Web Service Specifications
Reliability Messaging Specifications
Interoperability Specifications
Secure Information Flow
Control
Information Flow for Secure Distributed Applications (Winnie Wing-Yee Cheng, MIT, PhD thesis, 2009)
Securing Unthrustworthy Software Using Information Flow Control (Nikolai Zeldovic , Stanford, PhD Thesis, 2007)
Trust Broker
Z Malik,
B. Medjahed. Trust Assessment for Web Services under
Uncertainty, ICSOC 2010 LNCS 6470, pp 471-485, 2010
A B Can, B. Bhargava.
SORT: A Self-Organizing Trust Model for Peer-to-Peer Systems
A B Can, B. Bhargava.
K-anonymity Protection for Responders in Peer-to-Peer Systems
References on Taint
Analysis
[CF07] CHANDRA,
D., FRANZ, M. Fine-Grained Information Flow Analysis and Enforcement in a Java
Virtual Machine. In Proceedings of the
23rd Annual Computer Security Applications Conference (ACSAC) (December 2007).
[CG09] COX, L. P., GILBERT, P. RedFlag:
Reducing Inadvertent Leaks by Personal Machines. Tech. Rep.
TR-2009-02, Duke University, 2009.
[CL07] CLAUSE, J., LI, W.,
ORSO, A. Dytan: A Generic Dynamic Taint Analysis
Framework. In Proceedings of the 2007 international symposium
on Software testing and analysis (2007), pp. 196206.
[CZ06] CHENG, W., ZHAO, Q., YU,
B., HIROSHIGE, S. Taint-Trace: Efficient Flow Tracing with Dyanmic
Binary Rewriting. In Proceedings of the IEEE Symposium on Computers and
Communications (ISCC) (June 2006), pp. 749754.
[DD77] DENNING,
D. E., DENNING, P. J. Certification of Programs for Secure Information Flow. Communications of the ACM 20, 7 (July 1977).
[De76] DENNING,
D. E. A
Lattice Model of Secure Information Flow. Communications of the ACM 19,
5 (May 1976), 236243.
[DJ08] DESMET, L., JOOSEN, W., MASSACCI, F., PHILIPPAERTS, P., PIESSENS,
F., SIAHAAN, I., VANOVERBERGHE, D. Security-by-contract on the .NET platform.
Information Security Technical Report 13, 1 (January 2008), 2532.
[EG10] William
Enck, Peter Gilbert, Byung-gon
Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel,
and Anmol N. Sheth. TaintDroid: An
Information-Flow Tracking System for Realtime Privacy
Monitoring on Smartphones In
Proc. of the USENIX Symposium on Operating Systems Design and Implementation
(OSDI), October 2010.
[EO09] ENCK, W., ONGTANG, M., MCDANIEL, P. On
Lightweight Mobile Phone Application Certification. In Proceedings of
the 16th ACM Conference on Computer and Communications Security (CCS) (November
2009).
[HA06] HICKS, B., AHMADIZADEH, K., MCDANIEL, P. Understanding practical
application development in security-typed languages. In
22st Annual Computer Security Applications Conference (ACSAC) (2006), pp.
153164.
[HC05] HALDAR,
V., CHANDRA, D., FRANZ, M. Dynamic Taint Propagation for Java. In Proceedings of the 21st Annual Computer
Security Applications Conference (ACSAC) (December 2005), pp. 303311.
[HF06] HO, A., FETTERMAN, M.,
CLARK, C., WARFIELD, A., HAND, S. Practical Taint-Based Protection using Demand
Emulation. In Proceedings of the European Conference on
Computer Systems (EuroSys) (2006), pp. 2941.
[HO08] HALFOND, W. G., ORSO, A., MANOLIOS, P. WASP: ProtectingWeb Applications Using Positive Tainting and Syntax-Aware
Evaluation. IEEE Transactions on Software Engineering 34, 1 (2008), 6581.
[HS10] HOWELL, J., SCHECHTER,
S. What You See is What they Get: Protecting users
from unwanted use of microphones, camera, and other sensors. In
Proceedings of Web 2.0 Security and Privacy Workshop (2010).
[JS08] JUNG, J., SHETH,
A., GREENSTEIN, B., WETHERALL, D., MAGANIS, G., KOHNO, T.
Privacy Oracle: A System for Finding Application Leaks with Black Box
Differential Testing. In Proceedings of ACM CCS (2008).
[KH08] KING, D., HICKS, B.,
HICKS, M., JAEGER, T. Implicit Flows: Cant Live with Em,
Cant Live without Em. In Proceedings of the
International Conference on Information Systems
Security (2008).
[KY07] KROHN,
M., YIP, A., BRODSKY, M., CLIFFER, N., KAASHOEK, M. F., KOHLER, E., MORRIS, R.
Information Flow Control for Standard OS Abstractions. In Proceedings of ACM
Symposium on Operating Systems Principles (2007).
[LC06] LAM, L. C., CKER CHIUEH,
T. A General Dynamic Information
Flow Tracking Framework for Security Applications. In
Proceedings of the Annual Computer Security Applications Conference (ACSAC)
(2006).
[ML00] MYERS, A. C., LISKOV, B.
Protecting Privacy Using the Decentralized Label Model. ACM Transactions on
Software Engineering and Methodology 9, 4 (October 2000), 410442.
[NS07] NAIR, S. K., SIMPSON, P.
N., CRISPO, B., TANENBAUM, A. S. A Virtual Machine Based Information Flow
Control System for Policy Enforcement. In the 1st
International Workshop on Run Time Enforcement for Mobile and Distributed Systems
(REM) (2007).
[NS05] NEWSOME,
J., SONG, D. Dynamic Taint Analysis for Automatic Detection, Analysis, and
Signature Generation of Exploits on Commodity Software. In Proc. of Network and
Distributed System Security Symposium (2005).
[OM09] ONGTANG, M., MCLAUGHLIN, S., ENCK, W., MCDANIEL,
P. Semantically Rich Application-Centric Security in Android. In Proceedings of the 25th Annual Computer Security Applications
Conference (ACSAC) (2009).
[QW06] QIN, F., WANG, C., LI, Z., SEOP KIM, H., ZHOU,
Y., WU, Y. LIFT: A Low-Overhead Practical Information Flow Tracking System for
Detecting Security Attacks. In Proceedings of the 39th Annual IEEE/ACM
International Symposium on Microarchitecture (2006),
pp. 135148.
[RP09] ROY, I., PORTER, D. E.,
BOND, M. D., MCKINLEY, K. S., WITCHEL, E. Laminar: Practical Fine-Grained
Decentralized Information Flow Control. In Proceedings of
Programming Language Design and Implementation (2009).
[SA10] SCHWARTZ,
E. J., AVGERINOS, T., BRUMLEY, D. All You Ever Wanted to Know about Dynamic Taint Analysis and
Forward Symbolic Execution (but might have been afraid to ask). In IEEE Symposium on Security and Privacy (2010).
[SL04] SUH, G. E., LEE, J. W.,
ZHANG, D., DEVADAS, S. Secure Program Execution via Dynamic Information Flow
Tracking. In Proceedings of Architectural Support for
Programming Languages and Operating Systems (2004).
[SM03] SABELFELD, A.,
MYERS, A. C. Language-based information-flow security. IEEE Journal on Selected
Areas in Communication 21, 1 (January 2003), 519.
[SS08] SAXENA, P., SEKAR, R.,
PURANIK, V. Efficient Fine-Grained Binary Instrumentation with Applications to
Taint-Tracking. In Proceedings of the IEEE/ACM symposium on
Code Generation and Optimization (CGO) (2008).
[VB04] VACHHARAJANI, N.,
BRIDGES, M. J., CHANG, J., RANGAN, R., OTTONI, G., BLOME, J. A., REIS, G. A.,
VACHHARAJANI, M., AUGUST, D. I. RIFLE: An Architectural Framework for
User-Centric Information-Flow Security. In Proceedings of the
37th annual [] IEEE/ACM International Symposium on Microarchitecture (2004), pp. 243254.
[VE07] VANDEBOGART, S.,
EFSTATHOPOULOS, P., KOHLER, E., KROHN, M., FREY, C., ZIEGLER, D., KAASHOEK, F.,
MORRIS, R., MAZI`E RES, D. Labels and Event Processes in the Asbestos Operating
System. ACM Transactions on Computer Systems (TOCS) 25, 4 (December 2007).
[VN07] VOGT, P., NENTWICH, F.,
JOVANOVIC, N., KIRDA, E., KRUEGEL, C., VIGNA, G. Cross-Site Scripting
Prevention with Dynamic Data Tainting and Static Analysis. In
Proc. of Network & Distributed System Security (2007).
[WL08] WANG, X., LI, Z.,
LI, N., AND CHOI, J. Y. PRECIP: Towards Practical and Retrofittable
Confidential Information Protection. In Proceedings of 15th
Network and Distributed System Security Symposium (NDSS) (2008).
[XB06] XU, W., BHATKAR, S.,
SEKAR, R. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a
Wide Range of Attacks. In Proceedings of the USENIX Security Symposium (August
2006), pp. 121136.
[YM07] YUMEREFENDI, A.
R., MICKLE, B., AND COX, L. P. TightLip: Keeping
Applications from Spilling the Beans. In Proceedings of the
4th USENIX Symposium on Network Systems Design & Implementation (NSDI)
(2007).
[YS07] YIN, H., SONG, D.,
EGELE, M., KRUEGEL, C., KIRDA, E. Panorama: Capturing System-wide
Information Flow for Malware Detection and Analysis. In
Proceedings of ACM Computer and Communications Security (2007).
[YW09] YIP, A., WANG, X.,
ZELDOVICH, N., AND KAASHOEK, M. F. Improving Application Security with Data
Flow Assertions. In Proceedings of the
ACM Symposium on Operating Systems Principles (Oct. 2009).
[ZB06] ZELDOVICH, N.,
BOYD-WICKIZER, S., KOHLER, E., MAZI`ERES, D. Making Information Flow Explicit
in HiStar. In Proceedings of the
7th symposium on Operating Systems Design and Implementation (OSDI) (2006).
[ZJ09] ZHU, D., JUNG, J., SONG,
D., KOHNO, T., WETHERALL, D. Privacy Scope: A Precise Information Flow Tracking
System For Finding Application Leaks. Tech. Rep. EECS-2009-145, Department of Computer Science, UC
Berkeley, 2009.