personality(2) - Linux manual page. http://man7.org/linux/man-pages/man2/personality.2.html, January 2003. Last Accessed: 2013-04-17. How the kernel manages your memory. http://duartes.org/gustavo/blog/post/how-the-kernel-manages-your-memory, February 2009. Last Accessed:2013-04-21. P. Agten, R. Strackx, B. Jacobs, and F. Piessens. Secure compilation to modernprocessors. In Computer Security Foundations Symposium (CSF), 2012 IEEE25th, pages 171–185. IEEE, 2012. J. Allar. Ruby on Rails action pack framework insecurely typecasts YAMLand symbol XML parameters. http://www.kb.cert.org/vuls/id/380039,January 2013. Last Accessed: 2013-04-21. APWG. Phising activity trends report, 3rd quarter 2012. Report, February2013. A. Baliga, V. Ganapathy, and L. Iftode. Detecting kernel-level rootkits usingdata structure invariants. Dependable and Secure Computing, IEEE Transactionson, 8(5):670–684, 2011. A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stacksmashing attacks. In Proceedings of the USENIX annual technical conference,pages 251–262. San Diego, CA, 2000. S. Christey, M. Brown, D. Kirby, B. Martin, and A. Paller. CWE/SANS top 25most dangerous software errors. http://cwe.mitre.org/top25/, 2012. LastAccessed: 2013-04-29. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie,A. Grier, P. Wagle, and Q. Zhang. StackGuard: Automatic adaptive detectionand prevention of buffer-overflow attacks. In Proceedings of the 7th USENIXSecurity Symposium, volume 81, pages 346–355, 1998. D. Dolev and A. C. Yao. On the security of public key protocols. Technicalreport, Stanford, CA, USA, 1981. U. Erlingsson. Foundations of security analysis and design iv. chapter Low-levelsoftware security: attacks and defenses, pages 92–134. Springer-Verlag, Berlin,Heidelberg, 2007. M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz,and C. Xiao. The daikon system for dynamic detection of likely invariants.Science of Computer Programming, 69(1):35–45, 2007. D. Faggioli, F. Checconi, M. Trimarchi, and C. Scordino. An EDF schedulingclass for the Linux kernel. In Proceedings of 11th real-time Linux workshop(RTLWS), 2009. N. Frykholm. Countermeasures against buffer overflow attacks. RSA Tech Note,pages 1–9, 2000. A. Garg. Real-time Linux kernel scheduler. Linux Journal, (184), August 2009. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environmentfor untrusted helper applications: Confining the wily hacker. In Proceedings ofthe 1996 USENIX Security Symposium, 1996. H. Hartig, M. Hohmuth, N. Feske, C. Helmuth, A. Lackorzynski, F. Mehnert,and M. Peter. The Nizza secure-system architecture. In Collaborative Computing:Networking, Applications and Worksharing, 2005 International Conference on,pages 10–pp. IEEE, 2005. C. Herborth. Errors: errno in UNIX programs. Technical report: IBM Develop-erWorks, September 2006. IBM Internet Security Systems X-Force. Google Chrome libxml buffer underflow.http://xforce.iss.net/xforce/xfdb/80294, November 2012. Last Accessed:2013-04-21. B. Jacobs, J. Smans, and F. Piessens. Verifast: Imperative programs as proofs.In VSTTE workshop on Tools & Experiments, August 2010. C. Jensen and D. Hagimont. Protection wrappers: a simple and portablesandbox for untrusted applications. In Proceedings of the 8th ACM SIGOPSEuropean workshop on Support for composing distributed applications, pages104–110. ACM, 1998. M. T. Jones. Inside the Linux 2.6 completely fair scheduler. Technical report:IBM DeveloperWorks, December 2009. Kaspersky Lab ZAO. How malware penetrates systems. Report, 2013. J. Koetsier. Android up 13%, iOS down 7%, BlackBerry down 81% ... andWindows Phone up a massive 52%. Venturebeat, April 2013. J. Koziol, D. Litchfield, D. Aitel, C. Anley, S. Eren, N. Mehta, and R. Hassell.The Shellcoder’s Handbook. Wiley Indianapolis, 2004. G. Lyons. 2013 mobile market share icrossing, January 2013. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig.TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the 2010IEEE Symposium on Security and Privacy, SP ’10, pages 143–158, Washington,DC, USA, 2010. IEEE Computer Society. J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker:an execution infrastructure for TCB minimization. SIGOPS Oper. Syst. Rev.,42(4):315–328, Apr. 2008. S. C. Misra and V. C. Bhavsar. Relationships between selected software measuresand latent bug-density: Guidelines for improving quality. In ComputationalScience and Its Applications-ICCSA 2003, pages 724–732. Springer, 2003. Mitre. CVE-2012-4774. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4774, September 2012. Last Accessed: 2013-04-21. J. Noorman, P. Agten, W. Daniels, R. Strackx, A. Van Herrewege, C. Huygens,B. Preneel, I. Verbauwhede, and F. Piessens. Sancus: Low-cost trustworthyextensible networked devices with a zero-software Trusted Computing Base. InProceedings of the 22nd USENIX Security Symposium, 2013. Offspark B.V. PolarSSL. https://polarssl.org/, 2013. Last Accessed: 2013-04-20. A. One. Smashing the stack for fun and profit. Phrack, 7(49), November 1996. M. Orlando. Microsoft Internet Explorer CSS use-after-free vulnerability. http://www.kb.cert.org/vuls/id/634956, February 2011. Last Accessed: 2013-04-21. C. S. Pabla. Completely fair scheduler. Linux Journal, (184), August 2009. PandaLabs. PandaLabs annual report, 2012 summary. Report, 2013. D. Perry. Linux kernel grows past 15 million lines of code. Tom’s Hardware,January 2012. N. L. Petroni, Jr., T. Fraser, A. Walters, and W. A. Arbaugh. An architecture forspecification-based detection of semantic integrity violations in kernel dynamicdata. In Proceedings of the 15th conference on USENIX Security Symposium -Volume 15, USENIX-SS’06, Berkeley, CA, USA, 2006. USENIX Association. J. Pincus and B. Baker. Beyond stack smashing: Recent advances in exploitingbuffer overruns. Security & Privacy, IEEE, 2(4):20–27, 2004. M. Prandini and M. Ramilli. Return-oriented programming. Security & Privacy,IEEE, 10(6):84–87, 2012. P. Ratanaworabhan, B. Livshits, and B. Zorn. Nozzle: A defense againstheap-spraying code injection attacks. In Proceedings of the 18th conference onUSENIX security symposium, pages 169–186. USENIX Association, 2009. M. Richardson. Interview: Linus Torvalds. Linux Journal, (67), November 1999. A. Saha. Learning about Linux processes. Linux Gazette, (133), December 2006. J. H. Saltzer and M. D. Schroeder. The protection of information in computersystems. Proceedings of the IEEE, 63(9):1278–1308, 1975. SecurityFocus. Opera web browser HTML parsing heap-based remote code execu-tion vulnerability. http://www.securityfocus.com/bid/32891/info, March2009. Last Accessed: 2013-04-21. SecurityFocus. Mozilla Firefox/Thunderbird/SeaMonkey HTML parser remotecode execution vulnerability. http://www.securityfocus.com/bid/38287,June 2010. Last Accessed: 2013-04-21. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On theeffectiveness of address-space randomization. In Proceedings of the 11th ACMconference on Computer and communications security, pages 298–307. ACM,2004. L. Singaravelu, C. Pu, H. Härtig, and C. Helmuth. Reducing TCB complexityfor security-sensitive applications: Three case studies. ACM SIGOPS OperatingSystems Review, 40(4):161–174, 2006. P. Sobolewski. Overflowing the stack on Linux x86. Hakin9, 2004(4), 2004. Standard Performance Evaluation Corporation. SPEC - Standard PerformanceEvaluation Corporation. http://www.spec.org/, 2013. Last Accessed: 2013-05-02. R. Strackx and F. Piessens. Fides: selectively hardening software applicationcomponents against kernel-level or process-level malware. In Proceedings ofthe 2012 ACM conference on Computer and communications security, CCS ’12,pages 2–13, New York, NY, USA, 2012. ACM. R. Strackx, F. Piessens, and B. Preneel. Efficient isolation of trusted subsystemsin embedded systems. In S. Jajodia and J. Zhou, editors, Security and Privacyin Communication Networks, volume 50 of Lecture Notes of the Institute forComputer Sciences, Social Informatics and Telecommunications Engineering,pages 344–361. Springer Berlin Heidelberg, 2010. R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, and T. Walter.Breaking the memory secrecy assumption. In Proceedings of the Second EuropeanWorkshop on System Security, pages 1–8. ACM, 2009. P. Team. Pax address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt, 2003. Last Accessed: 2013-04-29. P. Team. Non executable data pages. http://pax.grsecurity.net/docs/noexec.txt, 2004. Last Accessed: 2013-04-29. The Apache Software Foundation. ab - Apache HTTP server benchmarkingtool. http://httpd.apache.org/docs/2.2/programs/ab.html, 2013. LastAccessed: 2013-04-20. M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. Freeh, and P. Ning. On theexpressiveness of return-into-libc attacks. In Recent Advances in IntrusionDetection, pages 121–141. Springer, 2011. F. von Leitner. diet libc - a libc optimized for small size. http://www.fefe.de/dietlibc/, March 2013. Last Accessed: 2013-04-20. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detectionsystems. In Proceedings of the 9th ACM Conference on Computer and Commu-nications Security, pages 255–264. ACM, 2002. E. Witchel, J. Cates, and K. Asanović. Mondrian memory protection. ACM,2002. E. Witchel, J. Rhee, and K. Asanović. Mondrix: Memory isolation for Linuxusing Mondriaan memory protection. In ACM SIGOPS Operating SystemsReview, volume 39, pages 31–44. ACM, 2005.