Low-Level Software Security by Example

نویسندگان

  • Úlfar Erlingsson
  • Yves Younan
  • Frank Piessens
چکیده

Computers are often subject to external attacks that aim to control software behavior. Typically, such attacks arrive as data over a regular communication channel and, once resident in program memory, trigger pre-existing, low-level software vulnerabilities. By exploiting such flaws, these low-level attacks can subvert the execution of the software and gain control over its behavior. The combined effects of these attacks make them one of the most pressing challenges in computer security. As a result, in recent years, many mechanisms have been proposed for defending against these attacks. This chapter aims to provide insight in low-level software attack and defense techniques by discussing 4 examples of attacks that are representative of the major types of attacks on C and C++ software, and 4 examples of defenses selected because of their effectiveness, wide applicability and low enforcement overhead. Attacks and defenses are described in enough detail to be understood even by readers without a background in software security, and with-out a natural inclination for crafting malicious attacks. Throughout, the attacks and defenses are placed in perspective by showing how they are both facilitated by the gap between the semantics of the high-level language of the software under attack, and the low-level semantics of machine code and the hardware on which the software executes.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Model Driven Development of Security Aspects

The development of security-critical large-scale distributed software systems is a difficult and error prone process. As we learnt from practical experiences, it is especially difficult to manually define security policies, for example for access control. A human security administrator is not able to cope with the high complexity of the interactions of the application and the low level, platfor...

متن کامل

Modeling Security - Enhanced Linux Policy Speci cations for Analysis Myla Archer

Security-Enhanced (SE) Linux is a modiication of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies deened in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...

متن کامل

Modeling Security - Enhanced Linux Policy Speci cations for Analysis

Security-Enhanced (SE) Linux is a modi cation of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies de ned in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...

متن کامل

Modeling Security-Enhanced Linux Policy Specifications for Analysis

Security-Enhanced (SE) Linux is a modi cation of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies de ned in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...

متن کامل

Abstract security patterns for requirements specification and analysis of secure systems

security patterns for requirements specification and analysis of secure systems Eduardo B. Fernandez 1 , Nobukazu Yoshioka 2 , Hironori Washizaki 3 , and Joseph Yoder 4 Dept. of Computer Science and Engineering, Florida Atlantic University, USA [email protected] GRACE Center, National Institute of Informatics, Tokyo, Japan [email protected] Waseda University, Tokyo, Japan [email protected] The ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010