Building Secure Defenses Against Code-Reuse Attacks

Building Secure Defenses Against Code-Reuse Attacks PDF Author: Lucas Davi
Publisher: Springer
ISBN: 3319255460
Category : Computers
Languages : en
Pages : 83

Get Book Here

Book Description
This book provides an in-depth look at return-oriented programming attacks. It explores several conventional return-oriented programming attacks and analyzes the effectiveness of defense techniques including address space layout randomization (ASLR) and the control-flow restrictions implemented in security watchdogs such as Microsoft EMET. Chapters also explain the principle of control-flow integrity (CFI), highlight the benefits of CFI and discuss its current weaknesses. Several improved and sophisticated return-oriented programming attack techniques such as just-in-time return-oriented programming are presented. Building Secure Defenses against Code-Reuse Attacks is an excellent reference tool for researchers, programmers and professionals working in the security field. It provides advanced-level students studying computer science with a comprehensive overview and clear understanding of important runtime attacks.

Building Secure Defenses Against Code-Reuse Attacks

Building Secure Defenses Against Code-Reuse Attacks PDF Author: Lucas Davi
Publisher: Springer
ISBN: 3319255460
Category : Computers
Languages : en
Pages : 83

Get Book Here

Book Description
This book provides an in-depth look at return-oriented programming attacks. It explores several conventional return-oriented programming attacks and analyzes the effectiveness of defense techniques including address space layout randomization (ASLR) and the control-flow restrictions implemented in security watchdogs such as Microsoft EMET. Chapters also explain the principle of control-flow integrity (CFI), highlight the benefits of CFI and discuss its current weaknesses. Several improved and sophisticated return-oriented programming attack techniques such as just-in-time return-oriented programming are presented. Building Secure Defenses against Code-Reuse Attacks is an excellent reference tool for researchers, programmers and professionals working in the security field. It provides advanced-level students studying computer science with a comprehensive overview and clear understanding of important runtime attacks.

ECCWS 2019 18th European Conference on Cyber Warfare and Security

ECCWS 2019 18th European Conference on Cyber Warfare and Security PDF Author: Tiago Cruz
Publisher: Academic Conferences and publishing limited
ISBN: 1912764296
Category : Computers
Languages : en
Pages : 884

Get Book Here

Book Description


The Continuing Arms Race

The Continuing Arms Race PDF Author: Per Larsen
Publisher: Morgan & Claypool
ISBN: 1970001828
Category : Computers
Languages : en
Pages : 386

Get Book Here

Book Description
As human activities moved to the digital domain, so did all the well-known malicious behaviors including fraud, theft, and other trickery. There is no silver bullet, and each security threat calls for a specific answer. One specific threat is that applications accept malformed inputs, and in many cases it is possible to craft inputs that let an intruder take full control over the target computer system. The nature of systems programming languages lies at the heart of the problem. Rather than rewriting decades of well-tested functionality, this book examines ways to live with the (programming) sins of the past while shoring up security in the most efficient manner possible. We explore a range of different options, each making significant progress towards securing legacy programs from malicious inputs. The solutions explored include enforcement-type defenses, which excludes certain program executions because they never arise during normal operation. Another strand explores the idea of presenting adversaries with a moving target that unpredictably changes its attack surface thanks to randomization. We also cover tandem execution ideas where the compromise of one executing clone causes it to diverge from another thus revealing adversarial activities. The main purpose of this book is to provide readers with some of the most influential works on run-time exploits and defenses. We hope that the material in this book will inspire readers and generate new ideas and paradigms.

Research in Attacks, Intrusions, and Defenses

Research in Attacks, Intrusions, and Defenses PDF Author: Salvatore J. Stolfo
Publisher: Springer
ISBN: 364241284X
Category : Computers
Languages : en
Pages : 485

Get Book Here

Book Description
This book constitutes the proceedings of the 16th International Symposium on Research in Attacks, Intrusions and Defenses, former Recent Advances in Intrusion Detection, RAID 2013, held in Rodney Bay, St. Lucia in October 2013. The volume contains 22 full papers that were carefully reviewed and selected from 95 submissions, as well as 10 poster papers selected from the 23 submissions. The papers address all current topics in computer security ranged from hardware-level security, server, web, mobile, and cloud-based security, malware analysis, and web and network privacy.

The Continuing Arms Race

The Continuing Arms Race PDF Author: Per Larsen
Publisher: Morgan & Claypool
ISBN: 197000181X
Category : Computers
Languages : en
Pages : 302

Get Book Here

Book Description
As human activities moved to the digital domain, so did all the well-known malicious behaviors including fraud, theft, and other trickery. There is no silver bullet, and each security threat calls for a specific answer. One specific threat is that applications accept malformed inputs, and in many cases it is possible to craft inputs that let an intruder take full control over the target computer system. The nature of systems programming languages lies at the heart of the problem. Rather than rewriting decades of well-tested functionality, this book examines ways to live with the (programming) sins of the past while shoring up security in the most efficient manner possible. We explore a range of different options, each making significant progress towards securing legacy programs from malicious inputs. The solutions explored include enforcement-type defenses, which excludes certain program executions because they never arise during normal operation. Another strand explores the idea of presenting adversaries with a moving target that unpredictably changes its attack surface thanks to randomization. We also cover tandem execution ideas where the compromise of one executing clone causes it to diverge from another thus revealing adversarial activities. The main purpose of this book is to provide readers with some of the most influential works on run-time exploits and defenses. We hope that the material in this book will inspire readers and generate new ideas and paradigms.

Trust and Trustworthy Computing

Trust and Trustworthy Computing PDF Author: Michael Franz
Publisher: Springer
ISBN: 3319455729
Category : Computers
Languages : en
Pages : 168

Get Book Here

Book Description
This book constitutes the refereed proceedings of the 9th International Conference on Trust and Trustworthy Computing, TRUST 2016, held in Vienna, Austria, in August 2016. The 8 full papers presented in this volume were carefully reviewed and selected from 25 submissions. Topics discussed in this year's research contributions included topics such as anonymous and layered attestation, revocation, captchas, runtime integrity, trust networks, key migration, and PUFs. Topics discussed in this year's research contributions included topics such as anonymous and layered attestation, revocation, captchas, runtime integrity, trust networks, key migration, and PUFs.

International Joint Conference SOCO’16-CISIS’16-ICEUTE’16

International Joint Conference SOCO’16-CISIS’16-ICEUTE’16 PDF Author: Manuel Graña
Publisher: Springer
ISBN: 3319473646
Category : Technology & Engineering
Languages : en
Pages : 813

Get Book Here

Book Description
This volume of Advances in Intelligent and Soft Computing contains accepted papers presented at SOCO 2016, CISIS 2016 and ICEUTE 2016, all conferences held in the beautiful and historic city of San Sebastián (Spain), in October 2016. Soft computing represents a collection or set of computational techniques in machine learning, computer science and some engineering disciplines, which investigate, simulate, and analyze very complex issues and phenomena. After a through peer-review process, the 11th SOCO 2016 International Program Committee selected 45 papers. In this relevant edition a special emphasis was put on the organization of special sessions. Two special session was organized related to relevant topics as: Optimization, Modeling and Control Systems by Soft Computing and Soft Computing Methods in Manufacturing and Management Systems. The aim of the 9th CISIS 2016 conference is to offer a meeting opportunity for academic and industry-related researchers belonging to the various, vast communities of Computational Intelligence, Information Security, and Data Mining. The need for intelligent, flexible behaviour by large, complex systems, especially in mission-critical domains, is intended to be the catalyst and the aggregation stimulus for the overall event. After a through peer-review process, the CISIS 2016 International Program Committee selected 20 papers. In the case of 7th ICEUTE 2016, the International Program Committee selected 14 papers.

Automated Software Diversity

Automated Software Diversity PDF Author: Per Larsen
Publisher: Springer Nature
ISBN: 3031023463
Category : Computers
Languages : en
Pages : 76

Get Book Here

Book Description
Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.

Network and System Security

Network and System Security PDF Author: Zheng Yan
Publisher: Springer
ISBN: 3319647016
Category : Computers
Languages : en
Pages : 773

Get Book Here

Book Description
This book constitutes the proceedings of the 11th International Conference on Network and System Security, NSS 2017, held in Helsinki, Finland, in August 2017. The 24 revised full papers presented in this book were carefully reviewed and selected from 83 initial submissions. The papers are organized in topical sections on Cloud and IoT Security; Network Security; Platform and Hardware Security; Crypto and Others; and Authentication and Key Management. This volume also contains 35 contributions of the following workshops: Security Measurements of Cyber Networks (SMCN-2017); Security in Big Data (SECBD-2017); 5G Security and Machine Learning (IW5GS-2017); of the Internet of Everything (SECIOE-2017).

Research in Attacks, Intrusions and Defenses

Research in Attacks, Intrusions and Defenses PDF Author: Angelos Stavrou
Publisher: Springer
ISBN: 3319113798
Category : Computers
Languages : en
Pages : 503

Get Book Here

Book Description
This book constitutes the proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2014, held in Gothenburg, Sweden, in September 2014. The 22 full papers were carefully reviewed and selected from 113 submissions, and are presented together with 10 poster abstracts. The papers address all current topics in computer security, including network security, authentication, malware, intrusion detection, browser security, web application security, wireless security, vulnerability analysis.