|
Journal of Computer Science and Technology ›› 2021, Vol. 36 ›› Issue (6): 1325-1341.doi: 10.1007/s11390-021-1666-4
Special Issue: Software Systems
• Special Section on Software Systems 2021-Theme: Dependable Software Engineering • Previous Articles Next Articles
Ying-Jie Wang, Liang-Ze Yin, Member, CCF, and Wei Dong*, Member, CCF
[1] Edwards A, Jaeger T, Zhang X. Runtime verification of authorization hook placement for the Linux security modules framework. In Proc. the 9th ACM Conference on Computer and Communications Security, November 2002, pp.225-234. DOI: 10.1145/586110.586141. [2] Zhang X, Edwards A, Jaeger T. Using CQUAL for static analysis of authorization hook placement. In Proc. the 11th USENIX Security Symposium, August 2002, pp.33-48. [3] Zhang T, Shen W, Lee D, Jung C, Azab A M, Wang R. PeX: A permission check analysis framework for Linux kernel. In Proc. the 28th USENIX Security Symposium, August 2019, pp.1205-1220. [4] Tan L, Zhang X, Ma X, Xiong W, Zhou Y. AutoISES: Automatically inferring security specification and detecting violations. In Proc. the 17th USENIX Security Symposium, July 28-August 1, 2008, pp.379-394. [5] Wang W, Lu K, Yew P C. Check it again: Detecting lacking-recheck bugs in OS kernels. In Proc. the 2018 ACM SIGSAC Conference on Computer and Communications Security, October 2018, pp.1899-1913. DOI: 10.1145/3243734.3243844. [6] Situ L, Wang L, Liu Y, Mao B, Li X. Vanguard: Detecting missing checks for prognosing potential vulnerabilities. In Proc. the 10th Asia-Pacific Symposium on Internetware, September 2018, Article No. 5. DOI: 10.1145/3275219.3275225. [7] Lu K, Pakki A, Wu Q. Detecting missing-check bugs via semantic-and context-aware criticalness and constraints inferences. In Proc. the 28th USENIX Security Symposium, August 2019, pp.1769-1786. [8] Yamaguchi F, Wressnegger C, Gascon H, Rieck K. Chucky: Exposing missing checks in source code for vulnerability discovery. In Proc. the 2013 ACM SIGSAC Conference on Computer & Communications Security, November 2013, pp.499-510. DOI: 10.1145/2508859.2516665. [9] Min C, Kashyap S, Lee B, Song C, Kim T. Crosschecking semantic correctness: The case of finding file system bugs. In Proc. the 25th Symposium on Operating Systems Principles, October 2015, pp.361-377. DOI: 10.1145/2815400.2815422. [10] Lu K, Pakki A, Wu Q. Automatically identifying security checks for detecting kernel semantic bugs. In Proc. the 24th European Symposium on Research in Computer Security, September 2019, pp.3-25. DOI: 10.1007/978-3-030-29962-01. [11] Hunt A, Thomas D. The Pragmatic Programmer: From Journeyman to Master (1st edition). Addison-Wesley Professional, 1999. [12] Xu M, Qian C, Lu K, Backes M, Kim T. Precise and scalable detection of double-fetch bugs in OS kernels. In Proc. the 2018 IEEE Symposium on Security and Privacy, May 2018, pp.661-678. DOI: 10.1109/SP.2018.00017. [13] Son S, McKinley K S, Shmatikov V. RoleCast: Finding missing security checks when you do not know what checks are. In Proc. the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, October 2011, pp.1069-1084. DOI: 10.1145/2048066.2048146. [14] Monshizadeh M, Naldurg P, Venkatakrishnan V N. MACE: Detecting privilege escalation vulnerabilities in web applications. In Proc. the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, pp.690-701. DOI: 10.1145/2660267.2660337. [15] Sandhu R S, Samarati P. Access control: Principle and practice. IEEE Communications Magazine, 1994, 32(9): 40-48. DOI: 10.1109/35.312842. [16] Vijayakumar H, Ge X, Payer M, Jaeger T. JIGSAW: Protecting resource access by inferring programmer expectations. In Proc. the 23rd USENIX Security Symposium, August 2014, pp.973-988. [17] Muthukumaran D, Talele N, Jaeger T, Tan G. Producing hook placements to enforce expected access control policies. In Proc. the 7th International Symposium on Engineering Secure Software and Systems, March 2015, pp.178-195. DOI: 10.1007/978-3-319-15618-714. [18] Petracca G, Capobianco F, Skalka C, Jaeger T. On risk in access control enforcement. In Proc. the 22nd ACM Symposium on Access Control Models and Technologies, June 2017, pp.31-42. DOI: 10.1145/3078861.3078872. [19] Zhang Y, Kasahara S, Shen Y et al. Smart contractbased access control for the Internet of Things. IEEE Internet of Things Journal, 2018, 6(2): 1594-1605. DOI: 10.1109/JIOT.2018.2847705. [20] Yun I, Min C, Si X, Jang Y, Kim T, Naik M. APISan: Sanitizing API usages through semantic cross-checking. In Proc. the 25th USENIX Security Symposium, August 2016, pp.363-378. [21] Wang X, Chen H, Jia Z, Zeldovich N, Kaashoek M. Improving integer security for systems with KINT. In Proc. the 10th USENIX Symposium on Operating Systems Design and Implementation, October 2012, pp.163-177. [22] Lu K, Song C, Kim T, Lee W. UniSan: Proactive kernel memory initialization to eliminate data leakages. In Proc. the 2016 ACM SIGSAC Conference on Computer and Communications Security, October 2016, pp.920-932. DOI: 10.1145/2976749.2978366. [23] Machiry A, Spensky C, Corina J, Stephens N, Kruegel C, Vigna G. DR. CHECKER: A soundy analysis for Linux kernel drivers. In Proc. the 26th USENIX Security Symposium, August 2017, pp.1007-1024. [24] Padioleau Y, Lawall J, Hansen R R, Muller G. Towards documenting and automating collateral evolutions in Linux device drivers. ACM SIGOPS Operating Systems Review, 2008, 42(4): 247-260. DOI: 10.1145/1357010.1352618. |
[1] | Xu-Zhou Zhang, Yun-Zhan Gong, Ya-Wen Wang, Ying Xing, Ming-Zhe Zhang. Automated String Constraints Solving for Programs Containing String Manipulation Functions [J]. , 2017, 32(6): 1125-1135. |
|
|