{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T21:24:45Z","timestamp":1725830685310},"publisher-location":"Cham","reference-count":70,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319241258"},{"type":"electronic","value":"9783319241265"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-24126-5_4","type":"book-chapter","created":{"date-parts":[[2015,9,24]],"date-time":"2015-09-24T04:09:59Z","timestamp":1443067799000},"page":"55-74","source":"Crossref","is-referenced-by-count":1,"title":["Designing for Attack Surfaces: Keep Your Friends Close, but Your Enemies Closer"],"prefix":"10.1007","author":[{"given":"Trent","family":"Jaeger","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinyang","family":"Ge","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Divya","family":"Muthukumaran","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sandra","family":"Rueda","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joshua","family":"Schiffman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hayawardh","family":"Vijayakumar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,11,13]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of CCS 2005. ACM (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Alur, R., Yannakakis, M.: Model checking of hierarchical state machines. ACM Trans. Program. Lang. Syst.\u00a023(3) (2001)","DOI":"10.1145\/503502.503503"},{"key":"4_CR3","unstructured":"Amazon. Amazon Web Services Security Center, \n                    \n                      http:\/\/aws.amazon.com"},{"issue":"7","key":"4_CR4","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MC.1983.1654439","volume":"16","author":"J. Ames","year":"1983","unstructured":"Ames, J., Gasser, S.R.M., Schell, R.R.: Security kernel design and implementation: An introduction. Computer\u00a016(7), 14\u201322 (1983)","journal-title":"Computer"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., et al.: Saner: Composing static and dynamic analysis to validate sanitization in web applications. In: Proceedings of the IEEE Symposium on Security and Privacy (2008)","DOI":"10.1109\/SP.2008.22"},{"key":"4_CR6","unstructured":"The Bastille hardening program: Increased security for your OS, \n                    \n                      http:\/\/bastille-linux.sourceforge.net"},{"key":"4_CR7","unstructured":"Biba, K.J.: Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153, MITRE (April 1977)"},{"key":"4_CR8","unstructured":"Boebert, W.E., Kain, R.Y.: A Practical Alternative to Hierarchical Integrity Policies. In: Proceedings of the 8th NCSC (1985)"},{"key":"4_CR9","doi-asserted-by":"crossref","unstructured":"Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: Exe: Automatically generating inputs of death. ACM Trans. Inf. Syst. Secur. 12(2) (2008)","DOI":"10.1145\/1455518.1455522"},{"key":"4_CR10","unstructured":"Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of OSDI 2006. USENIX Association (2006)"},{"key":"4_CR11","unstructured":"Chen, H., Li, N., Mao, Z.: Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems. In: Proceedings of NDSS 2009 (2009)"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Clark, D.D., Wilson, D.: A Comparison of Military and Commercial Security Policies. In: 1987 IEEE Symposium on Security and Privacy (May 1987)","DOI":"10.1109\/SP.1987.10001"},{"key":"4_CR13","unstructured":"Coker, G.: Xen Security Modules (XSM). \n                    \n                      http:\/\/www.xen.org\/files\/xensummit_4\/xsm-summit-041707_Coker.pdf"},{"key":"4_CR14","unstructured":"Cowan, C., et al.: Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symp. (1998)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Denning, D.: A Lattice Model of Secure Information Flow. Communications of the ACM 19(5) (1976)","DOI":"10.1145\/360051.360056"},{"key":"4_CR16","unstructured":"Eclipse. \n                    \n                      http:\/\/www.eclipse.org"},{"key":"4_CR17","unstructured":"Feng, H., et al.: Formalizing sensitivity in static analysis for intrusion detection. In: Proceeding of the 2004 IEEE Symposium on Security and Privacy (2004)"},{"key":"4_CR18","unstructured":"Fraser, T.: LOMAC: MAC you can live with. In: Proceedings of the FREENIX Track: USENIX Annual Technical Conference (June 2001)"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Guttman, J.D., Herzog, A.L., Ramsdell, J.D., Skorupka, C.W.: Verifying Information Flow Goals in Security-Enhanced Linux. Journal of Computer Security 13(1) (2005)","DOI":"10.3233\/JCS-2005-13105"},{"key":"4_CR20","unstructured":"Howard, M., Pincus, J., Wing, J.M.: Measuring Relative Attack Surfaces. In: Proceedings of Workshop on Advanced Developments in Software and Systems Security (2003)"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Jaeger, T., Butler, K., King, D.H., Hallyn, S., Latten, J., Zhang, X.: Leveraging IPsec for Mandatory Access Control Across Systems. In: Proceedings of SecureComm 2006 (August 2006)","DOI":"10.1109\/SECCOMW.2006.359530"},{"key":"4_CR22","unstructured":"Jaeger, T., Sailer, R., Zhang, X.: Analyzing integrity protection in the SELinux example policy. In: Proceedings of the 12th USENIX Security Symp. (August 2003)"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Karger, P., Zurko, M., Bonin, D., Mason, A., Kahn, C.: A retrospective on the VAX VMM security kernel. IEEE Trans. Softw. Eng. 17(11) (1991)","DOI":"10.1109\/32.106971"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"King, D., et al.: Automating security mediation placement. In: Proceedings of ESOP 2010, pp. 327\u2013344 (2010)","DOI":"10.1007\/978-3-642-11957-6_18"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Krohn, M.N., et al.: Information flow control for standard OS abstractions. In: Proceedings of the 21st ACM SOSP (October 2007)","DOI":"10.1145\/1294261.1294293"},{"key":"4_CR26","unstructured":"KVM: Kernel based virtual machine. \n                    \n                      http:\/\/www.linux-kvm.org"},{"key":"4_CR27","unstructured":"Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: Proceedings of the 10th USENIX Security Symposium (2001)"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Li, N., Mao, Z., Chen, H.: Usable Mandatory Integrity Protection For Operating Systems. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (May 2007)","DOI":"10.1109\/SP.2007.37"},{"key":"4_CR29","unstructured":"Linn, C.M., Rajagopalan, M., Baker, S., Collberg, C., Debray, S.K., Hartman, J.H.: Protecting against unexpected system calls. In: Proceedings of the 14th Conference on USENIX Security Symposium (2005)"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Lipner, S.B.: Non-discretionery controls for commercial applications. In: Proceedings of IEEE Symposium on Security and Privacy (1982)","DOI":"10.1109\/SP.1982.10022"},{"key":"4_CR31","unstructured":"Loscocco, P., et al.: The Inevitability of Failure: The Flawed Assumptions of Security Modern Computing Environments. In: Proceedings of the 21st National Information Systems Security Conference (1998)"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Manadhata, P., Tan, K., Maxion, R., Wing, J.M.: An Approach to Measuring A System\u2019s Attack Surface. Technical Report CMU-CS-07-146, School of Computer Science, Carnegie Mellon University (2007)","DOI":"10.21236\/ADA476977"},{"key":"4_CR33","unstructured":"McIlroy, D., Reeds, J.: Multilevel windows on a single-level terminal. In: Proceedings of the (First) USENIX Security Workshop (August 1988)"},{"key":"4_CR34","unstructured":"Microsoft. Prefast for drivers. \n                    \n                      http:\/\/www.microsoft.com\/whdc\/devtools\/tools\/prefast.mspx"},{"key":"4_CR35","unstructured":"Morris, J.: New secmark-based network controls for selinux. \n                    \n                      http:\/\/james-morris.livejournal.com\/11010.html"},{"key":"4_CR36","unstructured":"MSDN. Mandatory Integrity Control (Windows). \n                    \n                      http:\/\/msdn.microsoft.com\/en-us\/library\/bb648648%28VS.85%29.aspx"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Myers, A.C., Liskov, B.: A decentralized model for information flow control. ACM Operating Systems Review 31(5) (October 1997)","DOI":"10.1145\/269005.266669"},{"key":"4_CR38","unstructured":"Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow (July 2001-2003). \n                    \n                      http:\/\/www.cs.cornell.edu\/jif"},{"issue":"3","key":"4_CR39","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1007\/s10664-008-9062-z","volume":"13","author":"N. Nagappan","year":"2008","unstructured":"Nagappan, N., Maximilien, E.M., Bhat, T., Williams, L.: Realizing quality improvement through test driven development: results and experiences of four industrial teams. Empirical Softw. Engg.\u00a013(3), 289\u2013302 (2008)","journal-title":"Empirical Softw. Engg."},{"key":"4_CR40","unstructured":"Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In: Proceedings of NDSS 2005 (2005)"},{"key":"4_CR41","unstructured":"Novell. AppArmor Linux Application Security. \n                    \n                      http:\/\/www.novell.com\/linux\/security\/apparmor\/"},{"key":"4_CR42","unstructured":"NetLabel - Explicit labeled networking for Linux. \n                    \n                      http:\/\/www.nsa.gov\/selinux"},{"key":"4_CR43","unstructured":"Security-Enhanced Linux. \n                    \n                      http:\/\/www.nsa.gov\/selinux"},{"key":"4_CR44","unstructured":"PaX homepage. \n                    \n                      http:\/\/pax.grsecurity.net"},{"key":"4_CR45","unstructured":"Provos, N., Friedl, M., Honeyman, P.: Preventing privilege escalation. In: Proceedings of the 12th USENIX Security Symp. USENIX Association (2003)"},{"key":"4_CR46","doi-asserted-by":"crossref","unstructured":"Qin, F., et al.: Lift: A low-overhead practical information flow tracking system for detecting security attacks. In: Proceedings of MICRO (2006)","DOI":"10.1109\/MICRO.2006.29"},{"key":"4_CR47","unstructured":"Research, M.: SLAM - Microsoft Research"},{"key":"4_CR48","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., et al.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM CCS (2009)","DOI":"10.1145\/1653662.1653687"},{"key":"4_CR49","doi-asserted-by":"crossref","unstructured":"Rueda, S., Vijayakumar, H., Jaeger, T.: Analysis of virtual machine system policies. In: Proceedings of SACMAT 2009 (2009)","DOI":"10.1145\/1542207.1542243"},{"key":"4_CR50","unstructured":"Sailer, R., et al.: Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. In: Proceedings of ACSAC 2005 (2005)"},{"key":"4_CR51","doi-asserted-by":"crossref","unstructured":"Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63(9) (September 1975)","DOI":"10.1109\/PROC.1975.9939"},{"key":"4_CR52","unstructured":"Sarna-Starosta, B., Stoller, S.D.: Policy analysis for security-enhanced linux. In: Proceedings of the 2004 WITS (April 2004)"},{"key":"4_CR53","unstructured":"Shankar, U., Jaeger, T., Sailer, R.: Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. In: Proceedings of the 2006 NDSS (February 2006)"},{"key":"4_CR54","unstructured":"Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th USENIX Security Symp. (2001)"},{"key":"4_CR55","unstructured":"Simonet, V.: The Flow Caml System: Documentation and User\u2019s Manual. Technical Report 0282, Institut National de Recherche en Informatique et en Automatique (INRIA), \u00a9INRIA (July 2003)"},{"key":"4_CR56","doi-asserted-by":"crossref","unstructured":"Solworth, J.: Robustly secure computer systems: A new security paradigm of system discontinuity. In: Proceedings of NSPW 2007 (2007)","DOI":"10.1145\/1600176.1600186"},{"key":"4_CR57","doi-asserted-by":"crossref","unstructured":"Sun, W., et al.: Practical proactive integrity preservation: A basis for malware defense. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (2008)","DOI":"10.1109\/SP.2008.35"},{"key":"4_CR58","unstructured":"Tresys. Selinux userspace. \n                    \n                      http:\/\/userspace.selinuxproject.org\/trac\/"},{"key":"4_CR59","unstructured":"Tresys. SETools - Policy Analysis Tools for SELinux. \n                    \n                      http:\/\/oss.tresys.com\/projects\/setools"},{"key":"4_CR60","unstructured":"Vidyaraman, S., Chandrasekaran, M., Upadhyaya, S.: The user is the enemy. In: Proceedings of NSPW 2007 (2007)"},{"issue":"3","key":"4_CR61","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1145\/545186.545188","volume":"5","author":"J. Viega","year":"2002","unstructured":"Viega, J., Bloch, J.T., Kohno, T., McGraw, G.: Token-based scanning of source code for security problems. ACM Trans. Inf. Syst. Secur.\u00a05(3), 238\u2013261 (2002)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"4_CR62","unstructured":"Vijayakumar, H., et al.: Integrity walls: Finding attack surfaces from mandatory access control policies. Technical Report Technical Report NAS-TR-0124-2010, Network and Security Research Center (February 2010)"},{"key":"4_CR63","unstructured":"Walker, K.M., et al.: Confining root programs with domain and type enforcement (DTE). In: Proceedings of the 6th USENIX Security Symp. (1996)"},{"issue":"6","key":"4_CR64","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1145\/1273442.1250739","volume":"42","author":"G. Wassermann","year":"2007","unstructured":"Wassermann, G., Su, Z.: Sound and precise analysis of web applications for injection vulnerabilities. SIGPLAN Not.\u00a042(6), 32\u201341 (2007)","journal-title":"SIGPLAN Not."},{"key":"4_CR65","unstructured":"Venema, W.: Postfix Architecture Overview. \n                    \n                      http:\/\/www.postfix.org\/overview.html"},{"issue":"6","key":"4_CR66","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1109\/MC.2004.2","volume":"37","author":"A. Wool","year":"2004","unstructured":"Wool, A.: A quantitative study of firewall configuration errors. IEEE Computer\u00a037(6), 62\u201367 (2004)","journal-title":"IEEE Computer"},{"key":"4_CR67","doi-asserted-by":"crossref","unstructured":"Wurster, G., van Oorschot, P.C.: The developer is the enemy. In: Proceedings of NSPW 2008 (2008)","DOI":"10.1145\/1595676.1595691"},{"key":"4_CR68","unstructured":"Yang, J., Sar, C., Twohey, P., Cadar, C., Engler, D.: Automatically generating malicious disks using symbolic execution. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)"},{"key":"4_CR69","unstructured":"Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazi\u00e8res, D.: Making information flow explicit in HiStar. In: Proceedings of the 7th OSDI (2006)"},{"key":"4_CR70","unstructured":"Zhang, X., Edwards, A., Jaeger, T.: Using CQUAL for static analysis of authorization hook placement. In: Proceedings of the 11th USENIX Security Symp. (2002)"}],"container-title":["Lecture Notes in Computer Science","Security, Privacy, and Applied Cryptography Engineering"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-24126-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,30]],"date-time":"2019-05-30T21:36:09Z","timestamp":1559252169000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-24126-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319241258","9783319241265"],"references-count":70,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-24126-5_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}