, Secure computer system: Unified exposition and Multics interpretation, MITRE Corporation, 1976.
, GuardRails : A datacentric web application security framework, WebApps, pp.1-12, 2011.
, Symbolic security analysis of ruby-on-rails web applications, Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, 2010.
DOI : 10.1145/1866307.1866373
, Efficient character-level taint tracking for Java, Proceedings of the 2009 ACM workshop on Secure web services, SWS '09, pp.3-12, 2009.
DOI : 10.1145/1655121.1655125
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.153.7499
, The many faces of publish/subscribe, ACM Computing Surveys, vol.35, issue.2, pp.114-131, 2003.
DOI : 10.1145/857076.857078
, Accessed 5, 2011.
, Securing web application code by static analysis and runtime protection, Proceedings of the 13th conference on World Wide Web , WWW '04, 2004.
DOI : 10.1145/988672.988679
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.300.5048
, Pixy: a static analysis tool for detecting Web application vulnerabilities, 2006 IEEE Symposium on Security and Privacy (S&P'06), pp.258-263, 2006.
DOI : 10.1109/SP.2006.29
, High-performance event processing with information security, USENIX Annual Technical Conference, 2010.
, Protecting privacy using the decentralized label model, ACM Transactions on Software Engineering and Methodology, vol.9, issue.4, pp.410-442, 2000.
DOI : 10.1145/363516.363526
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.126.2197
, A Virtual Machine Based Information Flow Control System for Policy Enforcement, Electronic Notes in Theoretical Computer Science, vol.197, issue.1, pp.3-16, 2008.
DOI : 10.1016/j.entcs.2007.10.010
URL : http://doi.org/10.1016/j.entcs.2007.10.010
, Dynamic multi-process information flow tracking for web application security, Proceedings of the 8th ACM/IFIP/USENIX international conference on Middleware , Middleware '07, 2007.
DOI : 10.1145/1377943.1377956
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.81.3242
, Enforcing user privacy in web applications using Erlang, W2SP, 2010.
, Defending against injection attacks through contextsensitive string evaluation, Recent Advances in Intrusion Detection, pp.124-145, 2006.
DOI : 10.1007/11663812_7
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.3182
, http://github.com/rails/rails_xss, 2011.
, Laminar: Practical finegrained decentralized information flow control, PLDI, 2009.
, Accessed 5, 2011.
, Middleware support for complex and distributed security services in multi-tier web applications, Engineering Secure Software and Systems (ESSoS), pp.114-127, 2011.
, An empirical analysis of XSS sanitization in web application frameworks, 2011.
, A Policy Management Framework for Content-Based Publish/Subscribe Middleware, Proceedings of the ACM/IFIP/USENIX 2007 International Conference on Middleware, pp.368-388, 2007.
DOI : 10.1145/937503.937506
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.6252
, Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks, Security Symposium, pp.121-136, 2006.
, Event Exposure for Web Services: A Grey-Box Approach to Compose and Evolve Web Services, The Smart Internet, pp.197-215, 2010.
DOI : 10.1007/3-540-47993-7_14
, Improving application security with data flow assertions, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, 2009.
DOI : 10.1145/1629575.1629604
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.151.4790
, Dynamic Information Flow Control Architecture for Web Applications, ESORICS, 2007.
DOI : 10.1007/978-3-540-74835-9_18