List Of Papers
From PROLANGS Wiki
February 1, 2007:
Key References:
- 8 Centonze
- 11,14 Pistoia
- 37 Denning&Denning
- 40 Gogeun et.al
- 43 Sabelfeld
- 45,46 Snelting et.al
- 47 Volpano
- 48 Livshits&Lam
- 59 Strom&Yemeni
- 62 Fink et.al
January 23, 2007:
Listed here are possible papers for us to read in the Spring 2007 PROLANGS Light Seminar in Software Security. They are mostly gathered from two places, private communications with Prof Zhendong Su of UC Davis and Dr. Marco Pistoia of IBM TJ Watson Research Center. Dr. Pistoia kindly has allowed us to read a private draft of an overview paper he and colleagues have written on "Using Static Analysis for Security Compliance Management". You will need to use the logon and password for the Seminar website in order to access this file. He will be visiting the seminar on February 22nd, 2007.
These incomplete lists are only up-to-date up to mid-year 2006, so there may be papers at meetings held after that time (e.g., PLDI'06, POPL'07) as well as other meetings/journals not necessarily summarized here: IEEE Security and Privacy (S&P), usually considered the best security conference; ACM Conference on Computer and Communications Security (CCS), one of the top two security conferences (together with S&P); USENIX Security Symposium (summer); Network and Distributed System Security Symposium (NDSS); and IEEE Transactions on Security and Privacy.
The papers divide into two general areas: those categorized by the static analysis used for specific security client problems (from Pistoia et. al's paper) and those categoried by the type of attack the address (from Su).
General readings
J. H. Saltzer and M. D. Schroeder, "The Protection of Information in Computer Systems" in Proceedings of the IEEE, vol. 63, no. 9, Sept. 1975, pp.1278-1308.
Static analyses for access control
D. F. Ferraiolo and D. R. Kuhn, "Role-Based Access Controls," in Proceedings of the 15th NIST-NCSC National Computer Security Conference, Baltimore, MD, USA, October 1992, pp. 554-563.
R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, "Role-based access control models", IEEE Computer, vol. 29, no. 2, pp.38-47, Feb. 1996.
A. Schaad and J. D. Moffett, "A Lightweight Approach to Specification and Analysis of Role-Based Access Control Extensions", in Proceedings of the 7th ACM Symposium on Access Control Models and Technologies. Monterey, CA, 2002, pp. 13-22.
G. Naumovich and P. Centonze, "Static Analysis of Role-Based Access Control in J2EE Applications", SIGSOFT Software Engineering Notes, vol. 29, no. 5, pp. 1-10, Sept. 2004.
M. Pistoia, R. J. Flynn, L. Koved, and V. C. Sreedhar, "Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection", in Proceedings of the 9th European Conference on Object-Oriented Programming. Glasgow, Scotland, July 2005.
P. Centonze, G. Naumovich, S. J. Fink, and M. Pistoia, "Role-Based Access Control Consistency Validation", in Proceedings of the International Symposium on Software Testing and Analysis (ISSTA'06), July 2006.
F. Schneider, G. Morrisett, and R. Harper, 'A Language-Based Approach to Security', Cornell University, Tech. Rep. TR2000-1825, Nov. 2000.
Information flow (i.e., integrity or confidentiality violations)
D. E. Denning and P. J. Denning, "Certification of Programs for Secure Information Flow", Communications of the ACM, vol.20, no.7, pp.504-513, July 1977.
D. E. Denning, "A Lattice Model of Secure Information Flow", Communications of the ACM, vol. 19, no. 5, pp. 236-243, May 1976.
J. A. Goguen and J. Meseguer, "Security Policies and Security Models", in Proceedings of the 1982 IEEE Symposium on Security and Privacy. Oakland, CA, USA: IEEE Computer Society Press, May 1982, pp. 11-20.
A. Sabelfeld and A. Myers, "Language-Based Information-Flow Security", IEEE Journal on Selected Areas in Communications, vol. 21, no. 1, pp. 5-19, Jan. 2003. http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf
J. Newsome and D. Song, "Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software",in Proceedings of the 12th Annual Network and Distributed System Security Symposium. San Diego, IEEE Computer Society, Feb. 2005.
V. B. Livshits and M. S. Lam, "Finding Security Vulnerabilities in Java Applications with Static Analysis", in Usenix Security Symposium, 2005.
U. Shankar, K. Talwar, J. S. Foster, and D. Wagner, "Detecting Format String Vulnerabilities with Type Qualifiers", in Proceedings of the 10th USENIX Security Symposium, Washington, DC, USA, Aug. 2001. (may be useful to also read J. S. Foster, T. Terauchi, and A. Aiken, "Flow-Sensitive Type Qualifiers", in Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, Berlin, Germany, June 2002, pp. 1-12.)
API conformance
R. E. Strom and S. Yemini, "Typestate: A programming language concept for enhancing software reliability", IEEE Trans. Software Eng., vol. 12, no. 1, pp. 157-171, 1986.
J. Whaley, M. Martin, and M. Lam, "Automatic extraction of object-oriented component interfaces", in Proceedings of the International Symposium on Software Testing and Analysis, July 2002. [Online]. Available: [1]
S. Fink, E. Yahav, Ramalingam, N. Dor, and E. Geay, "Effective typestate verification in the presence of aliasing", in Proceedings of the International Symposium on Software Testing and Analysis, 2006.
J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, and H. Zheng, "Bandera: Extracting finite-state models from Java source code", in Proc. Intl. Conf. on Software Eng., June 2000, pp. 439-448.
N. Dor, S. Adams, M. Das, and Z. Yang, "Software validation via scalable path-sensitive value flow analysis", in ISSTA, 2004, pp. 12-22. [Online]. Available: http://doi.acm.org/10.1145/1007515
Buffer Overflows, Format Strings, API rules, etc.
David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken," A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities". NDSS 2000. http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00.pdf
David Larochelle and David Evans, "Statically Detecting Likely Buffer Overflow Vulnerabilities". In Proceedings of the 2001 USENIX Security Symposium, Washington, D. C., August 13-17, 2001. http://lclint.cs.virginia.edu/usenix01.pdf
Vinod Ganapathy, Somesh Jha, David Chandler, David Melski and David Vitek, "Buffer Overrun Detection using Linear Programming and Static Analysis", 10th ACM Conference on Computer and Communications Security (CCS), October 2003. http://www.cs.wisc.edu/~jha/jha-papers/security/CCS_2003.pdf
Nurit Dor, Michael Rodeh, Shmuel Sagiv: "CSSV: towards a realistic tool for statically detecting all buffer overflows in C". PLDI 2003: 155-167. http://www.cs.tau.ac.il/~msagiv/cssv.pdf
Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. "Automated Detection of Format-String Vulnerabilities Using Type Qualifiers," in Proceedings of the 10th USENIX Security Symposium, August 2001. (duplicate entry) http://www.cs.berkeley.edu/~daw/papers/fmtstr-use01.pdf
Hao Chen, David Wagner: "MOPS: an infrastructure for examining security properties of software". ACM Conference on Computer and Communications Security 2002: 235-244. http://www.cs.berkeley.edu/~daw/papers/mops-ccs02.pdf
Ken Ashcraft, Dawson R. Engler: "Using Programmer-Written Compiler Extensions to Catch Security Holes". IEEE Symposium on Security and Privacy 2002: 143-159. http://www.stanford.edu/~engler/sp-ieee-02.pdf
Junfeng Yang, Ted Kremenek, Yichen Xie, Dawson R. Engler: "MECA: an extensible, expressive system and language for statically checking security properties". ACM Conference on Computer and Communications Security 2003: 321-334. http://www.stanford.edu/~engler/ccs03-meca.pdf
Binary Code Analysis for Worm and Virus Detection and Prevention
M. Christodorescu and S. Jha, "Static Analysis of Executables to Detect Malicious Patterns", Usenix Sexurity Symposium, August 2003. http://www.cs.wisc.edu/~jha/jha-papers/security/usenix_2003.pdf
Mihai Christodorescu, Somesh Jha: "Testing malware detectors". ISSTA 2004: 34-44. http://www.cs.wisc.edu/~jha/jha-papers/security/ISSTA_2004.pdf
Mihai Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Xiaodong Song, Randal E. Bryant: "Semantics-Aware Malware Detection". IEEE Symposium on Security and Privacy 2005: 32-46. http://www.cs.wisc.edu/~jha/jha-papers/security/oakland_2005_mihai.pdf
Jedidiah R. Crandall, Zhendong Su, Shyhtsun Felix Wu, Frederic T. Chong: "On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits". ACM Conference on Computer and Communications Security 2005: 235-248. http://www.cs.ucdavis.edu/~su/publications/ccsdacoda.pdf
Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong. "Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines". ASPLOS 2006. http://www.cs.ucdavis.edu/~su/publications/asplos06.pdf
Security in Database and Web Applications
Carl Gould, Zhendong Su, Prem Devanbu: "Static Checking of Dynamically Generated Queries in Database Applications". ICSE 2004: 645-654. http://www.cs.ucdavis.edu/~su/publications/icse.pdf
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo: "Securing web application code by static analysis and runtime protection". WWW 2004: 40-52. http://www2004.org/proceedings/docs/1p40.pdf
Zhendong Su, Gary Wassermann: "The essence of command injection attacks in web applications". POPL 2006: 372-382. http://www.cs.ucdavis.edu/~su/publications/popl06.pdf
Michael Martin, V. Benjamin Livshits, and Monica S. Lam:" Finding Application Errors and Security Flaws Using PQL: a Program Query Language". OOPSLA 2005. http://suif.stanford.edu/papers/oopsla05pql.pdf
V. Benjamin Livshits and Monica S. Lam: "Finding Security Vulnerabilities in Java Applications Using Static Analysis. USENIX Security Symposium, August 2005. http://suif.stanford.edu/papers/usenixsec05.pdf
Yichen Xie and Alex Aiken: "Static Detection of Security Vulnerabilities in Scripting Languages". 15th USENIX Security Symposium, 2006.
Benjamin Livshits (Stanford, one of Monica Lam's students) maintains a list with more papers: http://suif.stanford.edu/~livshits/work/griffin/lit.html
