References

[Aleph One 96] Aleph One. Smashing The Stack For Fun And Profit (Phrack 49, Volume Seven, Issue Forty-Nine File 14 of 16). http://www.phrack.org/phrack/49/P49-14 (1996).

[Alexander 03] Alexander, I. “Misuse Cases: Use Cases with Hostile Intent.” IEEE Software 20, 1 (January/February 2003): 58-66.

[Alhazmi 05] Alhazmi, O.; Malaiya, Y. K.; and Ray, I. K. Security Vulnerabilities in Software Systems: A Quantitative Perspective (Technical Report, CS T&R, AMR05). Fort Collins, CO: Computer Science Department, Colorado State University, 2005.

[Allen 01] Allen, Julia H. The CERT Guide to System and Network Security Practices. Boston, MA: Addison-Wesley, 2001 (ISBN 0-201-73723-X).

[Andersen 04] Andersen, et al. “Preliminary System Dynamics Maps of the Insider Cyber-threat Problem.” Proceedings of the 22nd International Conference of the System Dynamics Society. Oxford, England, July 25-29, 2004. Albany, NY: System Dynamics Society, 2004. http://www.cert.org/archive/pdf/InsiderThreatSystemDynamics.pdf.

[Anisimov 2005] Anisimov, Alexander. Defeating Microsoft Windows XP SP2 Heap Protection and DEP Bypass. http://www.maxpatrol.com/ptmshorp.asp (2005).

[ANSI 89] American National Standards Institute. American National Standard for Information Systems—Programming Language C (X3.159-1989). Washington, D.C., 1989.

[Antill 04] Antill, James. Vstr documentation -- overview. http://www.and.org/vstr.

[AusCERT 04] Australian Computer Emergency Response Team. 2004 Australian Computer Crime and Security Survey. http://www.auscert.org.au/render.html?it=2001 (2004).

[Baratloo 00] Baratloo, A.; Singh, N.; and Tsai, T. “Transparent Run-Time Defense Against Stack Smashing Attacks,” 251-262. Proceedings of 2000 USENIX Annual Technical Conference. San Diego, CA, June 18-23, 2000. Berkeley, CA: USENIX Association, 2000.

[Bass 03] Bass, Len; Clements, Paul; and Kazman, Rick. Software Architecture in Practice, Second Edition. Boston, MA: Addison-Wesley, 2003 (ISBN 0-321-15495-9).

[Behrends 04] Behrends, R.; Stirewalt, R.; and Dillon, L. “Avoiding Serialization Vulnerabilities through the Use of Synchronization Contracts,” 207-219. Workshops at the 19th International Conference of Automated Software Engineering. Linz, Austria, September 20-24, 2004. Vienna, Austria: Österreichische Computer Gesellschaft, 2004.

[Bergin 96] Bergin, Thomas J. and Gibson, Richard G., eds. History of Programming Languages II. New York, NY/Reading, MA: ACM Press/Addison-Wesley, 1996 (ISBN 0-201-89502-1).

[Berinato 04] Berinato, Scott. The Future of Security. http://www.cio.com.au/index.php/id;1039367795;fp;512;fpid;6 (2004).

[Bishop 96] Bishop, M. and Dilger, M. “Checking for Race Conditions in File Accesses.” Computing Systems 9, 2 (Spring 1996): 131-152.

[blexim 02] blexim. Basic Integer Overflows (Phrack, Volume 0x0b, Issue 0x3c, Phile #0x0a of 0x10). http://www.phrack.org/phrack/60/p60-0x0a.txt (2002).

[Bouchareine 05] Bouchareine, Pascal. __atexit in memory bugs - specific proof of concept with statically linked binaries and heap overflows. http://www.zone-h.org/files/32/heap_atexit.txt (2005).

[Bourque 05] Bourque, Pierre and Dupuis, Robert. Guide to the Software Engineering Body of Knowledge. Los Alamitos, CA: IEEE Computer Society, 2005 (ISBN 0-7695-2330-7). http://www.swebok.org/ironman/pdf/SWEBOK_Guide_2004.pdf.

[Bulba 00] Bulba and Kil3r. Bypassing StackGuard and StackShiel (Prack, Volume 0xa Issue 0x38 05.01.2000 0x05 [0x10]). http://www.phrack.org/phrack/56/p56-0x05 (2000).

[Cesare 00] Cesare, Silvio. Shared Library Call Redirection via ELF PLT Infection (Phrack Magazine, Volume 0xa, Issue 0x38, 05.01.2000, 0x07 [0x10]). http://www.phrack.org/phrack/56/p56-0x07 (2000).

[Charney 03] Charney, Scott. Prepared Testimony of Scott Charney, Chief Trustworthy Computing Strategist, Microsoft Corporation, Before the Subcommittee on Commerce, Trade and Consumer Protection House Committee on Energy and Commerce. U.S. House of Representatives, November 19, 2003. Hearing on "Cybersecurity & Consumer Data: What's at Risk for the Consumer?" http://www.microsoft.com/presspass/exec/charney/11-19testimony.asp (2003).

[Chen 04] Chen, P.; Dean, M.; Ojoko-Adams, D.; Osman, H.; Lopez, L.; Xie, N.; and Mead, N. Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System (CMU/SEI-2004-SR-015, ADA431068). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004. http://www.sei.cmu.edu/publications/documents/04.reports/04sr015.html.

[Chess 02] Chess. Brian. “Improving Computer Security using Extended Static Checking,” 160-173. Proceedings of the IEEE Symposium on Security and Privacy, 2002. Berkeley, CA, May 12-15, 2002. Los Alamitos, CA: IEEE Computer Society, 2002.

[Conover 99] Conover, Matt. w00w00 on Heap Overflows. http://www.w00w00.org/files/articles/heaptut.txt (1999).

[Cowan 98] Cowan, C.; Pu, C.: Maier, D.; Hinton, H.; Walpole, J.; Bakke, P.; Beattie, S.; Grier, A.; Wagle, P.; and Zhang, Q. “Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks,” 63-77. Proceedings of the Seventh USENIX Security Symposium. San Antonio, TX, January 26-29, 1998. Berkeley, CA: USENIX Association, 1998.

[Cowan 00] Cowan, Crispin; Wagle, Perry; Pu, Calton; Beattie, Steve; and Walpole, Jonathan. “Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade,” 119-129. Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX’00). Hilton Head Island, SC, January 25-27, 2000. Los Alamitos, CA: IEEE Computing Society, 2000.

[Cowan 01a] Cowan, Crispin; Barringer, Matt; Beattie, Steve; Kroah-Hartman, Greg; Frantzen, Mike; and Lokier, Jamie. “FormatGuard: Automatic Protection From printf Format String Vulnerabilities,” 191-199. Proceedings of the Tenth USENIX Security Symposium. Washington, D.C., August 13-17, 2001. Berkeley, CA: USENIX Association, 2001.

[Cowan 01b] Cowan, C.; Beattie, S.; Wright, C.; and Kroah-Hartman, G. “RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities,” 165-172. Proceedings of the 10th USENIX Security Symposium. Washington, D.C., August 13-17, 2001. Berkeley, CA: USENIX Association, 2001.

[Cox 86] Cox, Brad J. and Novobilski, Andrew J. Object-Oriented Programming: An Evolutionary Approach. Reading, MA: Addison-Wesley, 1986 (ISBN 0-201-10393-1).

[CSIS 98] CSIS Global Organized Crime Project and Center for Strategic and International Studies. Cybercrime... Cyberterrorism... Cyberwarfare... : Averting An Electronic Waterloo (CSIS Task Force Report). Washington, D.C.: CSIS Press, 1998 (ISBN 0-89206-295-9).

[Davis 03] Davis, Noopur and Mullaney, Julia, The Team Software ProcessSM (TSPSM) in Practice: A Summary of Recent Results (CMU/SEI-2003-TR-014, ADA418430). Pittsburgh PA: Software Engineering Institute, Carnegie Mellon University, 2003. http://www.sei.cmu.edu/publications/documents/03.reports/03tr014.html.

[de Kere 03] de Kere, Craven. 'MSBlast' / LovSan Write up. http://www.able2know.com/forums/about10489.html (2003).

[DeKok 00] DeKok, Alan. PScan: A limited problem scanner for C source files. http://www.striker.ottawa.on.ca/~aland/pscan (2000).

[Denning 00] Denning, Dorothy E. Cyberterrorism. http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc (2000).

[Dewhurst 03] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley, 2003 (ISBN: 0-321-12518-5).

[Dijkstra 65] Dijkstra, Edsgar W. Cooperating Sequential Processes. Eindhoven, Netherlands: Techniche Hogeschool, 1965. (Reprinted in Genuys, ed. Pages 43-112. Programming Languages. New York, NY: Academic Press, 1968.

[DoD 03] Department of Defense. Annual Report on the Military Power of the People’s Republic of China. http://www.defenselink.mil/pubs/20030730chinaex.pdf (2003).

[Drepper 04] Drepper, Ulrich. Security Enhancements in Red Hat Enterprise Linux (beside SELinux). http://people.redhat.com/drepper/nonselsec.pdf (2004).

[E-Crime 04] 2004 E-Crime Watch Survey™ Summary of Findings. http://www.cert.org/archive/pdf/2004eCrimeWatchSummary.pdf.

[Ellis 90] Ellis, Margaret A. and Stroustrup, Bjarne. The Annotated C++ Reference Manual. Reading, MA: Addison-Wesley, 1990 (ISBN 0-201-51459-1).

[Engler 03] Engler, D. and Ashcraft, K. “RacerX: Effective, Static Detection of Race Conditions and Deadlocks,” 237-252. Proceedings of the Nineteenth ACM Symposium on Operating System Principles (SOSP’03). Bolton Landing (Lake George), NY, October 19-22, 2003. New York, NY: Association for Computing Machinery, 2003.

[Etoh 00] Etoh, Hiroaki and Yoda, K. Protecting from stack-smashing attacks. http://www.research.ibm.com/trl/projects/security/ssp/main.html (2004).

[Evans 98] Evans, Chris. Nasty security hole in “lprm” (Bugtraq Archive). http://www.securityfocus.com/archive/1/9023 (1998).

[Firesmith 03] Firesmith, D. G., “Security Use Cases.” Journal of Object Technology 2, 3 (May/June 2003): 53-64. http://www.jot.fm/issues/issue_2003_05/column6.

[Fithen 04] Fithen, W. L.; Hernan, S. V.; O'Rourke, P. F.; and Shinberg, D. A. “Formal modeling of vulnerability.” Bell Labs Technical Journal 8, 4 (2004): 173 - 186.

[Forrester 00] Forrester, Justin E. and Miller, Barton P. “An Empirical Study of the Robustness of Windows NT Applications Using Random Testing,” 59-68. Proceedings of the 4th USENIX Windows System Symposium. Seattle, WA, August 3-4, 2000. Berkeley, CA: USENIX Association, 2000. ftp://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz-nt.pdf.

[FSF 04a] Free Software Foundation. GCC online documentation. http://gcc.gnu.org/onlinedocs (2004).

[FSF 04b] Free Software Foundation. Checker. http://www.gnu.org/software/checker/checker.html (2004).

[Gehani 89] Gehani, N. H. and Roome, W. D. Concurrent C. Summit, NJ: Silicon Press, 1989 (ISBN 0-929-30600-7).

[gera 02] gera and riq. Advances in format string exploitation (Phrack, 0x0b, Issue 0x3b, Phile #0x07 of 0x12). http://www.phrack.org/phrack/59/p59-0x07.txt (2002).

[Graff 03] Graff, Mark G. and van Wyk, Kenneth R. Secure Coding Principles & Practices: Desigining and Implementing Secure Applications. Sebastopol, CA: O’Reilly & Associates, 2003 (ISBN 0-596-00242-4).

[Hildreth 01] Hildreth, Steven A. Cyberwarfare. http://www.fas.org/irp/crs/RL30735.pdf (2001).

[Hoogstraten 03] Van Hoogstraten, John. SANS Malware FAQ: What is W32/Blaster worm? http://www.sans.org/resources/malwarefaq/w32_blasterworm.php.

[Horovitz 02] Horovitz, Oded. Big Loop Integer Protection (Phrack, Volume 0x0b, Issue 0x3c, Phile #0x09 of 0x10). http://www.phrack.org/phrack/60/p60-0x09.txt (2002).

[Howard 97] Howard, John D. “An Analysis of Security Incidents on the Internet 1989 - 1995.” Ph.D. Dissertation, Engineering and Public Policy, Carnegie Mellon University, 1997. http://www.cert.org/research/JHThesis/Start.html.

[Howard 03a] Howard, Michael. Reviewing Code for Integer Manipulation Vulnerabilities. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure04102003.asp (2003).

[Howard 03b] Howard, Michael. An Overlooked Construct and an Integer Overflow Redux. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure09112003.asp (2003).

[Howard 03c] Howard, M. and LeBlanc, D. Writing Secure Code, Second Edition. Redmond, WA: Microsoft Press, 2003 (ISBN: 0-735-61722-8).

[Humphrey 02] Humphrey, Watts S. Winning with Software: An Executive Strategy. Boston, MA: Addison-Wesley, 2002 (ISBN 0-201-77639-1).

[IBM 04] IBM. Rational PurifyPlus. http://www-306.ibm.com/software/awdtools/purifyplus (2004).

[IEEE 04] The IEEE and The Open Group. The Open Group Base Specifications Issue 6: IEEE Std 1003.1, 2004 Edition, 2004.

[Intel 04] Intel Corporation. IA-32 Intel® Architecture Software Developer’s Manuals. http://developer.intel.com/design/pentium4/manuals/index_new.htm (2004).

[Internet Society 00] The Internet Society. Internet Security Glossary (RFC 2828). ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt (2000).

[ISO/IEC 98] Joint Technical Committee ISO/IEC JTCI; International Organization for Standardization; and International Electrotechnical Commission. Programming languages — C++. Geneva, Switzerland: ISO/IEC, 1998.

[ISO/IEC 99] ISO/IEC. INCITS/ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.

[ISO/IEC 04] ISO/IEC. ISO/IEC WDTR 24731. Specification for Secure C Library Functions, 2004.

[Jim 02] Jim, T.; Morrisett, G.; Grossman, D.; Hicks, M.; Cheney, J.; and Wang, Y. “Cyclone: A Safe Dialect of C,” 275-288. Proceedings of the General Track. 2002 USENIX Annual Technical Conference. Monterey, CA, June 10-15, 2002. Berkeley, CA: USENIX Association, 2002. http://www.usenix.org/publications/library/proceedings/usenix02/full_papers/jim/jim.pdf.

[Johnson 73] Johnson, S. C. and Kernighan, B. W. The Programming Language B (Computing Science Technical Report No. 8). Murray Hill, NJ: Bell Labs, 1973.

[Jones 97] Jones, Richard W. M. and Kelley, Paul H. J. “Backwards-compatible bounds checking for arrays and pointers in C programs,” 13-26. Proceedings of the Third International Workshop on Automatic Debugging (AADEBUG’97). Linkoping, Sweden, May 26-27, 1997. Linkoping, Sweden: Linkopings Universitet, 1997.

[Kaempf 01] Kaempf, Michel “MaXX.” Vudo - An object superstitiously believed to embody magical powers (Phrack, Volume 0x0b, Issue 0x39, Phile #0x08 of 0x12). http://www.phrack.org/phrack/57/p57-0x08 (2001).

[Kamp 98] Kamp, Poul-Henning. “Malloc(3) revisited,” 193-198. USENIX 1998 Annual Technical Conference: Invited Talks and Freenix Track. New Orleans, LA, June 15-19, 1998. Berkeley, CA: USENIX Association, 1998.

[Kath 93] Kath, Randy. Managing Virtual Memory in Win32. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dngenlib/html/msdn_virtmm.asp (1993).

[Kernighan 78] Kernighan, Brian W. and Ritchie, Dennis M. The C Programming Language. Englewood Cliffs, NJ: Prentice-Hall, 1978 (ISBN 0-131-10163-3).

[Kernighan 88] Kernighan, Brian W. and Ritchie, Dennis M. The C Programming Language, Second Edition. Englewood Cliffs, NJ: Prentice-Hall, 1988 (ISBN 0-131-10370-9).

[Kerr 04] Kerr, Kathryn. Putting cyberterrorism into context. http://www.auscert.org.au/render.html?it=3552 (2004).

[Kirwan 04] Kirwan, Mary. The quest for secure code. http://www.globetechnology.com/servlet/story/RTGAM.20041001.gtkirwanoct1/BNStory/Technology (2004).

[Knuth 97] Knuth, D. E. Ch. 2, “Information Structures,” 438–442. Art of Computer Programming, Volume 1: Fundamental Algorithms, Third Edition. Reading, MA: Addison-Wesley, 1997 (ISBN 0-201-89683-4).

[Lea 00] Lea, Doug. A Memory Allocator. http://gee.cs.oswego.edu/dl/html/malloc.html (2000).

[LeBlanc 04] LeBlanc, David. Integer Handling with the C++ SafeInt Class. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure01142004.asp (2004).

[Lemos 04] Lemos, Robert. MSBlast epidemic far larger than believed. http://news.com.com/2100-7349_3-5184439.html (2004).

[Liang 03] Liang, Z.; Venkatakrishnan, V. N.; and Sekar, R. “Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs,” 182-191. Proceedings of the 19th Annual Computer Security Applications Conference. Las Vegas, NV, December 8-12, 2003. Los Alamitos, CA: IEEE Computer Society, 2003.

[Lipner 05] Lipner, Steve and Howard, Michael. “The Trustworthy Computing Security Development Lifecycle,” 2-13. Proceedings of 20th Annual Computer Security Applications Conference. Tucson, AZ, December 6-10, 2004. Los Alamitos, CA: IEE Computer Society, 2004. http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/sdl.asp (updated 2005).

[Litchfield 03a] Litchfield, David. Variations in Exploit methods between Linux and Windows. http://www.nextgenss.com/papers/exploitvariation.pdf (2003).

[Litchfield 03b] Litchfield, David. Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server. http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf (2003).

[McAndrews 00] McAndrews, Donald. The Team Software ProcessSM (TSPSM): An Overview and Preliminary Results of Using Disciplined Practices (CMU/SEI-2000-TR-015, ADA387260). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2000. http://www.sei.cmu.edu/publications/documents/00.reports/00tr015.html.

[McDermott 99] McDermott, J. and Fox, C. “Using Abuse Case Models for Security Requirements Analysis,” 55-64. Proceedings 15th Annual Computer Security Applications Conference. Scottsdale, AZ, December 6-10, 1999. Los Alamitos, CA: IEEE Computer Society Press, 1999.

[McDermott 01] McDermott, J. “Abuse-Case-Based Assurance Arguments,” 366-374. Proceedings of the 17th Annual Computer Security Applications Conference. New Orleans, LA, December 10-14, 2001. Los Alamitos, CA: IEEE Computer Society Press, 2001.

[Meier 03] Meier, J. D.; Mackman, Alex; Vasireddy, Srinath; Escamilla, Ray; and Murukan, Anandha. Improving Web Application Security Threats and Countermeasures. http://msdn.microsoft.com/security/securecode/threatmodeling/default.aspx?pull=/library/en-us/dnnetsec/html/thcmch03.asp (2003).

[Messier 03] Messier, Matt and Viega, John. Safe C String Library v1.0.3 (January 30, 2005). http://www.zork.org/safestr.

[Meyer 88] Meyer, B. Object-Oriented Software Construction. New York, NY: Prentice-Hall, 1988 (ISBN 0-136-29049-3).

[Meyers 92] Meyers, Scott. Effective C++: 50 Specific Ways to Improve Your Programs and Designs. Reading, MA: Addison-Wesley, 1992 (ISBN 0-201-92488-9).

[Meyers 04] Meyers, Randy. Security TR Editor’s Report (December 1, 2004). http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1089.pdf (2004).

[Miller 99] Miller, T. C. and de Raadt, T. "strlcpy and strlcat---Consistent, Safe, String Copy and Concatenation," 175-178. Proceedings of the FREENIX Track. 1999 USENIX Annual Technical Conference. Monterey, CA, June 6-11, 1999. Berkeley, CA: USENIX Association, 1999. http://www.usenix.org/publications/library/proceedings/usenix99/full_papers/millert/millert.pdf.

[Nelson 91] Nelson, G. Systems Programming with Modula-3. Englewood Cliffs, NJ: Prentice-Hall, 1991 (ISBN 0-135-90464-1).

[Netzer 90] Netzer, R. and Miller, B. “On the Complexity of Event Ordering for Shared-Memory Parallel Program Executions,” 93-97. Proceedings of the 1990 International Conference on Parallel Processing. Pennsylvania State University, University Park, PA, August 13-17, 1990. University Park, PA: Pennsylvania State University Press, 1990.

[NIST 02] National Institute of Standards and Technology. Software Errors Cost U.S. Economy $59.5 Billion Annually (NIST 2002-10). http://www.nist.gov/public_affairs/releases/n02-10.htm (2002).

[Nowak 04] Nowak, Tomasz. Functions for Microsoft Windows NT/2000. http://undocumented.ntinternals.net (2004).

[Parasoft 04] Parasoft. Automating C/C++ Application Testing with Parasoft Insure++ (Insure++ Technical Papers). http://www.parasoft.com/jsp/smallbusiness/tool_description.jsp?product=Insure (2004).

[Pethia 03a] Pethia, Richard D. Cyber Security - Growing Risk from Growing Vulnerability. Testimony Before the House Select Committee on Homeland Security Subcommittee on Cybersecurity, Science, and Research and Development. Hearing on Overview of the Cyber Problem - A Nation Dependent and Dealing with Risk. http://www.cert.org/congressional_testimony/Pethia_testimony_06-25-03.html (2003).

[Pethia 03b] Pethia, Richard D. Viruses and Worms: What Can We Do About Them? Testimony Before the House Committee on Technology, Information Policy, Intergovernmental Relations and the Census. Hearing on Worm and Virus Defense: How Can We Protect the Nation’s Computers From These Threats? http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003 (2003).

[Pfenning 04] Pfenning, Frank. Lectures Notes on Type Safety. 15-312: Foundations of Programming Languages, Lecture 6. September 16, 2004. http://www-2.cs.cmu.edu/~fp/courses/312/handouts/06-safety.pdf (2004).

[Pietrek 02] Pietrek, Matt. “Inside Windows: An In-Depth Look Into the Win32 Portable Executable File Format.” MSDN Magazine 17, 2 (February 2002): 80-90. http://msdn.microsoft.com/msdnmag/issues/02/02/PE/default.aspx (2002).

[Pincus 02] Pincus, Jon. Infrastructure for Correctness Tools (PowerPoint presentation). http://research.microsoft.com/users/jpincus/uwmsrsi00.ppt.

[Pincus 04] Pincus, Jonathan and Baker, Brandon. “Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns.” IEEE Security & Privacy 2, 4 (July/August 2004): 20-27.

[Pozniansky 03] Pozniansky, E. and Schuster, A. “Efficient On-the-Fly Race Detection in Multithreaded C++ Programs,” 179-190. Proceeding of the Ninth ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. San Diego, CA, June 11-13, 2003. New York, NY: Association for Computing Machinery, 2003.

[Provos 03a] Provos, N.; Friedl, M.; and Honeyman, P. “Preventing Privilege Escalation,” 231-242. Proceedings of the 12th USENIX Security Symposium. Washington, D.C., August 4-8, 2003. Berkeley, CA: USENIX Association, 2003.

[Provos 03b] Provos, N. “Improving Host Security with System Call Policies,” 257-272. Proceedings of the 12th USENIX Security Symposium. Washington, D.C., August 4-8, 2003. Berkeley, CA: USENIX Association, 2003.

[Purczynski 02] Purczynski, W. GNU fileutils - recursive directory removal race condition (Bugtraq Archive). http://www.securityfocus.com/archive/1/260936 (2002).

[Randazzo 04] Randazzo, Marisa Reddy; Keeney, Michelle; Cappelli, Dawn; Moore, Andrew; and Kowalski, Eileen. Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. http://www.secretservice.gov/ntac/its_report_040820.pdf (2004).

[Richards 79] Richards, Martin and Whitby-Strevens, Colin. BCPL: The Language and Its Compiler. New York, NY: Cambridge University Press, 1979 (0-521-21965-5).

[Richarte 02] Richarte, Gerardo. Four different tricks to bypass StackShield and StackGuard protection. http://www.coresecurity.com/files/files/11/StackguardPaper.pdf (2002).

[Richter 99] Richter, Jeffrey. Programming Applications for Microsoft, Fourth Edition. Redmond, WA: Microsoft Press, 1999 (ISBN 1-572-31996-8).

[Rivas 01] Rivas, Juan M. Bello. Overwriting the .dtors section. http://synnergy.net/downloads/papers/dtors.txt (2001).

[rix 00] rix. Smashing C++ Vptrs (Phrack Magazine, Volume 0xa, Issue 0x38, 05.01.2000, 0x08 [0x10]). http://www.phrack.org/phrack/56/p56-0x08 (2000).

[Robertson 03] Robertson, William; Kruegel, Christopher; Mutz, Darren; and Valeur, Fredrik. “Run-time Detection of Heap-based Overflows,” 51-60. Proceedings of the 17th Large Installation Systems Administration Conference. San Diego, CA, October 26–31, 2003. Berkeley, CA: USENIX Association, 2003.

[Rochkind 04] Rochkind, M. Advanced UNIX Programming, Second Edition. Boston, MA: Addison-Wesley, 2004 (ISBN: 0-131-41154-3).

[Rogers 98] Rogers, Lawrence. R. rlogin(1): The Untold Story (CMU/SEI-98-TR-017 ADA358797). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1998. http://www.sei.cmu.edu/publications/documents/98.reports/98tr017/98tr017abstract.html.

[Ruwase 04] Ruwase, Olatunji and Lam, M. S. “A Practical Dynamic Buffer Overflow Detector,” 159-169. Proceedings of the 11th Annual Network and Distributed System Security Symposium. San Diego, CA, February 5-6 2004. Reston, VA: Internet Society, 2004. http://suif.stanford.edu/papers/tunji04.pdf.

[Saltzer 74] Saltzer, J. H. “Protection and the Control of Information Sharing in Multics.” Communications of the ACM 17, 7 (July 1974): 388-402.

[Saltzer 75] Saltzer, Jerome H. and Schroeder, Michael D. “The protection of information in computer systems.” Proceedings of the IEEE 63, 9 (September 1975): 1278-1308.

[Savage 97] Savage, S.; Burrows, M.; Nelson, G.; Sobalvarro, P.; and Anderson, T. “Eraser: A Dynamic Data Race Detector for Multi-Threader Programs.” ACM Transactions on Computer Systems 15, 4 (November 1997): 391-411.

[Schneier 04] Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. Indianapolis, IN: Wiley, 2004 (ISBN 0-471-45380-3).

[Scut 01] Scut/Team Teso. Exploiting Format String Vulnerabilities. http://www.mindsec.com/files/formatstring-1.2.pdf (2001).

[Shankar 01] Shankar, Umesh; Talwar, Kunal; Foster, Jeffrey S.; and Wagner, David. “Detecting Format String Vulnerabilities with Type Qualifiers,” 201–218. Proceedings of the 10th USENIX Security Symposium. Washington, D.C., August 13-17, 2001. Berkeley, CA: USENIX Association, 2001.

[Shiflet 02] Shiflet, Angela B. Error Integer Arithmetic: Signed-Magnitude Representation. http://wofford.info/ecs/ScientificProgramming/Error/IntegerArithmetic/material.htm (2002)

[Sindre 00] Sindre, G. and Opdahl, A. “Eliciting Security Requirements by Misuse Cases,” 120-130. Proceedings of TOOLS Pacific 2000. Sydney, Australia, November 20-23, 2000. Los Alamitos, CA: IEEE Computer Society Press, 2000.

[Sindre 02] Sindre, G.; Opdahl, S.; and Brevik, G. “Generalization/Specialization as a Structuring Mechanism for Misuse Cases” (CD-ROM). Proceedings of the Second Symposium on Requirements Engineering for Information Security (SREIS 2002). Raleigh, NC, October 16, 2002. Lafayette, IN: CERIAS, Purdue University, 2002.

[Sindre 03] Sindre, Guttorm; Firesmith, Donald G.; and Opdahl, Andreas L. "A Reuse-Based Approach to Determining Security Requirements," 127-136. Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03). Klagenfurt/Velden, Austria, June 16-17, 2003. Essen, Germany: Essener Informatik Beitrage, 2003.

[Smashing 05] BSD Heap Smashing. http://thc.org/root/docs/exploit_writing/BSD-heap-smashing.txt (2005).

[Solar Designer 00] Solar Designer. JPEG COM Marker Processing Vulnerability in Netscape Browsers. http://www.openwall.com/advisories/OW-002-netscape-jpeg.txt (2000).

[Soo Hoo 01] Soo Hoo, K.; Sudbury, J. W.; and Jaquith, J. R. "Tangible ROI Through Secure Software Engineering." Secure Business Quarterly 1, 2 (4th Quarter 2001): 1-3.

[Stein 01] Stein, Lincoln D. Network Programming with Perl. Reading, MA: Addison-Wesley, 2001 (0-201-61571-1).

[Sterling 93] Sterling, N. “WARLOCK: A Static Data Race Analysis Tool,” 97-106. Proceedings of the USENIX Invited Talks: Winter 1993 Technical Conference. San Diego, CA, January 25-29, 1993. San Diego, CA: USENIX Association, 1993.

[Stroustrup 86] Stroustrup, Bjarne. The C++ Programming Language. Reading, MA: Addison-Wesley, 1986 (ISBN 0-201-12078-X).

[Stroustrup 97] Stroustrup, Bjarne. The C++ Programming Language, Third Edition. Bjarne. Reading, MA: Addison-Wesley, 1997 (ISBN 0-201-88954-4).

[Swiderski 04] Swiderski, Frank and Snyder, Window. Threat Modeling. Redmond, WA: Microsoft Press, 2004 (ISBN 0-735-61991-3).

[Thinking 90] Thinking Machines Corporation. Getting Started in C. Cambridge, MA: Thinking Machines Corporation, 1990.

[Thomas 02] Thomas, Douglas. Cyber Terrorism and Critical Infrastructure Protection. Testimony Before the Committee on House Government Reform Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. July 24, 2002.

[TIS 95] Tool Interface Standard Committee. Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification, Version 1.2, 1995.

[Tsai 01] Tsai, Timothy and Singh, Navjot. Libsafe 2.0: Detection of Format String Vulnerability Exploits. Avaya Labs White Paper, February 6, 2001. http://www.research.avayalabs.com/project/libsafe/doc/whitepaper-20.pdf.

[Tsyrklevich 03] Tsyrklevich, E. and Yee, B. “Dynamic Detection and Prevention of Race Conditions in File Accesses,” 243-256. Proceedings of the 12th USENIX Security Symposium. Washington, D.C., August 4-8, 2003. Berkeley, CA: USENIX Association, 2003.

[Valgrind 04] Valgrind. Valgrind Latest News. http://valgrind.kde.org (2004).

[van de Ven 04] van de Ven, Arjan. New Security Enhancements in Red Hat Enterprise Linux v.3, update 3. http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf (2004).

[Viega 00] Viega, J.; Bloch, J. T.; Kohno, Y.; and McGraw, G. “ITS4: A Static Vulnerability Scanner for C and C++ Code,” 257-267. Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC’00). New Orleans, LA, December 11-15, 2000. Los Alamitos, CA: IEEE Computer Society Press, 2000. http://www.acsac.org/2000/papers/78.pdf.

[Viega 02] Viega, John and McGraw, Gary. Building Secure Software: How to Avoid Security Problems the Right Way. Boston, MA: Addison-Wesley, 2002 (ISBN 0-201-72152-X).

[Viega 03] Viega, John and Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN: 0-596-00394-3).

[Wagle 03] Wagle, Perry and Cowan, Crispin. “StackGuard: Simple Stack Smash Protection for GCC,” 243-256. Proceedings of the GCC Developers Summit. Ottawa, Ontario, Canada, May 25-27, 2003. http://zenii.linux.org.uk/~ajh/gcc/gccsummit-2003-proceedings.pdf.

[Wallnau 02] Wallnau, Kurt C.; Hissam, Scott; and Seacord, Robert C. Building Systems from Commercial Components. Boston, MA: Addison-Wesley, 2002 (ISBN 0-201-70064-6).

[Watson 04] Watson, Gray. Dmalloc - Debug Malloc Library. http://dmalloc.com (2004).

[Weaver 04] Weaver, Nicholas, and Paxson, Vern. “A Worst-Case Worm.” The Third Annual Workshop on Economics and Information Security (WEIS04). Minneapolis, MN, May 13-14, 2004. http://www.dtc.umn.edu/weis2004/weaver.pdf.

[Wheeler 03] Wheeler, D. Secure Programming for Linux and Unix HOWTO - Creating Secure Software. http://www.dwheeler.com/secure-programs (2003).

[Wheeler 04] Wheeler, David A. Secure programmer: Countering buffer overflows. http://www-106.ibm.com/developerworks/linux/library/l-sp4.html (2004).

[Wilander 02] Wilander, John. “Security Intrusions and Intrusion Prevention: Vulnerabiltiies in C and How to Prevent Exploitation.” Masters Thesis, Department of Computer and Information Science, Linkopings Universitest (Sweden), 2002. http://www.ida.liu.se/~johwi/msc_thesis/index.html.

[Wilander 03] Wilander, J. and Kamkar, M. “A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention,” 149-162. Proceedings of the 10th Network and Distributed System Security Symposium. San Diego, California, February 6-7, 2003. Reston, VA: Internet Society, 2003. http://www.ida.liu.se/~johwi/research_publications/paper_ndss2003_john_wilander.pdf.

[Wilson 95] Wilson, P. R.; Johnstone, M. S.; Neely, M.; and Boles, D. “Dynamic Storage Allocation: A Survey and Critical Review,” 1-16. Proceedings of the Memory Management. International Workshop IWMM 95. Kinross, United Kingdom, September 27-29, 1995. Berlin, Germany: Springer-Verlag, 1995.

[Wilson 03] Wilson, M. “Generalized String Manipulation: Access Shims and Type Tunneling.” C/C++ Users Journal 21, 8 (August 2003): 24, 26-27, 29-35. http://www.cuj.com/documents/s=8681/cuj0308wilson/.

[Wojtczuk 98] Wojtczuk, Rafal. Defeating Solar Designer non-executable stack patch (Bugtraq Archive). http://www.securityfocus.com/archive/1/8470 (1998).

[Xie 04] Xie, N.; Mead, N. R.; Chen, P.; Dean, M.; Lopez, L.; Ojoko-Adams, D.; and Osman, H. SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies (CMU/SEI-2004-TN-045, ADA431118). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004. http://www.sei.cmu.edu/publications/documents/04.reports/04tn045.html.

[Zalewski 98] Zalewski, M. /tmp event logger (repeated in Linux Weekly News). http://old.lwn.net/lwn/1998/0319/tmplogger.html (1998).

[Zalewski 02]  Zalewski, M. [RAZOR] Problems with mkstemp() (SecProg Archive) (2002).  http://www.securityfocus.com/archive/98/304208.