CiteSeerX — Search Results — homogeneous security vulnerability

Results 21 - 30 of 9,278

Finding Security Vulnerabilities in Java Applications with Static Analysis

by V. Benjamin Livshits , Monica S. Lam , 2005

"... This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of securi ..."

Abstract - Cited by 169 (3 self) - Add to MetaCart

of security vulnerabilities in Web applications. We propose a static analysis approach based on a scalable and precise points-to analysis. In our system, user-provided specifications of vulnerabilities are automatically translated into static analyzers. Our approach finds all vulnerabilities matching a

A Study of Android Application Security.

by William Enck , Damien Octeau , Patrick Mcdaniel , Swarat Chaudhuri , 2011

"... Abstract The fluidity of application markets complicate smartphone security. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smartphone applications. This paper seeks to better understand smartphone applica ..."

Abstract - Cited by 218 (10 self) - Add to MetaCart

Abstract The fluidity of application markets complicate smartphone security. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smartphone applications. This paper seeks to better understand smartphone

Statically Detecting Likely Buffer Overflow Vulnerabilities

by David Larochelle, David Evans - In Proceedings of the 10th USENIX Security Symposium , 2001

"... Buffer overflow attacks may be today's single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semant ..."

Abstract - Cited by 191 (8 self) - Add to MetaCart

Buffer overflow attacks may be today's single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)

by Nenad Jovanovic, Christopher Kruegel, Engin Kirda - IN 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY , 2006

"... The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated so ..."

Abstract - Cited by 212 (23 self) - Add to MetaCart

The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated

Building Diverse Computer Systems

by Stephanie Forrest, Anil Somayaji , David H. Ackley

"... Diversity is an important source of robustness in biological systems. Computers, by contrast, are notable for their lack of diversity. Although homogeneous systems have many advantages, the beneficial effects of diversity in computing systems have been overlooked, specifically in the area of compute ..."

Abstract - Cited by 246 (19 self) - Add to MetaCart

Diversity is an important source of robustness in biological systems. Computers, by contrast, are notable for their lack of diversity. Although homogeneous systems have many advantages, the beneficial effects of diversity in computing systems have been overlooked, specifically in the area

Improving Security Using Extensible Lightweight Static Analysis

by David Evans, David Larochelle, Security Attacks , 2002

"... This article describes a way to codify that knowledge. We describe Splint, a tool that uses lightweight static analysis to detect likely vulnerabilities in programs. Splint's analyses are similar to those done by a compiler. Hence, they are efficient and scalable, but they can detect a wide ran ..."

Abstract - Cited by 206 (6 self) - Add to MetaCart

This article describes a way to codify that knowledge. We describe Splint, a tool that uses lightweight static analysis to detect likely vulnerabilities in programs. Splint's analyses are similar to those done by a compiler. Hence, they are efficient and scalable, but they can detect a wide

Intrusion Detection Techniques for Mobile Wireless Networks

by Yongguang Zhang, Wenke Lee, Yi-an Huang , 2003

"... this paper, we examine the vulnerabilities of wireless networks and argue that we must include intrusion detection in the security architecture for mobile computing environment. We have developed such an architecture and evaluated a key mechanism in this architecture, anomaly detection for mobile ..."

Abstract - Cited by 224 (1 self) - Add to MetaCart

this paper, we examine the vulnerabilities of wireless networks and argue that we must include intrusion detection in the security architecture for mobile computing environment. We have developed such an architecture and evaluated a key mechanism in this architecture, anomaly detection for mobile

Sound and Precise Analysis of Web Applications for Injection Vulnerabilities

by Gary Wassermann, Zhendong Su - PLDI'07 , 2007

"... Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections; w ..."

Abstract - Cited by 161 (5 self) - Add to MetaCart

Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections

Towards automatic generation of vulnerability-based signatures

by David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha , 2006

"... In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and vulnerability exerci ..."

Abstract - Cited by 153 (28 self) - Add to MetaCart

In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and vulnerability

Scalable, Graph-based Network Vulnerability Analysis,”

by Paul Ammann , Duminda Wijesekera , Saket Kaushik - Proceedings of the 9th ACM Conference on Computer and Communications Security, , 2002

"... ABSTRACT Even well administered networks are vulnerable to attack. Recent work in network security has focused on the fact that combinations of exploits are the typical means by which an attacker breaks into a network. Researchers have proposed a variety of graph-based algorithms to generate attack ..."

Abstract - Cited by 152 (0 self) - Add to MetaCart

ABSTRACT Even well administered networks are vulnerable to attack. Recent work in network security has focused on the fact that combinations of exploits are the typical means by which an attacker breaks into a network. Researchers have proposed a variety of graph-based algorithms to generate

Results 21 - 30 of 9,278

Tools