\newcommand{\etalchar}[1]{$^{#1}$}
\begin{thebibliography}{NTGG{\etalchar{+}}05}

\bibitem[ABS94]{1994:pldi:austin}
Todd~M. Austin, Scott~E. Breach, and Gurindar~S. Sohi.
\newblock Efficient detection of all pointer and array access errors.
\newblock In {\em Proceedings of the {ACM} {SIGPLAN}~'94 Conference on
  Programming Language Design and Implementation}, pages 290--301, 1994.

\bibitem[ADvRF01]{amme+01}
Wolfram Amme, Niall Dalton, Jeffery von Ronne, and Michael Franz.
\newblock Safetsa: A type safe and referentially secure mobile-code
  representation based on static single assignment form.
\newblock In {\em SIGPLAN '01 Conference on Programming Language Design and
  Implementation}, pages 137--147, 2001.

\bibitem[CW02]{CheWag2002}
Hao Chen and David Wagner.
\newblock {MOPS}: an infrastructure for examining security properties of
  software.
\newblock In Ravi Sandhu, editor, {\em Proceedings of the 9th {ACM} Conference
  on Computer and Communications Security}, pages 235--244, Washington, DC,
  USA, November 2002. ACM Press.

\bibitem[CWP{\etalchar{+}}00]{CoWaPuBeWa2000}
Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole.
\newblock Buffer overflows: Attacks and defenses for the vulnerability of the
  decade.
\newblock In {\em Proceedings of the {DARPA} Information Survivability
  Conference and Exposition ({DISCEX} 2000)}. {IEEE} Computer Society Press,
  January 2000.

\bibitem[HAM06]{HiAhMc2006}
Boniface Hicks, Kiyan Ahmadizadeh, and Patrick {McDaniel}.
\newblock Understanding practical application development in security-typed
  languages.
\newblock In {\em 22nd Annual Computer Security Applications Conference}. ACM,
  December 2006.

\bibitem[HCF05]{HaChFr2005}
Vivek Haldar, Deepak Chandra, and Michael Franz.
\newblock Dynamic taint propagation for java.
\newblock In {\em 21st Annual Computer Security Applications Conference}, pages
  274--282. ACM, December 2005.

\bibitem[HLA{\etalchar{+}}05]{MSR-TR-2005-135}
Galen Hunt, James~R. Larus, Martin Abadi, Mark Aiken, Paul Barham, Manuel
  Fahndrich, Chris Hawblitzel, Orion Hodson, Steven Levi, Nick Murphy, Bjarne
  Steensgaard, David Tarditi, Ted Wobber, and Brian~D. Zill.
\newblock An overview of the singularity project.
\newblock Technical Report MSR-TR-2005-135, Microsoft Research (MSR), October
  2005.

\bibitem[HOM06]{conf/sigsoft/HalfondOM06}
William G.~J. Halfond, Alessandro Orso, and Panagiotis Manolios.
\newblock Using positive tainting and syntax-aware evaluation to counter {SQL}
  injection attacks.
\newblock In Michal Young and Premkumar~T. Devanbu, editors, {\em Proceedings
  of the 14th {ACM} {SIGSOFT} International Symposium on Foundations of
  Software Engineering, {FSE} 2005, Portland, Oregon, {USA}, November 5-11,
  2006}, pages 175--185. ACM, 2006.

\bibitem[JKK06]{conf/sp/JovanovicKK06}
Nenad Jovanovic, Christopher Kr{\"u}gel, and Engin Kirda.
\newblock Pixy: {A} static analysis tool for detecting web application
  vulnerabilities (short paper).
\newblock In {\em IEEE Symposium on Security and Privacy}, pages 258--263. IEEE
  Computer Society, 2006.

\bibitem[LE01]{Larochelle:2001:SDL}
David Larochelle and David Evans.
\newblock Statically detecting likely buffer overflow vulnerabilities.
\newblock In {USENIX}, editor, {\em Proceedings of the Tenth {USENIX} Security
  Symposium, August 13--17, 2001, Washington, {DC}, {USA}}, pages ??--??,
  pub-USENIX:adr, 2001. USENIX.

\bibitem[LL05]{Livshits05a}
V.~Benjamin Livshits and Monica~S. Lam.
\newblock Finding security vulnerabilities in java applications using static
  analysis.
\newblock In {\em Proceedings of the 14th USENIX Security Symposium}, August
  2005.

\bibitem[NL96]{necula96:safe}
George~C. Necula and Peter Lee.
\newblock Safe kernel extensions without run-time checking.
\newblock In {\em Proceedings of the Second Symposium on Operating System
  Design and Implementation}, Seattle, WA, USA, October 1996.

\bibitem[NMW02]{NeculaMcPWei02}
George~C. Necula, Scott McPeak, and Westley Weimer.
\newblock {CC}ured: Type-safe retrofitting of legacy code.
\newblock In {\em Conference Record of {POPL}'02: The 29th {ACM}
  {SIGPLAN}-{SIGACT} Symposium on Principles of Programming Languages}, pages
  128--139, Portland, Oregon, January 16--18, 2002.

\bibitem[NS05]{conf/ndss/NewsomeS05}
James Newsome and Dawn~Xiaodong Song.
\newblock Dynamic taint analysis for automatic detection, analysis, and
  signaturegeneration of exploits on commodity software.
\newblock In {\em NDSS}. The Internet Society, 2005.

\bibitem[NTGG{\etalchar{+}}05]{conf/sec/Nguyen-TuongGGSE05}
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David
  Evans.
\newblock Automatically hardening web applications using precise tainting.
\newblock In Ry{\^o}ichi Sasaki, Sihan Qing, Eiji Okamoto, and Hiroshi
  Yoshiura, editors, {\em Security and Privacy in the Age of Ubiquitous
  Computing, {IFIP} {TC11} 20th International Conference on Information
  Security ({SEC} 2005), May 30 - June 1, 2005, Chiba, Japan}, pages 295--308.
  Springer, 2005.

\bibitem[PB06]{PieVan2005}
Tadeusz Pietraszek and Chris~Vanden Berghe.
\newblock Defending against injection attacks through context-sensitive string
  evaluation?
\newblock In {\em Recent Advances in Intrusion Detection --- Proceedings of the
  8th International Symposium ({RAID} 2005)}, volume 3858 of {\em Lecture Notes
  in Computer Science}, pages 124--145. Springer-Verlag, Berlin Germany,
  September 2006.

\bibitem[STFW01]{Shankar:2001:DFS}
Umesh Shankar, Kunal Talwar, Jeffrey~S. Foster, and David Wagner.
\newblock Detecting format string vulnerabilities with type qualifiers.
\newblock In {USENIX}, editor, {\em Proceedings of the Tenth {USENIX} Security
  Symposium, August 13--17, 2001, Washington, {DC}, {USA}}, pages ??--??,
  pub-USENIX:adr, 2001. USENIX.

\bibitem[SW06]{conf/popl/SuW06}
Zhendong Su and Gary Wassermann.
\newblock The essence of command injection attacks in web applications.
\newblock In J.~Gregory Morrisett and Simon L.~Peyton Jones, editors, {\em
  Proceedings of the 33rd {ACM} {SIGPLAN}-{SIGACT} Symposium on Principles of
  Programming Languages, {POPL} 2006, Charleston, South Carolina, {USA},
  January 11-13, 2006}, pages 372--382. ACM, 2006.

\bibitem[VNJ{\etalchar{+}}07]{VNJKKV2007}
Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Christopher Kruegel, Engin
  Kirda, and Giovanni Vigna.
\newblock Cross site scripting prevention with dynamic data tainting and static
  analysis.
\newblock In {\em Proceedings of the Symposium on Network and Distributed
  Systems Security ({NDSS} 2007)}, San Diego, CA, February 2007. Internet
  Society.

\end{thebibliography}