Hao Chen, David Wagner, Drew Dean  Home/Search
Context Related
Links: ACM DBLP | berkeley.edu/~daw/...setuidusenix02.ps Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: berkeley.edu/~daw/papers/ (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: Access control in Unix systems is mainly based on user IDs, yet the system calls that modify user IDs (uid-setting system calls), such as setuid, are poorly designed, insufficiently documented, and widely misunderstood and misused. This has caused many security vulnerabilities in application programs. We propose to make progress on the setuid mystery through two approaches. First, we study kernel sources and compare the semantics of the uid-setting system calls in three major Unix systems:... (Update)
Cited by: More
Generating Tests from Counterexamples - Beyer, Chlipala, Henzinger.. (2004) (Correct)
MOPS: an Infrastructure for Examining Security Properties of.. - Chen, Wagner (2002) (Correct)
Automatic Discovery of API-Level Vulnerabilities - Sanjit (Correct)
Active bibliography (related documents): More All
0.5: The Authorization Service of Tivoli Policy Director - Karjoth (2001) (Correct)
0.1: Original Article - Berry Daudjee Dong (Correct)
0.1: Data Management Techniques To Handle Large Data Arrays In Hdf - Velamparampil (1998) (Correct)
Similar documents based on text: More All
0.4: Reconstructing Trust Management - Ajay Chander Ajayc (2004) (Correct)
0.3: Automated Detection of Vulnerabilities in Privileged.. - Ko, Fink, Levitt (1994) (Correct)
0.2: Deconstructing Trust Management - Ajay Chander Stanford (2002) (Correct)
Related documents from co-citation: More All
7: MOPS: an infrastructure for examining security properties of software - Chen, Wagner - 2002
6: The SLAM project: debugging system software via static analysis (context) - Ball, Rajamani - 2002
4: Chaff: Engineering an Efficient SAT Solver - Moskewicz, Madigan et al. - 2001
BibTeX entry: (Update)
H. Chen, D. Wagner, and D. Dean. Setuid demystified. curity Symposium, 2002. http://citeseer.ist.psu.edu/chen02setuid.html More
@misc{ chen02setuid,
author = "H. Chen and D. Wagner and D. Dean",
title = "Setuid demystified",
text = "H. Chen, D. Wagner, and D. Dean. Setuid demystified. curity Symposium,
2002.",
year = "2002",
url = "citeseer.ist.psu.edu/chen02setuid.html" }
Citations (may not include all citations):106 Advanced Programming in the UNIX Environment (context) - Stevens - 1992 ACM
11 How to write a setuid program (context) - Bishop - 1987
7 IEEE standard portable operating system interface for comput.. (context) - Standard - 1988
2 Implementing Chinese walls in Unix (context) - Foley - 1997
1 http: //yarchive (context) - Torek, Dik
1 An infrastructure for examining security properties of softw.. (context) - Chen, Wagner et al.
http://www.sendmail.org/sendmail
http://www.sun.com/software/solaris/
http://razor.bindview.com/publish/
http://www.freebsd.org
www.uspto.gov
http://www.kernel.org
http://www.sendmail.org/
The graph only includes citing articles where the year of publication is known.
Documents on the same site (http://www.cs.berkeley.edu/~daw/papers/): More
Building PRFs from PRPs - Hall, Wagner, Kelsey, Schneier (1998) (Correct)
Cryptanalysis of TWOPRIME - Coppersmith, Wagner, Schneier, Kelsey (1998) (Correct)
Cryptanalysis of Some Recently-Proposed Multiple Modes of Operation - Wagner (1998) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC