syssec_red_book

Bibliography[329] F. Raja, K. Hawkey, S. Hsu, K.-L. C. Wang, and K. Beznosov. A brick wall, a locked door,and a bandit: a physical security metaphor for firewall warnings. In Proceedings of theSeventh Symposium on Usable Privacy and Security, SOUPS ’11, pages 1:1–1:20, New York,NY, USA, 2011. ACM.[330] V. Reding. the EU Data Protection Reform 2012: Making Europe the Standard Setterfor Modern Data Protection Rules in the Digital Age. http://europa.eu/rapid/pressrelease_SPEECH-12-26_en.htm.[331] A. Reina, A. Fattori, and L. Cavallaro. A system call-centric analysis and stimulationtechnique to automatically reconstruct android malware behaviors. In EuroSec, April 2013.[332] C. Reis and S. Gribble. Isolating web programs in modern browser architectures. InProceedings of the 4th ACM European Conference on Computer Systems (EuroSys), pages 219–232. ACM, 2009.[333] E. Rescorla. Security holes... Who cares? In Proceedings of the 12th USENIX SecuritySymposium, pages 75–90, Aug. 2003.[334] R. Richmond. Stolen Facebook Accounts for Sale. 2010. http://www.nytimes.com/2010/05/03/technology/internet/03facebook.html?_r=0.[335] R. Roberts. Malware Development Life Cycle. Virus Bulletin Conf., (October), 2008.[336] W. Robertson and G. Vigna. Static Enforcement of Web Application Integrity ThroughStrong Typing. In Proceedings of the 18th USENIX Security Symposium, Montreal, Quebec,August 2009.[337] C. Rossow, D. Andriesse, T. Werner, B. Stone-Gross, C. J. Dietrich, and H. Bos. P2pwned— modeling and evaluating the resilience of peer-to-peer botnets. In Security & Privacy(Oakland), San Francisco, CA, USA, May 2013.[338] I. Rouf, H. Mustafa, M. Xu, W. Xu, R. Miller, and M. Gruteser. Neighborhood watch:security and privacy analysis of automatic meter reading systems. In ACM conference onComputer and Communications Security. ACM Request Permissions, Oct. 2012.[339] RSA. Apt summit findings. http://www.rsa.com/innovation/docs/APT_findings.pdf.[340] A. Rubin and D. Geer. A survey of web security. Computer, 31(9):34–41, 1998.[341] G. Sarwar, O. Mehani, R. Boreli, and D. Kaafar. On the Effectiveness of Dynamic TaintAnalysis for Protecting Against Private Information Leaks on Android-based Devices. In10th International Conference on Security and Cryptography (SECRYPT), 2013.[342] P. Saxena, S. Hanna, P. Poosankam, and D. Song. FLAX: Systematic Discovery of ClientsideValidation Vulnerabilities in Rich Web Applications. In Proceedings of the 17th AnnualNetwork and Distributed System Security Symposium (NDSS).[343] Security Focus. Vulnerabilities. http://www.securityfocus.com/bid, 2011.[344] D. Seeley. Password cracking: a game of wits. Commun. ACM, 32(6):700–703, June 1989.[345] R. Sekar. An Efficient Black-box Technique for Defeating Web Application Attacks. InProceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS),San Diego, CA, Feb. 8-11, 2009.[346] F. J. Serna. CVE-2012-0769, the case of the perfect info leak, Feb. 2012. http://zhodiac.hispahack.com/my-stuff/security/Flash_ASLR_bypass.pdf.[347] H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectivenessof address-space randomization. In Proceedings of the 11th ACM conference on Computer andCommunications Security (CCS), 2004.[348] F. T. Sheldon and C. Vishik. Moving toward trustworthy systems: R&d essentials. IEEEComputer, 2010.[349] Y. Shin and L. Williams. An initial study on the use of execution complexity metrics asindicators of software vulnerabilities. In Proc. of the 7th international workshop on Softwareengineering for secure systems, SESS’11. ACM Press, May 2011.181