

ming, Systems, Languages, and Applications, October 2005.

[18] Michael Martin, Benjamin Livshits, and Monica S. Lam. SecuriFly: Run-

time Vulnerability Protection for Web Applications.

Technical report,

Stanford University, October 2006.

[19] A. McIver and C. Morgan. Abstraction, Refinement and Proof of Proba-

bilistic Systems. Springer, 2004.

[20] A. McIver and C. Morgan.

Abstraction and refinement in probabilis-

tic systems.

SIGMETRICS Performance Evaluation Review, 32:41{47,

March 2005.

[21] Microsoft Corporation. Microsoft Code Analysis Tool .NET (CAT.NET).

http://www.microsoft.com/downloads/details.aspx?FamilyId=

0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en , 3 2009.

[22] T. Minka, J.M. Winn, J.P. Guiver, and A. Kannan. Infer.NET 2.2, 2009.

Microsoft Research Cambridge. http://research.microsoft.com/infernet.

[23] Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and

David Evans. Automatically hardening Web applications using precise

tainting. In Proceedings of the IFIP International Information Security

Conference, June 2005.

[24] OunceLabs, Inc. Ounce. http://www.ouncelabs.com/ , 2008.

[25] Tadeusz Pietraszek and Chris Vanden Berghe. Defending against injec-

tion attacks through context-sensitive string evaluation. In Proceedings

of the Recent Advances in Intrusion Detection, September 2005.

[26] M. K. Ramanathan, A. Grama, and S. Jagannathan. Static specification

inference using predicate mining. In PLDI, 2007.

[27] Andrei Sabelfeld and Andrew Myers. Language-based information-flow

security. IEEE Journal on Selected Areas in Communications, 21(1):5{

19, January 2003.

[28] Zhendong Su and Gary Wassermann. The essence of command injection

attacks in web applications. In Proceedings of POPL, 2006.

Search WWH ::

Custom Search

Home