-
Notifications
You must be signed in to change notification settings - Fork 1
/
reading_list.bib
70 lines (64 loc) · 2.92 KB
/
reading_list.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
@book{benjaminpierce2002,
author = {Benjamin Pierce},
title = {Types and Programming Languages},
publisher = {The MIT Press},
year = {2002}
}
@techreport{msftttmr2012,
author = {Livshits, Ben},
title = {Dynamic Taint Tracking in Managed Runtimes},
year = {2012},
month = {November},
abstract = {
This paper provides a taxonomy of runtime taint tracking approaches for managed code, such as code written in Java, C#, PHP, Perl, or Ruby. It covers main applications of data tainting such as preventing web application vulnerabilities including cross-site scripting and SQL injection attacks, along with disallowing privacy-sensitive data leaks. In addition to giving an overview of related literature from the last decade, this paper provides guidance and describes the trade-offs of different instrumentation approaches. Lastly, we provide a list of open problems whose solutions would aid practical adaption of runtime tainting on a wider scale.
},
publisher = {Microsoft Research},
url = {https://www.microsoft.com/en-us/research/publication/dynamic-taint-tracking-in-managed-runtimes/},
}
% Ref'd from Ranjit Jhala's Language-Integrated Verification talk
@article{sadowski2018lessons,
title = "Lessons from Building Static Analysis Tools at Google",
author = "SADOWSKI, CAITLIN and AFTANDILIAN, EDWARD and EAGLE, ALEX and MILLER-CUSHON, LIAM and JASPAN, CIERA",
journal = "Communigcations of the ACM",
volume = "61",
number = "4",
year = "2018"
}
@phdthesis{nelson1980,
author = "Nelson, Charles Gregory",
title = "Techniques for Program Verification",
year = "1980",
note = "AAI8011683",
publisher = "Stanford University",
address = "Stanford, CA, USA",
}
@inproceedings{Abadi:1999:CCD:292540.292555,
author = {Abadi, Mart\'{\i}n and Banerjee, Anindya and Heintze, Nevin and Riecke, Jon G.},
title = {A Core Calculus of Dependency},
booktitle = {Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
series = {POPL '99},
year = {1999},
isbn = {1-58113-095-3},
location = {San Antonio, Texas, USA},
pages = {147--160},
numpages = {14},
url = {http://doi.acm.org/10.1145/292540.292555},
doi = {10.1145/292540.292555},
acmid = {292555},
publisher = {ACM},
address = {New York, NY, USA},
}
@inproceedings{heintze1998slam,
title={The SLam calculus: programming with secrecy and integrity},
author={Heintze, Nevin and Riecke, Jon G},
booktitle={Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages},
pages={365--377},
year={1998},
organization={ACM}
}
@MISC{Sumii02logicalrelations,
author = {Eijiro Sumii and Benjamin C. Pierce},
title = {Logical Relations for Encryption},
year = {2002}
}
% + https://www.joachim-breitner.de/blog/734-Finding_bugs_in_Haskell_code_by_proving_it