syssec_red_book

Bibliography[88] A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic concepts and taxonomy ofdependable and secure computing. IEEE Trans. Dependable Secur. Comput., 1(1):11–33, Jan.2004.[89] R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online socialnetwork with user-defined privacy. In Proceedings of the ACM SIGCOMM 2009 conference onData communication - SIGCOMM ’09, page 135. ACM Press, 2009.[90] G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 binary executables. InProcedings of the Conference on Compiler Construction, CC’04, 2004.[91] M. Balduzzi, C. Gimenez, D. Balzarotti, and E. Kirda. Automated discovery of parameterpollution vulnerabilities in web applications. In Proceedings of the 18th Network andDistributed System Security Symposium, 2011.[92] M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel. Abusing socialnetworks for automated user profiling. In International Symposium on Recent Advances inIntrusion Detection (RAID 2010), 9 2010.[93] J. Baltazar, J. Costoya, and R. Flores. The Real Face of KOOBFACE : The Largest Web 2 . 0Botnet Explained, 2009.[94] D. Balzarotti(Ed.). D4.1: First Report on Threats on the Future Internet and ResearchRoadmap. Technical report, SySSeC Consortia, Sept. 2011.[95] D. Balzarotti(Ed.). D4.2: Second Report on Threats on the Future Internet and ResearchRoadmap. Technical report, SySSeC Consortia, Sept. 2012.[96] A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stack smashingattacks. In Proceedings of the USENIX Annual Technical Conference, June 2000.[97] A. Barth, J. Caballero, and D. Song. Secure Content Sniffing for Web Browsers or Howto Stop Papers from Reviewing Themselves. In Proceedings of the 30th IEEE Symposium onSecurity & Privacy, Oakland, CA, May 2009.[98] A. Barth, C. Jackson, and J. C. Mitchell. Robust Defenses for Cross-Site Request Forgery. InProceedings of the 15th ACM Conference on Computer and Communications Security (CCS), 2008.[99] U. Bayer, C. Kruegel, and E. Kirda. Ttanalyze: A tool for analyzing malware. In Proc. ofEICAR, 2006.[100] M. Benioff and E. Lazowska, editors. Cyber Security: A Crisis of Prioritization. NationalCoordination Office for Information Technology Research and Development, Feb. 2005.[101] J. Bennett, Y. Lin, and T. Haq. The Number of the Beast, 2013. http://blog.fireeye.com/research/2013/02/the-number-of-the-beast.html.[102] E. Bhatkar, D. C. Duvarney, and R. Sekar. Address obfuscation: an efficient approachto combat a broad range of memory error exploits. In In Proceedings of the 12th USENIXSecurity Symposium, 2003.[103] R. Biddle, S. Chiasson, and P. Van Oorschot. Graphical passwords: Learning from the firsttwelve years. ACM Comput. Surv., 44(4):19:1–19:41, Sep 2012.[104] L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us. InProceedings of the 18th international conference on World wide web - WWW ’09, page 551. ACMPress, 2009.[105] H. Bojinov, D. Boneh, R. Cannings, and I. Malchev. Address space randomization formobile devices. In Proceedings of the fourth ACM conference on Wireless network security,WiSec ’11, pages 127–138, New York, NY, USA, 2011. ACM.[106] H. Bojinov, E. Bursztein, and D. Boneh. XCS: Cross Channel Scripting and Its Impacton Web Applications. In CCS ’09: Proceedings of the 16th ACM conference on Computer andcommunications security, pages 420–431, New York, NY, USA, 2009. ACM.[107] J. Bonneau. Statistical metrics for individual password strength. In Proceedings of the 20thinternational conference on Security Protocols, pages 76–86, 2012.169