syssec_red_book

Bibliography[291] Mozilla. Browserid specification. https://github.com/mozilla/id-specs/blob/prod/browserid/index.md.[292] Mozilla. Verified e-mail protocol. https://wiki.mozilla.org/Labs/Identity/VerifiedEmailProtocol.[293] Y. Nadji, P. Saxena, and D. Song. Document Structure Integrity: A Robust Basis for CrosssiteScripting Defense. In Proceedings of the 16th Annual Network and Distributed SystemSecurity Symposium (NDSS), San Diego, CA, Feb. 8-11, 2009.[294] NakedSecurity. Facebook glitch lets spear phishers impersonate users’ friendsand family. http://nakedsecurity.sophos.com/2012/08/31/facebook-glitch-spearphishing/.[295] A. Nappa, A. Fattori, M. Balduzzi, M. Dell’Amico, and L. Cavallaro. Take a Deep Breath: aStealthy, Resilient and Cost-Effective Botnet Using Skype. In GI SIG SIDAR Conference onDetection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2010.[296] J. Nazario and T. Holz. As the Net Churns: Fast-Flux Botnet Observations Tracking Fast-Flux Domains. In Proceedings of the 3rd International Conference on Malicious and UnwantedSoftware, 2008.[297] D. Nebenzahl and M. Sagiv. Install-time vaccination of windows executables to defendagainst stack smashing attacks. IEEE Transactions on Dependable and Secure Computing,3(1):78–90, 2006.[298] M. Newman and J. Park. Why social networks are different from other types of networks.Physical Review E, 68(3), Sept. 2003.[299] J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, andsignature generation of exploit attacks on commodity software. In Proceedings of the Networkand Distributed Systems Security Symposium (NDSS), 2005.[300] V. H. Nguyen and L. M. S. Tran. Predicting vulnerable software components with dependencygraphs. In Proc. of the 6th International Workshop on Security Measurements and Metrics,MetriSec’10. ACM Press, Sept. 2010.[301] NIST. National Vulnerability Database. http://web.nvd.nist.gov/view/vuln/search,2011.[302] J. Oberheide, M. Bailey, and F. Jahanian. Polypack: an automated online packing servicefor optimal antivirus evasion. In Proceedings of the 3rd USENIX Workshop on OffensiveTechnologies (WOOT), 2009.[303] J. Oberheide and C. Miller. Dissecting the Android’s Bouncer. SummerCon, 2012. http://jon.oberheide.org/files/summercon12-bouncer.pdf.[304] J. L. Obes and J. Schuh. A Tale of Two Pwnies (Part 1), 2012. http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html.[305] G. Ollmann. The vishing guide. Technical report, IBM Global Technology Services,2007. http://www.infosecwriters.com/text_resources/pdf/IBM_ISS_vishing_guide_GOllmann.pdf.[306] K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-Free: defeating returnorientedprogramming through gadget-less binaries. In Proceedings of the 26th AnnualComputer Security Applications Conference (ACSAC), 2010.[307] K. Onarlioglu, U. O. Yilmaz, E. Kirda, and D. Balzarotti. Insights into user behavior indealing with internet attacks. In Network and Distributed Systems Security Symposium (NDSS),2012.[308] V. Pappas, M. Polychronakis, and A. D. Keromytis. Smashing the gadgets: Hinderingreturn-oriented programming using in-place code randomization. In Proceedings of the 33rdIEEE Symposium on Security & Privacy (S&P), 2012.179