hôte sur lequel est hébergé le fichier de la classe de l'applet. Les fenêtres créées par une applet (de classe dérivée de la classe Window) comportent un bandeau indiquant que la fenêtre a été créée par l'applet. Impossibilité de lancer des applications locales ,
Organization Based Access Control, 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy'03), 2003. ,
Simple Generation of Static Single-Assignment Form, Proceedings of the 9th International Conference in Compiler Construction, pp.110-125, 2000. ,
DOI : 10.1007/3-540-46423-9_8
Towards Concrete Syntax Patterns for Logic-based Transformation Rules, Electronic Notes in Theoretical Computer Science, vol.219, pp.113-132, 2008. ,
DOI : 10.1016/j.entcs.2008.10.038
A data model for object-oriented design metrics, 1997. ,
Control flow analysis, Proceedings of a symposium on Compiler optimization, pp.1-19, 1970. ,
Core J2EE Patterns : Best Practices and Design Strategies, 2001. ,
Guide de développement. technical report livrable 1.3 dans le cctp javasec, 2009. ,
Rapport sur le langage java. technical report livrable 1.1 dans le cctp javasec, 2009. ,
Rapport sur les modèles d'exécution java. technical report livrable 1.2 dans le cctp javasec, 2009. ,
Compilers : principles, techniques, and tools Xavier Rival. A static analyzer for large safety-critical software, PLDI '03 : Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation, pp.196-207, 1986. ,
Saner : Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications, Proceedings of the IEEE Symposium on Security and Privacy, 2008. ,
Using program slicing to identify faults in software, Beyond Program Slicing, number 05451 in Dagstuhl Seminar Proceedings Internationales Begegnungs-und Forschungszentrum fur Informatik (IBFI), Schloss Dagstuhl, 2006. ,
A model of large program development, IBM Systems Journal, vol.15, issue.3, pp.225-252, 1976. ,
Describing the impact of refactorings on internal program quality, 2003. ,
Lutte anti-virus. limites des techniques de détection et d'éradication, 2006. ,
Temporal abstract interpretation An abstract interpretation-based framework for software watermarking, Conference Record of the Twentyseventh Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Conference Record of the Thirtyrst Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp.12-25, 2000. ,
Availability enforcement by obligations and aspects identification, First International Conference on Availability, Reliability and Security (ARES'06), pp.229-239, 2006. ,
DOI : 10.1109/ARES.2006.36
Bandera, Proceedings of the 22nd international conference on Software engineering , ICSE '00, pp.762-765, 2000. ,
DOI : 10.1145/337180.337625
What you always wanted to know about Datalog (and never dared to ask), IEEE Transactions on Knowledge and Data Engineering, vol.1, issue.1, pp.146-166, 1989. ,
DOI : 10.1109/69.43410
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.210.1118
Describing Prolog by its interpretation and compilation, eclipse community, pp.1311-1324, 1985. ,
DOI : 10.1145/214956.214960
Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique des programmes, 1978. ,
Types as abstract interpretations, invited paper, Conference Record of the Twentyfourth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp.316-331, 1997. ,
Interprétation abstraite. Technique et science informatique, pp.155-164, 2000. ,
Avionic software verification by abstract interpretation, 2007. ,
DOI : 10.1007/978-3-540-39910-0_11
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.150.6623
Sif : Enforcing confidentiality and integrity in web applications, Proceedings of the 16th USENIX Security Symposium, pp.1-16, 2007. ,
Dynamic taint propagation: Finding vulnerabilities without attacking, Information Security Technical Report, vol.13, issue.1, pp.33-39, 2008. ,
DOI : 10.1016/j.istr.2008.02.003
A lattice model of secure information flow, Communications of the ACM, vol.19, issue.5, pp.236-243, 1976. ,
DOI : 10.1145/360051.360056
Implementation of tainted mode approach to finding security vulnerabilities for python technology ,
Refactoring: Improving the Design of Existing Code ,
DOI : 10.1007/3-540-45672-4_31
Refactoring in the eclipse jdt : Past, present, and future, First Workshop on Refactoring Tools, 2007. ,
Extended static checking for java, PLDI '02 : Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, pp.234-245, 2002. ,
JDeodorant: Identification and Removal of Feature Envy Bad Smells, 2007 IEEE International Conference on Software Maintenance, pp.519-520, 2007. ,
DOI : 10.1109/ICSM.2007.4362679
Towards Principles for the Design of Ontologies Used for Knowledge Sharing, Formal Ontology in Conceptual Analysis and Knowledge Representation, 1993. ,
The early-bird system for real-time detection of unknown worms, 2003. ,
Dynamic Taint Propagation for Java, 21st Annual Computer Security Applications Conference (ACSAC'05), pp.303-311, 2005. ,
DOI : 10.1109/CSAC.2005.21
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.94.3118
Practical taint-based protection using demand emulation, EuroSys '06 : Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems, pp.29-41, 2006. ,
DOI : 10.1145/1217935.1217939
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.136.3857
Agile Project Management : Creating Innovative Products (Agile Software Development Series), 2004. ,
Securing web application code by static analysis and runtime protection ,
Securing web application code by static analysis and runtime protection, WWW '04 : Proceedings of the 13th international conference on World Wide Web, pp.40-52, 2004. ,
Software engineering Product quality, ISO/IEC, 2001. ,
Adaptive software development : a collaborative approach to managing complex systems, 2000. ,
SMask, Proceedings of the 2007 ACM symposium on Applied computing , SAC '07, pp.284-291, 2007. ,
DOI : 10.1145/1244002.1244071
Understanding data lifetime via whole system simulation, Proc. 13th USE- NIX Security Symposium, 2004. ,
Dynamic taint analysis for automatic detection , analysis, and signature generation of exploits on commodity software, Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005. ,
Pixy : A static analysis tool for detecting web application vulnerabilities (short paper), IN 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, pp.258-263, 2006. ,
bddbddb -a bdd-based deductive database, 2010. ,
The semantics of a simple language for parallel programming, Information Processing '74 : Proceedings of the IFIP Congress, pp.471-475, 1974. ,
Secure execution via program shepherding, Proceedings of the 11th USENIX Security Symposium, pp.191-206, 2002. ,
Eliciting abstractions from a software product line ,
Refactoring to Patterns, 2004. ,
DOI : 10.1007/978-3-540-27777-4_54
URL : http://cds.cern.ch/record/1043711/files/0321213351_TOC.pdf
Autograph : toward automated, distributed worm signature detection, SSYM'04 : Proceedings of the 13th conference on USENIX Security Symposium, pp.19-19, 2004. ,
Aspect-oriented programming, ECOOP, pp.220-242, 1997. ,
Using attribute slicing to refactor large classes, Beyond Program Slicing, number 05451 in Dagstuhl Seminar Proceedings . Internationales Begegnungs-und Forschungszentrum fuer Informatik (IBFI), Schloss Dagstuhl, 2006. ,
Programs, life cycles, and laws of software evolution, Proceedings of the IEEE, pp.1060-1076, 1980. ,
Findings security errors in Java applications using lightweight static analysis, Progress Report, Annual Computer Security Applications Conference, 2004. ,
Programming pearl, 2000. ,
Finding security errors in Java programs with static analysis, 2005. ,
Java concurrency guidelines, 2010. ,
Metrics and laws of software evolution-the nineties view, Proceedings Fourth International Software Metrics Symposium, p.20, 1997. ,
DOI : 10.1109/METRIC.1997.637156
The Java(TM) Virtual Machine Specication, 1999. ,
Précis d'Hygiène, 1911. ,
2010 cwe/sans top 25 most dangerous programming errors, 2010. ,
Finding application errors and security flaws using pql : a program query language, OOPSLA '05 : Proceedings of the 20th annual ACM SIGPLAN conference on Object oriented programming, systems, languages, and applications, pp.365-383, 2005. ,
Javascript security, § using data tainting, 2010. ,
Advanced Compiler Design and Implementation, 1997. ,
Valgrind : a framework for heavyweight dynamic binary instrumentation, SIGPLAN Not, vol.42, issue.6, pp.89-100, 2007. ,
Document structure integrity : A robust basis for cross-site scripting defense, NDSS, 2009. ,
Automatically Hardening Web Applications Using Precise Tainting, 20th IFIP International Information Security Conference, pp.372-382, 2005. ,
DOI : 10.1007/0-387-25660-1_20
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.135.1565
Swarp : a retargetable preprocessor for multimedia instructions. Concurrency and Computation : Practice and Experience, pp.303-318, 2004. ,
Cross site scripting prevention with dynamic data tainting and static analysis, 2007. ,
Spoon, Proceedings of the 1st workshop on Aspect oriented middleware development , AOMD '05, 2006. ,
DOI : 10.1145/1101560.1101566
URL : https://hal.archives-ouvertes.fr/inria-00071366
Classes of recursively enumerable sets and their decision problems. Transactions of the, pp.358-366, 1953. ,
Applying and interpreting object oriented metrics, Presented at Software Technology Conference, 1998. ,
Static Enforcement of Web Application Integrity Through Strong Typing, Proceedings of the USENIX Security Symposium, 2009. ,
Language-based information-flow security, IEEE Journal on Selected Areas in Communications, vol.21, issue.1, pp.5-19, 2003. ,
DOI : 10.1109/JSAC.2002.806121
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.10.3979
Abstracting application-level web security, Proceedings of the eleventh international conference on World Wide Web , WWW '02, pp.396-407, 2002. ,
DOI : 10.1145/511446.511498
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.121.8412
Abstracting application-level web security, Proceedings of the eleventh international conference on World Wide Web , WWW '02, pp.396-407, 2002. ,
DOI : 10.1145/511446.511498
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.121.8412
Hacking exposed web application, 2006. ,
The essence of command injection attacks in web applications, POPL, pp.372-382, 2006. ,
Identification of Extract Method Refactoring Opportunities, 2009 13th European Conference on Software Maintenance and Reengineering, pp.119-128, 2009. ,
DOI : 10.1109/CSMR.2009.23
Identification of Move Method Refactoring Opportunities, IEEE Transactions on Software Engineering, vol.35, issue.3, p.5555 ,
DOI : 10.1109/TSE.2009.1
Jdeodorant : Identification and removal of type-checking bad smells. Software Maintenance and Reengineering, 12th European Conference on, pp.329-331, 2008. ,
Refactoring for generalization using type constraints, Proc. ACM SIGPLAN Conf. Object-Oriented Programming , Systems, Languages and Applications (OOPSLA), pp.13-26, 2003. ,
Taj : effective taint analysis of web applications, PLDI '09 : Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation, pp.87-97, 2009. ,
Using Automated Fix Generation to Secure SQL Statements, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007), pp.1-7, 2007. ,
DOI : 10.1109/SESS.2007.12
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.129.6949
Model checking programs, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering, 2000. ,
DOI : 10.1109/ASE.2000.873645
Optimizing java bytecode using the soot framework : Is it feasible ?, Computational Complexity, pp.18-34, 2000. ,
Jimple : Simplifying java bytecode for analyses and transformations ,
Program Slicing, ICSE '81 : Proceedings of the 5th international conference on Software engineering, pp.439-449, 1981. ,
DOI : 10.1109/TSE.1984.5010248
A first step towards automated detection of buffer overrun vulnerabilities, Network and Distributed System Security Symposium, pp.3-17, 2000. ,
Static detection of security vulnerabilities in scripting languages, USENIX-SS'06 : Proceedings of the 15th conference on USENIX Security Symposium, 2006. ,
Taint-enhanced policy enforcement : A practical approach to defeat a wide range of attacks, 15th USENIX Security Symposium, pp.121-136, 2006. ,
Survey Results -Integrating Security into the Software Development LifeCycle, p.49 ,