PKK Library

Your cart is empty.

Welcome to P K Kelkar Library, Online Public Access Catalogue (OPAC)

Normal view MARC view ISBD view

Automated software diversity /

By: Larsen, Per [author.].
Contributor(s): Brunthaler, Stefan [author.] | Davi, Lucas [author.] | Sadeghi, Ahmad-Reza [author.] | Franz, Michael [author.].
Material type: materialTypeLabelBookSeries: Synthesis digital library of engineering and computer science: ; Synthesis lectures on information security, privacy, and trust: # 14.Publisher: San Rafael, California (1537 Fourth Street, San Rafael, CA 94901 USA) : Morgan & Claypool, 2016.Description: 1 PDF (xi, 76 pages) : illustrations.Content type: text Media type: electronic Carrier type: online resourceISBN: 9781627057554.Subject(s): Computer-aided software engineering | Computer security | Systems programming (Computer science) | Stochastic programming | software diversity | code randomization | data randomization | information leaks | leakage resilience | code reuse | exploitationDDC classification: 005.1 Online resources: Abstract with links to resource Also available in print.
Contents:
1. Introduction -- 1.1 A brief history of program randomization -- 1.2 Book overview --
2. Attacking and defending -- 2.1 Taxonomy of attacks -- 2.1.1 Memory corruption attacks -- 2.1.2 Information leaks -- 2.1.3 Code injection -- 2.1.4 Code reuse -- 2.1.5 JIT attacks -- 2.1.6 Program tampering -- 2.1.7 Reverse engineering -- 2.2 Taxonomy of defenses -- 2.2.1 Enforcement-based defenses -- 2.2.2 Program integrity monitors -- 2.2.3 Diversity-based defenses -- 2.2.4 Program obfuscation --
3. What to diversify -- 3.1 Instruction level -- 3.2 Basic block level -- 3.3 Loop level -- 3.4 Function level -- 3.5 Program level -- 3.6 System level --
4. When to diversify -- 4.1 The software life cycle -- 4.2 Quantifying the impact of diversity -- 4.2.1 Security impact -- 4.2.2 Performance impact --
5. Case study: compile-time diversification -- 5.1 System description -- 5.1.1 Inserting NOP instructions -- 5.1.2 Equivalent instruction substitution -- 5.1.3 Instruction scheduling -- 5.2 Scalability of compile-time diversification -- 5.2.1 Cloud-based compilation -- 5.2.2 Scalability is practical -- 5.3 Evaluating diversification -- 5.3.1 Assessing diversification efficiency -- 5.3.2 Implementing survivor -- 5.4 Evaluating security -- 5.4.1 Frequently surviving gadgets -- 5.4.2 Determining optimal compiler parameters --
6. Information leakage resilience --
7. Advanced topics -- 7.1 Hybrid approaches -- 7.2 Error reports and patches -- Bibliography -- Authors' biographies.
Abstract: Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.
    average rating: 0.0 (0 votes)
Item type Current location Call number Status Date due Barcode Item holds
E books E books PK Kelkar Library, IIT Kanpur
Available EBKE675
Total holds: 0

Mode of access: World Wide Web.

System requirements: Adobe Acrobat Reader.

Part of: Synthesis digital library of engineering and computer science.

Includes bibliographical references (pages 61-73).

1. Introduction -- 1.1 A brief history of program randomization -- 1.2 Book overview --

2. Attacking and defending -- 2.1 Taxonomy of attacks -- 2.1.1 Memory corruption attacks -- 2.1.2 Information leaks -- 2.1.3 Code injection -- 2.1.4 Code reuse -- 2.1.5 JIT attacks -- 2.1.6 Program tampering -- 2.1.7 Reverse engineering -- 2.2 Taxonomy of defenses -- 2.2.1 Enforcement-based defenses -- 2.2.2 Program integrity monitors -- 2.2.3 Diversity-based defenses -- 2.2.4 Program obfuscation --

3. What to diversify -- 3.1 Instruction level -- 3.2 Basic block level -- 3.3 Loop level -- 3.4 Function level -- 3.5 Program level -- 3.6 System level --

4. When to diversify -- 4.1 The software life cycle -- 4.2 Quantifying the impact of diversity -- 4.2.1 Security impact -- 4.2.2 Performance impact --

5. Case study: compile-time diversification -- 5.1 System description -- 5.1.1 Inserting NOP instructions -- 5.1.2 Equivalent instruction substitution -- 5.1.3 Instruction scheduling -- 5.2 Scalability of compile-time diversification -- 5.2.1 Cloud-based compilation -- 5.2.2 Scalability is practical -- 5.3 Evaluating diversification -- 5.3.1 Assessing diversification efficiency -- 5.3.2 Implementing survivor -- 5.4 Evaluating security -- 5.4.1 Frequently surviving gadgets -- 5.4.2 Determining optimal compiler parameters --

6. Information leakage resilience --

7. Advanced topics -- 7.1 Hybrid approaches -- 7.2 Error reports and patches -- Bibliography -- Authors' biographies.

Abstract freely available; full-text restricted to subscribers or individual document purchasers.

Compendex

INSPEC

Google scholar

Google book search

Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.

Also available in print.

Title from PDF title page (viewed on December 29, 2015).

There are no comments for this item.

Log in to your account to post a comment.

Powered by Koha