, Security Analysis and Enhancements of Computer Operating Systems, 1976.
DOI : 10.6028/NBS.IR.76-1041
, A Taxonomy of Security Faults in the UNIX Operating System, 1995.
, A Critical Analysis of Vulnerability Taxonomies, 1996.
, Fixing Races for Fun and Profit: How to Abuse atime, Proceedings of the 14th conference on USENIX Security Symposium SSYM'05, pp.20-20, 2005.
, Exploit Programming: From Buffer Overflows to " Weird Machines " and Theory of Computation. USENIX ;login, 2011.
, Remote timing attacks are practical, Computer Networks, vol.48, issue.5, 2003.
DOI : 10.1016/j.comnet.2005.01.010
, Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow, 2010 IEEE Symposium on Security and Privacy, 2010.
DOI : 10.1109/SP.2010.20
, Non-control-hijacking attacks are realistic threats, USENIX Security, 2005.
, Computer viruses, 7th DoD/NBS Computer Security Conference Proceedings, pp.240-263, 1984.
DOI : 10.1016/0167-4048(87)90122-2
, Holographic vulnerability studies, Proceedings of the 2012 workshop on New security paradigms, NSPW '12, p.2012
DOI : 10.1145/2413296.2413309
, Fixing Races for Fun and Profit: How to Use access, Proceedings of the 13th conference on USENIX Security Symposium, pp.14-14, 2004.
, Protection Analysis Project Final Report. ISI/RR-78-13, 1978.
, Memento: Learning Secrets from Process Footprints, 2012 IEEE Symposium on Security and Privacy, 2012.
DOI : 10.1109/SP.2012.19
, Buffer Overflow and Format String Overflow Vulnerabilities. Software -Practice and Experience, pp.423-460, 2002.
, A taxonomy of computer program security flaws, ACM Computing Surveys, vol.26, issue.3, 1994.
DOI : 10.1145/185403.185412
, How to systematically classify computer security intrusions, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097), 1997.
DOI : 10.1109/SECPRI.1997.601330
, Operating system integrity in OS/VS2, IBM Systems Journal, vol.13, issue.3, pp.230-252, 1974.
DOI : 10.1147/sj.133.0230
, Vulnerabilities and responsibilities: dealing with monsters in computer security Journal of information, communication and ethics in society, pp.243-257, 2009.
, Let's Parse to Prevent pwnage (invited position paper), Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats, LEET'12, pp.3-3
, The geometry of innocent flesh on the bone, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, pp.552-561, 2007.
DOI : 10.1145/1315245.1315313
, A network-based asynchronous architecture for cryptographic devices, 2005.
, The Essence of Command Injection Attacks in Web Applications, Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '06, pp.372-382, 2006.
, How to Shop for Free Online -- Security Analysis of Cashier-as-a-Service Based Web Stores, 2011 IEEE Symposium on Security and Privacy, pp.465-480, 2011.
DOI : 10.1109/SP.2011.26
, Static detection of cross-site scripting vulnerabilities, Proceedings of the 13th international conference on Software engineering , ICSE '08, 2008.
DOI : 10.1145/1368088.1368112
, Data mining, ACM SIGMOD Record, vol.31, issue.1, 2005.
DOI : 10.1145/507338.507355
, Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems, 2009.
, Keyboard acoustic emanations revisited, ACM Conference on Computer and Communications Security (CCS), 2005.