Sciweavers

JTAER
2010
121views more  JTAER 2010»
13 years 9 months ago
A Semantic Data Validation Service for Web Applications
An Input validation can be a critical issue. Typically, a little attention is paid to it in a web development project, because overenthusiastic validation can tend to cause failur...
Shadi Aljawarneh, Faisal Alkhateeb, Eslam Al Magha...
ESEM
2010
ACM
13 years 9 months ago
Strengthening the empirical analysis of the relationship between Linus' Law and software security
Open source software is often considered to be secure because large developer communities can be leveraged to find and fix security vulnerabilities. Eric Raymond states Linus’ L...
Andrew Meneely, Laurie A. Williams
SAC
2002
ACM
13 years 10 months ago
Collaborative attack modeling
Avoidance and discovery of security vulnerabilities in information systems requires awareness of typical risks and a good understanding of vulnerabilities and their exploitations....
Jan Steffan, Markus Schumacher
TON
2008
86views more  TON 2008»
13 years 10 months ago
Securing user-controlled routing infrastructures
Designing infrastructures that give untrusted third parties (such as end-hosts) control over routing is a promising research direction for achieving flexible and efficient communic...
Karthik Lakshminarayanan, Daniel Adkins, Adrian Pe...
CJ
2007
85views more  CJ 2007»
13 years 10 months ago
On The Security of a Group Key Agreement Protocol
In this paper we show that the group key agreement protocol proposed by Tseng suffers from a number of serious security vulnerabilities.
Qiang Tang
CCS
2010
ACM
13 years 11 months ago
Symbolic security analysis of ruby-on-rails web applications
Many of today's web applications are built on frameworks that include sophisticated defenses against malicious adversaries. However, mistakes in the way developers deploy tho...
Avik Chaudhuri, Jeffrey S. Foster
ASPLOS
2008
ACM
14 years 22 days ago
Archipelago: trading address space for reliability and security
Memory errors are a notorious source of security vulnerabilities that can lead to service interruptions, information leakage and unauthorized access. Because such errors are also ...
Vitaliy B. Lvin, Gene Novark, Emery D. Berger, Ben...
APSCC
2008
IEEE
14 years 22 days ago
Contract-Based Security Monitors for Service Oriented Software Architecture
Monitors have been used for real-time systems to ensure proper behavior; however, most approaches do not allow for the addition of relevant fields required to identify and react t...
Alexander M. Hoole, Issa Traoré
WETICE
2000
IEEE
14 years 3 months ago
Reducing Software Security Risk through an Integrated Approach
This paper presents joint work by the California Institute of Technology’s Jet Propulsion Laboratory and the University of California at Davis (UC Davis) sponsored by the Nation...
David P. Gilliam, John C. Kelly, Matt Bishop
ICSM
2002
IEEE
14 years 3 months ago
Maintaining Software with a Security Perspective
Testing for software security is a lengthy, complex and costly process. Currently, security testing is done using penetration analysis and formal verification of security kernels....
Kanta Jiwnani, Marvin V. Zelkowitz