Design of a safe string library for C
Software—Practice & Experience
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Towards agile security assurance
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
strlcpy and strlcat: consistent, safe, string copy and concatenation
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
IEEE Software
IEEE Security and Privacy
Security oriented program transformations (or how to add security on demand)
Companion to the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Evolution of the MTA architecture: the impact of security
Software—Practice & Experience
Improving perimeter security with security-oriented program transformations
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
| Hi-index | 0.00 |
Security experts generally believe that, "security cannot be added on, it must be designed from the beginning" [1]. This is because the typical way of improving system security by patches is ad hoc and has not produced good results. My work shows that retrofitting security does not need to be a massive reengineering effort, nor does it need to be ad hoc. Security solutions can be added through systematic, general purpose security-oriented program transformations. I have been maintaining a catalog of security-oriented program transformations; so far the catalog contains forty two transformations. These transformations improve the traditional approaches of security engineering and keep software secure in the face of new security threats.