S. Christey and R. A. Martin, Vulnerability type distributions in cve

M. Conover, Analysis of the windows vista security model. Symantec Corporation , http://www.symantec.com/avcenter/reference/Windows Vista Security Model Analysis.pdf, 2007.

S. Corp, Symantec internet security threat report: Trends for july-december 2007 (executive summary), pp.1-2, 2008.

M. Dalton, C. Kozyrakis, and N. Zeldovich, Nemesis: Preventing authentication & access control vulnerabilities in web applications, Proceedings of the Eighteenth Usenix Security Symposium (Usenix Security), 2009.

J. Grossman, Cross-site scripting worms and viruses. The impending threat and the best defense

S. E. Hallyn and A. G. Morgan, Linux capabilities: making them work, 2008.

R. Hansen, XSS cheat sheet

C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell, Protecting browser state from web privacy attacks, Proceedings of the 15th international conference on World Wide Web , WWW '06, 2006.
DOI : 10.1145/1135777.1135884

K. Jayaraman, W. Du, B. Rajagopalan, and S. J. Chapin, ESCUDO: A Fine-Grained Protection Model for Web Browsers, 2010 IEEE 30th International Conference on Distributed Computing Systems, 2010.
DOI : 10.1109/ICDCS.2010.71
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.211.7186

S. Kamkar, The samy worm story, 2005.

S. Kamkar, Technical explanation of the myspace worm, 2005.

C. Karlof, U. Shankar, J. D. Tygar, and D. Wagner, Dynamic pharming attacks and locked same-origin policies for web browsers, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, 2007.
DOI : 10.1145/1315245.1315254
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.158.9247

B. Livshits and . Erlingsson, Using web application construction frameworks to protect against code injection attacks, Proceedings of the 2007 workshop on Programming languages and analysis for security , PLAS '07, 2007.
DOI : 10.1145/1255329.1255346

T. Luo and W. Du, Contego: Capability-Based Access Control for Web Browsers, Proceedings of the 4th International Conference on Trust and Trustworthy Computing, 2011.
DOI : 10.1109/SP.2009.21

A. Leo, V. B. Meyerovich, and . Livshits, Conscript: Specifying and enforcing finegrained security policies for javascript in the browser, IEEE Symposium on Security and Privacy, pp.481-496, 2010.

N. Security and A. , Security-Enhanced Liunx Available at http://www.nsa. gov/selinux

B. Parno, J. M. Mccune, D. Wendlandt, D. G. Andersen, and A. Perrig, CLAMP: Practical Prevention of Large-Scale Data Leaks, 2009 30th IEEE Symposium on Security and Privacy, 2009.
DOI : 10.1109/SP.2009.21

K. Patil, X. Dong, X. Li, Z. Liang, and X. Jiang, Towards Fine-Grained Access Control in JavaScript Contexts, 2011 31st International Conference on Distributed Computing Systems, 2011.
DOI : 10.1109/ICDCS.2011.87
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.297.8279

J. Solorzano, The Lobo Project

S. Microsystems and . Inc, White paper: Trusted Solaris 8 operating environment

X. Tan, W. Du, T. Luo, and K. Soundararaj, SCUTA, Proceedings of the 17th ACM symposium on Access Control Models and Technologies, SACMAT '12, 2011.
DOI : 10.1145/2295136.2295152

A. Vance, Times web ads show security breach

W. Security, Whitehat website security statistic report, 2010.

A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek, Improving application security with data flow assertions, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, 2009.
DOI : 10.1145/1629575.1629604