{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T06:00:49Z","timestamp":1743055249590,"version":"3.40.3"},"publisher-location":"Cham","reference-count":17,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319308050"},{"type":"electronic","value":"9783319308067"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-30806-7_13","type":"book-chapter","created":{"date-parts":[[2016,3,28]],"date-time":"2016-03-28T07:24:01Z","timestamp":1459149841000},"page":"207-215","source":"Crossref","is-referenced-by-count":2,"title":["Idea: Usable Platforms for Secure Programming \u2013 Mining Unix for Insight and Guidelines"],"prefix":"10.1007","author":[{"given":"Sven","family":"T\u00fcrpe","sequence":"first","affiliation":[]}],"member":"297","reference":[{"key":"13_CR1","unstructured":"Apple Inc.: Secure Coding Guide, 2014-02-11 edn. (2006\u20132014). \n                    https:\/\/developer.apple.com\/library\/mac\/documentation\/Security\/Conceptual\/SecureCodingGuide\/"},{"issue":"5","key":"13_CR2","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1145\/1071713.1071731","volume":"3","author":"K Arnold","year":"2005","unstructured":"Arnold, K.: Programmers are people, too. ACM Queue 3(5), 54\u201359 (2005)","journal-title":"ACM Queue"},{"issue":"1","key":"13_CR3","first-page":"5","volume":"12","author":"M Bishop","year":"1987","unstructured":"Bishop, M.: How to write a setuid program. Login 12(1), 5\u201311 (1987)","journal-title":"Login"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"Cappos, J., Zhuang, Y., Oliveira, D., Rosenthal, M., Yeh, K.C.: Vulnerabilities as blind spots in developer\u2019s heuristic-based decision-making processes. In: Proceedings of New Security Paradigms Workshop, NSPW 2014, pp. 53\u201362. ACM, New York, NY, USA (2014)","DOI":"10.1145\/2683467.2683472"},{"key":"13_CR5","unstructured":"Chen, H., Wagner, D., Dean, D.: Setuid demystified. In: USENIX Security Symposium, pp. 171\u2013190 (2002)"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Crandall, J.R., Oliveira, D.: Holographic vulnerability studies: vulnerabilities as fractures in interpretation as information flows across abstraction boundaries. In: Proceedings of New Security Paradigms Workshop, NSPW 2012, pp. 141\u2013152. ACM, New York, NY, USA (2012)","DOI":"10.1145\/2413296.2413309"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Dittmer, M.S., Tripunitara, M.V.: The unix process identity crisis: a standards-driven approach to setuid. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 1391\u20131402. ACM, New York, NY, USA (2014)","DOI":"10.1145\/2660267.2660333"},{"key":"13_CR8","unstructured":"Esser, S.: OS X 10.10 \n                    \n                      \n                    \n                    $${\\rm DYLD}\\_{\\rm PRINT}\\_{\\rm TO}\\_{\\rm FILE}$$\n                    \n                      \n                        \n                          DYLD\n                          _\n                          PRINT\n                          _\n                          TO\n                          _\n                          FILE\n                        \n                      \n                    \n                   local privilege escalation vulnerability. \n                    https:\/\/www.sektioneins.de\/blog\/15-07-07-dyld_print_to_file_lpe.html\n                    \n                   (2015)"},{"key":"13_CR9","unstructured":"Free Software Foundation Inc: The GNU C Library Reference Manual, glibc 2.22 edn, August 2015. \n                    https:\/\/www.gnu.org\/software\/libc\/manual\/"},{"key":"13_CR10","volume-title":"Practical UNIX and Internet Security","author":"S Garfinkel","year":"2003","unstructured":"Garfinkel, S., Spafford, G., Schwartz, A.: Practical UNIX and Internet Security, 3rd edn. O\u2019Reilly Media, Sebastopol (2003)","edition":"3"},{"issue":"2","key":"13_CR11","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1006\/jvlc.1996.0009","volume":"7","author":"TRG Green","year":"1996","unstructured":"Green, T.R.G., Petre, M.: Usability analysis of visual programming environments: a \u2018cognitive dimensions\u2019 framework. J. Vis. Lang. Comput. 7(2), 131\u2013174 (1996)","journal-title":"J. Vis. Lang. Comput."},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Oliveira, D., Rosenthal, M., Morin, N., Yeh, K.C., Cappos, J., Zhuang, Y.: It\u2019s the psychology stupid: how heuristics explain software vulnerabilities and how priming can illuminate developer\u2019s blind spots. In: Proceedings of 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 296\u2013305. ACM, New York, NY, USA (2014)","DOI":"10.1145\/2664243.2664254"},{"key":"13_CR13","volume-title":"Advanced Programming in the UNIX Environment","author":"WR Stevens","year":"1992","unstructured":"Stevens, W.R.: Advanced Programming in the UNIX Environment. Addison-Wesley Publishing Company, Reading (1992)"},{"issue":"3","key":"13_CR14","first-page":"55","volume":"33","author":"D Tsafrir","year":"2008","unstructured":"Tsafrir, D., Da Silva, D., Wagner, D.: The murky issue of changing process identity: revising \u201csetuid demystified\u201d. Login 33(3), 55\u201366 (2008)","journal-title":"Login"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"T\u00fcrpe, S.: Point-and-shoot security design: can we build better tools for developers? In: Proceedings of New Security Paradigms Workshop, NSPW 2012, pp. 27\u201342. ACM, New York, NY, USA (2012)","DOI":"10.1145\/2413296.2413300"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Wurster, G., van Oorschot, P.C.: The developer is the enemy. In: Proceedings of New Security Paradigms Workshop, NSPW 2008, pp. 89\u201397. ACM, New York, NY, USA (2008)","DOI":"10.1145\/1595676.1595691"},{"key":"13_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/3-540-36159-6_24","volume-title":"Information and Communications Security","author":"K-P Yee","year":"2002","unstructured":"Yee, K.-P.: User interaction design for secure systems. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278\u2013290. Springer, Heidelberg (2002). doi:\n                    10.1007\/3-540-36159-6_24"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-30806-7_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T18:18:36Z","timestamp":1559413116000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-30806-7_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319308050","9783319308067"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-30806-7_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}