LOGIN TO YOUR ACCOUNT

Username
Password
Remember Me
Or use your Academic/Social account:

CREATE AN ACCOUNT

Or use your Academic/Social account:

Congratulations!

You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.

Important!

Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message

CREATE AN ACCOUNT

Name:
Username:
Password:
Verify Password:
E-mail:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Agten , Pieter; Nikiforakis , Nick; Strackx , Raoul; Groef , Willem ,; Piessens , Frank (2012)
Publisher: Springer
Languages: English
Types: Conference object
Subjects: C language, [ INFO ] Computer Science [cs], full abstraction, software security
Part 1: Keynotes; International audience; An important objective for low-level software security research is to develop techniques that make it harder to launch attacks that exploit implementation details of the system under attack. Baltopoulos and Gordon have summarized this as the principle of source-based reasoning for security: security properties of a software system should follow from review of the source code and its source-level semantics, and should not depend on details of the compiler or execution platform.Whether the principle holds – or to what degree – for a particular system depends on the attacker model. If an attacker can only provide input to the program under attack, then the principle holds for any safe programming language. However, for more powerful attackers that can load new native machine code into the system, the principle of source-based reasoning typically breaks down completely.In this paper we discuss state-of-the-art approaches for securing code written in C-like languages for both attacker models discussed above, and we highlight some very recent developments in low-level software security that hold the promise to restore source-based reasoning even against attackers that can provide arbitrary machine code to be run in the same process as the program under attack.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • 1. Abadi, M., Plotkin, G.D.: On protection by layout randomization. In: CSF. pp. 337- 351. IEEE Computer Society (2010)
    • 2. Agten, P., Strackx, R., Jacobs, B., Piessens, F.: Secure compilation to modern processors. In: CSF (2012)
    • 3. Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: An e cient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th USENIX Security Symposium. Montreal, QC (Aug 2009)
    • 4. Azab, A., Ning, P., Zhang, X.: Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proceedings of the 18th ACM conference on Computer and communications security. pp. 375-388. ACM (2011), http://www4.ncsu.edu/~amazab/SICE-CCS11.pdf
    • 5. Baltopoulos, I.G., Gordon, A.D.: Secure compilation of a multi-tier web language. In: TLDI. pp. 27-38 (2009)
    • 6. Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovic´, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security. pp. 281-289. Washington, D.C. (Oct 2003)
    • 7. Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An e cient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium. pp. 105-120. Washington, D.C. (Aug 2003)
    • 8. Bhatkar, S., Sekar, R.: Data space randomization. In: Proceedings of the 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Lecture Notes in Computer Science, vol. 5137. Paris, France (Jul 2008)
    • 9. Bulba, Kil3r: Bypassing Stackguard and Stackshield. Phrack 56 (2000)
    • 10. Chew, M., Song, D.: Mitigating bu er overflows by operating system randomization. Tech. Rep. CMU-CS-02-197, Carnegie Mellon University (Dec 2002)
    • 11. Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: protecting pointers from bu er overflow vulnerabilities. In: Proceedings of the 12th USENIX Security Symposium. pp. 91-104. Washington, D.C. (Aug 2003)
    • 12. Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of bu er-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium (1998)
    • 13. El Defrawy, K., Francillon, A., Perito, D., Tsudik, G.: Smart: Secure and minimal architecture for (establishing a dynamic) root of trust. In: Proceedings of the Network & Distributed System Security Symposium (NDSS), San Diego, CA (2012), http: //francillon.net/~aurel/papers/2012_SMART.pdf
    • 14. Erlingsson, U., Younan, Y., Piessens, F.: Low-level software security by example. In: Handbook of Information and Communication Security. Springer (2010)
    • 15. IBM: Gcc extension for protecting applications from stack-smashing attacks. http: //www.trl.ibm.com/projects/security/ssp/
    • 16. Jagadeesan, R., Pitcher, C., Rathke, J., Riely, J.: Local memory via layout randomization. In: CSF. pp. 161-174. IEEE Computer Society (2011)
    • 17. Jim, T., Morrisett, J.G., Grossman, D., Hicks, M.W., Cheney, J., Wang, Y.: Cyclone: A safe dialect of c. In: Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference. pp. 275-288. ATEC '02, USENIX Association, Berkeley, CA, USA (2002), http://dl.acm.org/citation.cfm?id=647057.713871
    • 18. Jones, R.W.M., Kelly, P.H.J.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Proceedings of the 3rd International Workshop on Automatic Debugging. pp. 13-26. Linko¨ ping, Sweden (1997)
    • 19. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security. pp. 272-280. Washington, D.C. (Oct 2003)
    • 20. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: E cient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010), http://www.ece.cmu.edu/~jmmccune/papers/ MLQZDGP2010.pdf
    • 21. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: Proceedings of the ACM European Conference in Computer Systems (EuroSys). pp. 315-328. ACM (Apr 2008), http://www.ece.cmu.edu/~jmmccune/papers/mccune_parno_perrig_ reiter_isozaki_eurosys08.pdf
  • No related research data.
  • No similar publications.

Share - Bookmark

Cite this article