Database history: from dinosaurs to compact discs
Journal of the American Society for Information Science
Lex & yacc
ACM Computing Surveys (CSUR)
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Tcl and the Tk toolkit
Exploiting domain architectures in software reuse
SSR '95 Proceedings of the 1995 Symposium on Software reusability
A layered architecture for querying dynamic Web content
SIGMOD '99 Proceedings of the 1999 ACM SIGMOD international conference on Management of data
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Inoculating software for survivability
Communications of the ACM
On the functional relation between security and dependability impairments
Proceedings of the 1999 workshop on New security paradigms
Programming Techniques: Regular expression search algorithm
Communications of the ACM
Communications of the ACM
Rational unified process and unified modeling language - a GOMS analysis
Unified modeling language
Secure access to data over the Internet
PDIS '94 Proceedings of the third international conference on on Parallel and distributed information systems
Writing Secure Code
Managing Software Development for Survivable Systems
Annals of Software Engineering
Survivability: Protecting Your Critical Systems
IEEE Internet Computing
The Case for Java as a Programming Language
IEEE Internet Computing
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
SPIRE '00 Proceedings of the Seventh International Symposium on String Processing Information Retrieval (SPIRE'00)
Mastering Regular Expressions
Architectural Approaches to Information Survivability
Architectural Approaches to Information Survivability
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Forensic Discovery
An Empirical Study of Programming Language Trends
IEEE Software
Regular expressions: new results and open problems
Journal of Automata, Languages and Combinatorics - Special issue: Selected papers of the fourth international workshop on descriptional complexity of formal systems
Secure Coding in C and C++: Of Strings and Integers
IEEE Security and Privacy
Foundations of Security: What Every Programmer Needs to Know
Foundations of Security: What Every Programmer Needs to Know
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
IEEE Internet Computing
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Statistically regulating program behavior via mainstream computing
Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization
Robust and fast pattern matching for intrusion detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
Hi-index | 0.00 |
For most computer end-users, web browsers and Internet services act as the providers and protectors of their personal information, from bank accounts to personal correspondence. These systems are critical to users' continued lifestyles but often show no evidence of survivability [45], or robustness against present and future attacks. Software defects, considered the largest risk to survivability [45], are quite prevalent in consumer products and Web service software components [12]. Recent widespread security issues [20] [19] serve to emphasize this fact and show a lack investment in survivability engineering practices [22] [23] [50] [53] that may have mitigated the risk. Common software components that comprise industry software, commercial or free, were authored and deployed with functional isolation in mind. Despite original intent, many of these components are migrating in to Internet-connected systems. The context switch from functional isolation to extreme connectivity changes the threat environment of these components dramatically [10] [53]. Most software that has undergone this sort of insecure context switch has received very little security attention. This paper briefly surveys recent examples of these sorts of context switches. In particular, we focus on the survivability and inoculation [31] of regular expression engine implementations in connected environments. Through the course of this research, a number of critical vulnerabilities were uncovered that traverse operating systems and applications including Adobe Flash, Apple Safari, Perl, GnuPG, and ICU.