{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T23:40:27Z","timestamp":1725838827248},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319260952"},{"type":"electronic","value":"9783319260969"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26096-9_1","type":"book-chapter","created":{"date-parts":[[2015,11,24]],"date-time":"2015-11-24T11:18:35Z","timestamp":1448363915000},"page":"1-11","source":"Crossref","is-referenced-by-count":3,"title":["The Dark Side of the Code"],"prefix":"10.1007","author":[{"given":"Olgierd","family":"Pieczul","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simon N.","family":"Foley","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,11,25]]},"reference":[{"key":"1_CR1","unstructured":"Bash Code Injection Vulnerability via Specially Crafted Environment Variables. \n https:\/\/access.redhat.com\/articles\/1200223"},{"key":"1_CR2","unstructured":"The Heartbleed Bug. \n http:\/\/heartbleed.com\/"},{"key":"1_CR3","unstructured":"Hibernate. \n http:\/\/hibernate.org"},{"key":"1_CR4","unstructured":"The Spring Framework. \n https:\/\/spring.io"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T.: Automated privacy audits based on pruning of log data. In: EDOCW, pp. 175\u2013182 (2008)","DOI":"10.1109\/EDOCW.2008.18"},{"key":"1_CR6","series-title":"Lecture Notes in Computer Science","first-page":"469","volume-title":"Advances in Database Technology - EDBT \u201998","author":"R Agrawal","year":"1998","unstructured":"Agrawal, R., Gunopulos, D., Leymann, F.: Mining process models from workflow logs. In: Schek, H.-J., Saltor, F., Ramos, I., Alonso, G. (eds.) EDBT 1998. LNCS, vol. 1377, pp. 469\u2013483. Springer, Heidelberg (1998)"},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1007\/978-3-540-24622-0_5","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"H Barringer","year":"2004","unstructured":"Barringer, H., Goldberg, A., Havelund, K., Sen, K.: Rule-based runtime verification. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 44\u201357. Springer, Heidelberg (2004)"},{"key":"1_CR8","unstructured":"Barth, A.: The web origin concept. Request for Comments 6454, Internet Engineering Task Force, December 2011. \n http:\/\/www.ietf.org\/rfc\/rfc6454.txt"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Berners-Lee, T., Fielding, R., Masinter, L.: Uniform resource identifier (URI): generic syntax. Request for Comments 3986, Internet Engineering Task Force, January 2005. \n http:\/\/www.ietf.org\/rfc\/rfc3986.txt","DOI":"10.17487\/rfc3986"},{"key":"1_CR10","unstructured":"Carnegie Mellon University: CERT secure coding standards - VOID 2 MET21-J. Do not invoke equals() or hashCode() on URLs. \n https:\/\/www.securecoding.cert.org\/confluence\/x\/5wHEAw"},{"key":"1_CR11","unstructured":"Davis, D.: Compliance defects in public-key cryptography. In: Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography, SSYM 1996, vol. 6, p. 17. USENIX Association, Berkeley (1996). \n http:\/\/dl.acm.org\/citation.cfm?id=1267569.1267586"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext transfer protocol - HTTP\/1.1. Request for Comments 2616, Internet Engineering Task Force, June 1999. \n http:\/\/www.ietf.org\/rfc\/rfc2616.txt","DOI":"10.17487\/rfc2616"},{"issue":"1","key":"1_CR13","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1109\/JSAC.2002.806124","volume":"21","author":"S Foley","year":"2003","unstructured":"Foley, S.: A non-functional approach to system integrity. IEEE J. Sel. Areas Commun. 21(1), 36\u201343 (2003)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"1_CR14","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: IEEE Symposium on Security and Privacy, pp. 120\u2013128 (1996)"},{"key":"1_CR15","unstructured":"Frank, M., Buhmann, J., Basin, D.: On the definition of role mining. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, SACMAT 2010, pp. 35\u201344. ACM, New York (2010). \n http:\/\/doi.acm.org\/10.1145\/1809842.1809851"},{"key":"1_CR16","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-03315-5_1","volume-title":"The Future of Identity in the Information Society","author":"D Gollmann","year":"2009","unstructured":"Gollmann, D.: Software security \u2013 the dangers of abstraction. In: Maty\u00e1\u0161, V., Fischer-H\u00fcbner, S., Cvr\u010dek, D., \u0160venda, P. (eds.) The Future of Identity. IFIP AICT, vol. 298, pp. 1\u201312. Springer, Heidelberg (2009)"},{"key":"1_CR17","unstructured":"Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from DNS rebinding attacks. In: Proceedings of ACM CCS 07 (2007). \n http:\/\/crypto.stanford.edu\/dns\/dns-rebinding.pdf"},{"key":"1_CR18","unstructured":"Jiang, G., Chen, H., Ungureanu, C., Yoshihira, K.: Multi-resolution abnormal trace detection using varied-length N-grams and automata. In: Second International Conference on Autonomic Computing, ICAC 2005, Proceedings, pp. 111\u2013122 (2005)"},{"key":"1_CR19","unstructured":"Jin, D., Meredith, P.O., Lee, C., Ro\u015fu, G.: JavaMOP: efficient parametric runtime monitoring framework. In: Proceedings of the 34th International Conference on Software Engineering, ICSE 2012, pp. 1427\u20131430. IEEE Press, Piscataway (2012). \n http:\/\/dl.acm.org\/citation.cfm?id=2337223.2337436"},{"key":"1_CR20","unstructured":"Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, SACMAT 2003, pp. 179\u2013186. ACM, New York (2003). \n http:\/\/doi.acm.org\/10.1145\/775412.775435"},{"issue":"10","key":"1_CR21","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/2.161279","volume":"25","author":"B Meyer","year":"1992","unstructured":"Meyer, B.: Applying \u201cDesign by Contract\u201d. IEEE Comput. 25(10), 40\u201351 (1992). \n http:\/\/doi.ieeecomputersociety.org\/10.1109\/2.161279","journal-title":"IEEE Comput."},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: Domain names - concepts and facilities. Request for Comments 1034, Internet Engineering Task Force, November 1987. \n http:\/\/www.ietf.org\/rfc\/rfc1034.txt","DOI":"10.17487\/rfc1034"},{"key":"1_CR23","unstructured":"Oliveira, D., Rosenthal, M., Morin, N., Yeh, K.C., Cappos, J., Zhuang, Y.: It\u2019s the psychology stupid: how heuristics explain software vulnerabilities and how priming can illuminate developer\u2019s blind spots. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 296\u2013305. ACM, New York (2014). \n http:\/\/doi.acm.org\/10.1145\/2664243.2664254"},{"key":"1_CR24","unstructured":"Oracle: Java Platform API Specification - URL (2014). \n http:\/\/docs.oracle.com\/javase\/7\/docs\/api\/java\/net\/URL.html"},{"key":"1_CR25","unstructured":"Oracle: Java Platform API Specification - URL Connection (2014). \n http:\/\/docs.oracle.com\/javase\/7\/docs\/api\/java\/net\/URLConnection.html"},{"key":"1_CR26","unstructured":"OWASP Foundation: OWASP Top 10 2013. \n https:\/\/www.owasp.org\/index.php\/Top_10_2013"},{"key":"1_CR27","unstructured":"The PHP Group: PHP Manual \u2013 file\\_get\\_contents. \n http:\/\/php.net\/manual\/en\/function.file-get-contents.php"},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Pieczul, O., Foley, S.: Discovering emergent norms in security logs. In: 2013 IEEE Conference on Communications and Network Security (CNS - SafeConfig), pp. 438\u2013445 (2013)","DOI":"10.1109\/CNS.2013.6682758"},{"key":"1_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1007\/978-3-319-12400-1_3","volume-title":"Security Protocols XXII","author":"O Pieczul","year":"2014","unstructured":"Pieczul, O., Foley, S.: Collaborating as normal: detecting systemic anomalies in your partner. In: Christianson, B., Malcolm, J., Maty\u00e1\u0161, V., \u0160venda, P., Stajano, F., Anderson, J. (eds.) Security Protocols 2014. LNCS, vol. 8809, pp. 18\u201327. Springer, Heidelberg (2014)"},{"key":"1_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-45608-2_1","volume-title":"Foundations of Security Analysis and Design","author":"P Ryan","year":"2001","unstructured":"Ryan, P.: Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 1\u201362. Springer, Heidelberg (2001)"}],"container-title":["Lecture Notes in Computer Science","Security Protocols XXIII"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26096-9_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T13:22:45Z","timestamp":1559308965000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26096-9_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319260952","9783319260969"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26096-9_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}