acknowledgments
We thank the SOSP reviewers, David Mazières, and Martín
Abadi for insightful comments and useful suggestions.
This work was supported in part by the National Science
Foundation under grants 0430161 and 0627649, in part by a
grant from Microsoft Corporation, and in part by AF-TRUST
(Air Force Team for Research in Ubiquitous Secure
Technology for GIG/NCES), which receives support from the
DAF Air Force Office of Scientific Research (FA9550-06-1-
0244) and the NSF (0424422).
for detecting web application threat report, volume X. symantec
vulnerabilities. in Proceedings of the corporation, september 2006.
IEEE Symposium on Security and
21. thomas, d., fowler, c., hunt, a.
Privacy (May 2006), 258–263. Programming Ruby: The Pragmatic
13. Myers, a.c. Jflow: Practical Programmers’ Guide. the Pragmatic
mostly-static information flow Programmers, 2nd edition, 2004.
control. in Proceedings of the 26th isbn 0-974-51405-5.
ACM Symposium on Principles of
22. Xie, y., aiken, a. static detection of
Programming Languages (POPL) security vulnerabilities in scripting
(January 1999), 228–241. languages. in Proceedings of the 15th
14. Myers, a.c., liskov, b. Protecting privacy USENIX Security Symposium (July
using the decentralized label model. 2006), 179–192.
ACM Trans. Software Eng. Methodology
23. Xu, W., bhatkar, s., sekar, r. taint-
9, 4 (oct. 2000), 410–442. enhanced policy enforcement: a
15. Myers, a.c., zheng, l., zdancewic, s., practical approach to defeat a wide
chong, s., nystrom, n. Jif 3.0: Java range of attacks. in Proceedings
information flow. software release. of the 15th USENIX Security
References sound implementations for typed
http://www.cs.cornell.edu/jif, July Symposium (august 2006),
1. balfanz, d., felten, e. hand-held information-flow security. in IEEE
2006. 121–136.
computers can be better smart cards. Symposium on Computer Security
16. nguyen-tuong, a., guarneri, s., greene, 24. yang, f., gupta, n., gerner, n.,
in Proceedings of the 8th USENIX Foundations (June 2008), 323–335.
d., evans, d. automatically hardening Qi, X., demers, a., gehrke, J.,
Security Symposium (august 1999). 8. google Web toolkit. http://code.
web applications using precise shanmugasundaram, J. a unified
2. bergsten, h. JavaServer Pages, 3rd google.com/webtoolkit/.
tainting. in Proceedings of the 20th platform for data driven web
edition. o’reilly & associates, 2003. 9. halfond, W., orso, a. aMnesia:
International Information Security applictions with automatic client–
3. chong, s. liu, J., Myers, a.c., Qi, X., analysis and monitoring for
Conference (May 2005), 372–382. server partitioning. in Proceedings
vikram, k., zheng, l., zheng, X. secure neutralizing sQl-injection attacks.
17. nystrom, n., clarkson, M. r., Myers, of the 16th International World Wide
web applications via automatic in Proceedings of the International
a.c. Polyglot: an extensible compiler Web Conference ( WWW’07) (2007),
partitioning. in Proceedings of the 21st Conference on Automated Software
framework for Java. in Proceedings 341–350.
ACM Symposium on Operating System Engineering (ASE’05) (november
of the 12th International Compiler
25. zdancewic, s., zheng, l., nystrom,
Principles (SOSP) (october 2007). 2005), 174–183.
Construction Conference (CC’03) n., Myers, a.c. secure program
4. chong, s., Myers, a.c. decentralized 10. huang, y.-W., yu, f., hang, c., tsai, c.-
(april 2003), lncs 2622, 138–152. partitioning. ACM Trans. Comput.
robustness. in Proceedings of h., lee, d.-t., kuo, s.-y. securing web
18. PhP: hypertext processor. http:// Syst. 20, 3 (aug. 2002), 283–328.
the 19th IEEE Computer Security application code by static analysis and
www.php.net. 26. zheng, l., chong, s., Myers, a.c.,
Foundations Workshop (July 2006), runtime protection. in Proceedings
19. serrano, M., gallesio, e., loitsch, zdancewic, s. Using replication and
242–253. of the 13th International World Wide
f. hoP, a language for programming partitioning to build secure distributed
5. cooper, e., lindley, s., Wadler, P., Web Conference ( WW W’04) (May
the Web 2.0. in Proceedings of the systems. in Proceedings of the IEEE
yallop, J. links: Web programming 2004), 40–52.
1st Dynamic Languages Symposium Symposium on Security and Privacy
without tiers. in Proceedings of the
11. hunt, g.c., scott, M.l. the coign
(october 2006), 975–985. (oakland, california, May 2003),
5th International Symposium on automatic distributed partitioning
20. symantec internet security 236–250.
Formal Methods for Components and system. in OSDI ’99: Proceedings
Objects (november 2006). of the 3rd Symposium on Operating
C6A. CfMlanalgianf,
ed.tJiamvaeScrmipet:m Thehalf page aSdy:stLem ays D oeustign 1and I9m/pl4em /0en8tatio4n :04 PM Page 1
Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng,
and Xin Zheng ({schong,liujed,andru, qixin,kvikram,zlt,xinz}@ cs.cornell.edu),
Definitive Guide, 4th edition. o’reilly, (1999), 187–200.
department of computer science cornell University.
2002. 12. Jovanovic, n., kruegel, c., kirda,
7. fournet, c., rezk, t. cryptographically e. Pixy: a static analysis tool © 2009 acM 0001-0782/09/0200 $5.00
Take Advantage of
ACM’s Lifetime Membership Plan!
◆
ACM Professional Members can enjoy the convenience of making a single payment for their
entire tenure as an ACM Member, and also be protected from future price increases by
taking advantage of ACM's Lifetime Membership option.
◆
ACM Lifetime Membership dues may be tax deductible under certain circumstances, so
becoming a Lifetime Member can have additional advantages if you act before the end of
2008. (Please consult with your tax advisor.)
◆
Lifetime Members receive a certificate of recognition suitable for framing, and enjoy all of
the benefits of ACM Professional Membership.
Learn more and apply at:
http://www.acm.org/life
febrUary 2009 | vol. 52 | no. 2 | CommunICatIons of the aCm
87
