SIDAN: A tool dedicated to software instrumentation for detecting attacks on non-control-data, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009), 2009. ,
DOI : 10.1109/CRISIS.2009.5411977
URL : https://hal.archives-ouvertes.fr/hal-00424574
Application Data Consistency Checking for Anomaly Based Intrusion Detection, Proceedings of the 11th International Symposium on Stabilization , Safety, and Security of Distributed Systems, 2009. ,
DOI : 10.1007/978-3-642-05118-0_50
URL : https://hal.archives-ouvertes.fr/hal-00424584
Building an Application Data Behavior Model for Intrusion Detection, Proceedings of the 23rd Annual IFIP WG 113 Working Conference on Data and Applications Security, 2009. ,
DOI : 10.1007/978-3-642-03007-9_21
URL : https://hal.archives-ouvertes.fr/hal-00441423
Automatic Software Instrumentation for the Detection of Non-control-data Attacks, Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, 2009. ,
DOI : 10.1007/978-3-642-04342-0_19
URL : https://hal.archives-ouvertes.fr/hal-00420086
Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs, Proceedings of the 23rd IFIP International Information Security Conference, 2008. ,
DOI : 10.1007/978-0-387-09699-5_20
URL : https://hal.archives-ouvertes.fr/hal-00353005
Experiments on COTS Diversity as an Intrusion Detection and Tolerance Mechanism, Proceedings of the First Workshop on Recent Advances on Intrusion-Tolerant Systems, 2007. ,
URL : https://hal.archives-ouvertes.fr/hal-00268683
A Dependable Intrusion Detection Architecture Based on Agreement Services, Proceedings of the Eighth International Symposium on Stabilization, Safety, and Security of Distributed Systems, 2006. ,
DOI : 10.1007/978-3-540-49823-0_27
URL : https://hal.archives-ouvertes.fr/hal-00269302
COTS Diversity Based Intrusion Detection and Application to Web Servers, Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), 2005. ,
DOI : 10.1007/11663812_3
URL : https://hal.archives-ouvertes.fr/hal-00356396
A Language Driven Intrusion Detection System for Event and Alert Correlation, Proceedings of the 19th IFIP International Information Security Conference (IFIP SEC 2004) : Kluwer Academic, 2004. ,
DOI : 10.1007/1-4020-8143-X_14
Modelling an Autonomous Spacecraft Architecture ,
Supporting multiple levels of criticality, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224), 1998. ,
DOI : 10.1109/FTCS.1998.689456
Implementing Safety Critical Systems with Multiple Levels of Integrity, Proceedings of the Data Systems In Aerospace (DA- SIA'98, 1998. ,
Integrity management in GUARDS, IFIP International Conference on Distributed Systems Platforms and Open Distributed Processing (Middleware'98, 1998. ,
DOI : 10.1007/978-1-4471-1283-9_7
RRABIDS, un système de détection d'intrusion pour les applications Ruby on Rails, Actes du Symposium 2011 sur la Sécurité des Technologies de l'Information et des Communications, 2011. ,
Génération etévaluationetévaluation de mécanismes de détection d'intrusion au niveau applicatif, Actes de lacinquì eme conférence sur la Sécurité des Architectures Réseaux et Systèmes d'Information, 2010. ,
Protection des données utilisateurs dans une orchestration de Web-Services, Actes de lacinquì eme conférence sur la Sécurité des Architectures Réseaux et Systèmes d'Information, 2010. ,
Un modèle de comportement fondé sur les données pour la détection d'intrusion dans les applications, Actes de la 4` eme Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d'Information, 2009. ,
Détection d'intrusions et diagnostic d'anomalies dans un systéme diversifié par comparaison de graphes de flux d'informations, Proceedings of the 6th Conference on Security and Network Architectures, 2007. ,
Détection d'intrusions par diversification de COTS, Proceedings of the 4th Conference on Security and Network Architectures, 2005. ,
Coexistence de logiciels de di?érents niveaux de criticité dans des systèmes distribués, Actes des Journées Doctorales en Informatique et Réseaux (JDIR 98), 1998. ,
A Theory of Secure Control Flow, Proceedings of the International Conference on Formal Engineering Methods (ICFEM'2003), 2003. ,
DOI : 10.1007/11576280_9
Controlflow integrity, CCS '05 : Proceedings of the 12th ACM conference on Computer and communications security, pp.340-353, 2005. ,
On the implementation of N-version programming for software fault tolerance during execution, Proceedings of the IEEE International Computer Software and Applications Conference (COMPSAC 77), pp.149-155, 1977. ,
Preventing Memory Error Exploits with WIT, 2008 IEEE Symposium on Security and Privacy (sp 2008), pp.263-277, 2008. ,
DOI : 10.1109/SP.2008.30
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.414.2949
Basic concepts and taxonomy of dependable and secure computing, IEEE Transactions on Dependable and Secure Computing, vol.1, issue.1, pp.11-33, 2004. ,
DOI : 10.1109/TDSC.2004.2
Computer Security Threat Monitoring and Surveillance, 1980. ,
Dataflow anomaly detection, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006. ,
DOI : 10.1109/SP.2006.12
Secure computer system : Unified exposition and multics interpretation. Mtr-2997 ( esd-tr-75-306), MITRE Corp, 1976. ,
Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications, Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), pp.63-86, 2007. ,
DOI : 10.1007/978-3-540-74320-0_4
Abstract interpretation, Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages , POPL '77, pp.238-252, 1977. ,
DOI : 10.1145/512950.512973
URL : https://hal.archives-ouvertes.fr/inria-00528590
Securing software by enforcing data-flow integrity, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p.11, 2006. ,
Frama-c, framework for modular analysis of c ,
Automatic discovery of linear restraints among variables of a program, Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages , POPL '78, 1978. ,
DOI : 10.1145/512760.512770
Measuring the Similarity of Labeled Graphs, Proceedings of the 5th International Conference on Case-Based Reasoning, pp.80-95, 2003. ,
DOI : 10.1007/3-540-45006-8_9
Non-control-data attacks are realistic threats Implementing secure dependencies over a network by designing a distributed security subsystem, Usenix Security Symposium Proceedings of the Third European Symposium on Research in Computer Security (ESORICS'94), pp.177-192, 1994. ,
A clustering approach for web vulnerabilities detection, Proceedings of Pacific Rim International Symposium on Dependable Computing, pp.194-203, 2011. ,
Towards a taxonomy of intrusion-detection systems, Computer Networks, vol.31, issue.8, 1999. ,
DOI : 10.1016/S1389-1286(98)00017-6
Detecting Illegal System Calls Using a Data-Oriented Detection Model, Proceedings of the 26th IFIP TC-11 International Information Security Conference (IFIP SEC2011), 2011. ,
DOI : 10.1007/978-3-642-21424-0_25
URL : https://hal.archives-ouvertes.fr/hal-00657971
The Daikon system for dynamic detection of likely invariants, Science of Computer Programming, vol.69, issue.1-3, pp.35-45, 2007. ,
DOI : 10.1016/j.scico.2007.01.015
Toward automated detection of logic vulnerabilities in web applications, 19th USENIX Security Symposium, 2010. ,
Static analysis of arithmetical congruences, International Journal of Computer Mathematics, vol.30, pp.165-190, 1989. ,
Static analysis of linear congruence equalities among variables of a program, TAPSOFT'91, pp.169-192, 1991. ,
Softerror detection using control flow assertions, Proceedings of the 18th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT'03), 2003. ,
DOI : 10.1109/dftvs.2003.1250158
Gray-box extraction of execution graphs for anomaly detection, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, pp.318-329, 2004. ,
DOI : 10.1145/1030083.1030126
On gray-box program tracking for anomaly detection, USENIX Security Symposium, 2004. ,
Behavioral Distance for Intrusion Detection, Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), pp.63-81, 2005. ,
DOI : 10.1007/11663812_4
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.113.7936
Beyond Output Voting: Detecting Compromised Replicas Using HMM-Based Behavioral Distance, IEEE Transactions on Dependable and Secure Computing, vol.6, issue.2, 2008. ,
DOI : 10.1109/TDSC.2008.39
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.318.7952
Intrusion detection using sequences of system calls, Journal of Computer Security, vol.6, issue.3, pp.151-180, 1998. ,
Policy-based intrusion detection in web applications by monitoring java information flows, Int. J. Inf. Comput. Secur, vol.3, issue.34, pp.265-279, 2009. ,
URL : https://hal.archives-ouvertes.fr/hal-00448139
Learning unknown attacks - a start, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems], pp.158-176, 2002. ,
DOI : 10.1109/FITS.2003.1264944
Ane relationships among variables of a program, Acta Informatica, pp.133-151, 1976. ,
Secure execution via program shepherding, Proceedings of the Usenix Security Symposium, pp.191-206, 2002. ,
Automated detection of vulnerabilities in privileged programs by execution monitoring, Tenth Annual Computer Security Applications Conference ,
DOI : 10.1109/CSAC.1994.367313
Dependence graphs and its use in optimization Execution monitoring of security-critical programs in a distributed system : A specification-based approach, Bibliographie the 10th Annual Computer Security Applications Conference (ACSAC'94) Proceedings of the Eighth ACM Symposium on Principles of Programming Languages Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp.134-144, 1981. ,
Definition and analysis of hardware- and software-fault-tolerant architectures, Computer, vol.23, issue.7, pp.39-51, 1990. ,
DOI : 10.1109/2.56851
Exploiting execution context for the detection of anomalous system calls [MTMS08] Frédéric Majorczyk, Eric Totel, Ludovic Mé, and Ayda Saidane. Anomaly detection with diagnosis in diversified systems using information flow graphs Valgrind : A framework for heavyweight dynamic binary instrumentation, Proceeding of the 10th International Symposium on Recent Advances in Intrusion Detection Proceedings of the 23rd IFIP International Information Security Conference (IFIP SEC 2008) Proceedings of ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, pp.301-315, 2007. ,
System structure for software fault tolerance The design of a generic intrusion-tolerant architecture for web servers, Proceedings of the International Conference on Reliable softwareSND08] Ayda Saidane, Vincent Nicomette, and Yves Deswarte, pp.437-449, 1975. ,
A specification-based intrusion detection system for AODV, Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks , SASN '03, pp.125-134, 2003. ,
DOI : 10.1145/986858.986876
COTS Diversity Based Intrusion Detection and Application to Web Servers, Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), pp.43-62, 2005. ,
DOI : 10.1007/11663812_3
URL : https://hal.archives-ouvertes.fr/hal-00356396
A specification-based intrusion detection model for Bibliographie 111 ,
Ceda : Control-flow error detection through assertions, Proceedings of 8th International Symposium on Recent Advances in Intrusion Detection (RAID '2005), september 2005. [VA06] Ramtilak Vemu Proceedings of the 12th IEEE International On-Line Testing Symposium (IOLTS'06), 2006. ,
A stateful intrusion detection system for world-wide web servers, 19th Annual Computer Security Applications Conference, 2003. Proceedings., pp.34-43, 2003. ,
DOI : 10.1109/CSAC.2003.1254308
Program slicing, IEEE Transactions on Software Engineering, vol.10, issue.4, pp.352-357, 1982. ,
An Improved Reference Flow Control Model for Policy-Based Intrusion Detection, Proceedings of the 8th European Symposium on Research in Computer Security (ESORICS), 2003. ,
DOI : 10.1007/978-3-540-39650-5_17
URL : https://hal.archives-ouvertes.fr/hal-00356444