Zobrazeno 1 - 10
of 16
pro vyhledávání: '"Timothy L. Hinrichs"'
Publikováno v:
EPiC Series in Computing.
Model checking and runtime verification are pillars of formal verification but for the most part are used independently. In this position paper we argue that the formal verification community would be well-served by developing theory, algorithms, imp
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::a3b5a2b01b1fa1f32edc0aab28e98c23
https://doi.org/10.29007/slnn
https://doi.org/10.29007/slnn
Publikováno v:
Journal of Computer Security. 22:415-465
Parameter tampering attacks are dangerous to a web application whose server fails to replicate the validation of user-supplied data that is performed by the client in web forms. Malicious users who circumvent the client can capitalize on the missing
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::372d19f63b93e712dd8673cef692e49c
https://doi.org/10.3233/jcs-140498
https://doi.org/10.3233/jcs-140498
Autor:
Timothy L. Hinrichs, Daniele Rossetti, V. N. Venkatakrishnan, Lenore D. Zuck, A. Prasad Sistla, Gabriele Petronella
Publikováno v:
PLAS
WEBLOG is a declarative language for web application development designed to automatically eliminate several security vulnerabilities common to today's web applications. In this paper, we introduce Weblog, detail the security vulnerabilities it elimi
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::30911901ba2216d894e9655dc5cc221e
https://doi.org/10.1145/2465106.2465119
https://doi.org/10.1145/2465106.2465119
Autor:
Adam J. Lee, Diego Martinoia, Timothy L. Hinrichs, Lenore D. Zuck, Alessandro Panebianco, William C. Garrison
Publikováno v:
CSF
Access control schemes come in all shapes and sizes, which makes choosing the right one for a particular application a challenge. Yet today's techniques for comparing access control schemes completely ignore the setting in which the scheme is to be d
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::23f16d2c6a5624564a7398631b26e371
https://doi.org/10.1109/csf.2013.17
https://doi.org/10.1109/csf.2013.17
Autor:
V. N. Venkatakrishnan, Nazari Skrupsky, Timothy L. Hinrichs, Lenore D. Zuck, Maliheh Monshizadeh, Prithvi Bisht
Publikováno v:
CyberSecurity
The current practice of Web application development treats the client and server components of the application as two separate pieces of software. Each component is written independently, usually in distinct programming languages and development plat
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::dc49579c32d80c2a6a450bfd95b48568
https://doi.org/10.1109/cybersecurity.2012.13
https://doi.org/10.1109/cybersecurity.2012.13
Publikováno v:
NSPW
Access control is an area where one size does not fit all. However, previous work in access control has focused solely on expressiveness as an absolute measure. Thus, we discuss and justify the need for a new type of evaluation framework for access c
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::e52e1a19c04d17bba1c7bb2301cdd4c1
https://doi.org/10.1145/2413296.2413307
https://doi.org/10.1145/2413296.2413307
Publikováno v:
Lecture Notes in Computer Science ISBN: 9783642294198
Formal Aspects in Security and Trust
Formal Aspects in Security and Trust
Logical policy-based access control models are greatly expressive and thus provide the flexibility for administrators to represent a wide variety of authorization policies. Extensional access control models, on the other hand, utilize simple data str
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::cc6d08990e162e0e46830470b76de31b
https://doi.org/10.1007/978-3-642-29420-4_13
https://doi.org/10.1007/978-3-642-29420-4_13
Publikováno v:
ACM Conference on Computer and Communications Security
Parameter tampering attacks are dangerous to a web application whose server fails to replicate the validation of user-supplied data that is performed by the client. Malicious users who circumvent the client can capitalize on the missing server valida
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::72708cf1be1c6944a9a29ea777953b00
https://doi.org/10.1145/2046707.2046774
https://doi.org/10.1145/2046707.2046774
Autor:
Timothy L. Hinrichs
Publikováno v:
Practical Aspects of Declarative Languages ISBN: 9783642183775
PADL
PADL
Modern web forms interact with the user in real-time by detecting errors and filling-in implied values, which in terms of automated reasoning amounts to SAT solving and theorem proving. This paper presents PLATO, a compiler that automatically generat
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::74f18117baa430b8ed7c3417f22873ef
https://doi.org/10.1007/978-3-642-18378-2_7
https://doi.org/10.1007/978-3-642-18378-2_7
Autor:
Timothy L. Hinrichs, Nazari Skrupsky, V. N. Venkatakrishnan, Prithvi Bisht, Radoslaw Bobrowicz
Publikováno v:
ACM Conference on Computer and Communications Security
Web applications rely heavily on client-side computation to examine and validate form inputs that are supplied by a user (e.g., "credit card expiration date must be valid"). This is typically done for two reasons: to reduce burden on the server and t
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::568ac436d50c9a6b1be78ee738337ef2
https://doi.org/10.1145/1866307.1866375
https://doi.org/10.1145/1866307.1866375