東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Protecting server programs and syste...

Wang, Jun.

Linked to FindBook

Google Book

Amazon

博客來

Protecting server programs and systems: Privilege separation, attack surface reduction, and risk assessment.

Record Type:	Electronic resources : Monograph/item
Title/Author:	Protecting server programs and systems: Privilege separation, attack surface reduction, and risk assessment./
Author:	Wang, Jun.
Published:	Ann Arbor : ProQuest Dissertations & Theses, : 2015,
Description:	145 p.
Notes:	Source: Dissertation Abstracts International, Volume: 77-07(E), Section: B.
Contained By:	Dissertation Abstracts International77-07B(E).
Subject:	Computer science. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10026182
ISBN:	9781339522661

Protecting server programs and systems: Privilege separation, attack surface reduction, and risk assessment.
Wang, Jun.

Protecting server programs and systems: Privilege separation, attack surface reduction, and risk assessment. - Ann Arbor : ProQuest Dissertations & Theses, 2015 - 145 p.

Source: Dissertation Abstracts International, Volume: 77-07(E), Section: B.

Thesis (Ph.D.)--The Pennsylvania State University, 2015.

In today's digitized world, server programs and systems have become an indispensable part of people's daily life and business, such as Web service, file service, database, etc. In the meanwhile, server programs and systems have been attracting more and more attacks and threats, resulting in the reality that they are constantly being targeted and compromised. Besides, the associated impact is becoming larger and larger, ranging from millions of stolen credit card numbers to innumerous Web servers vulnerable and waiting for an emergency security patch.

ISBN: 9781339522661Subjects--Topical Terms:

523869
Computer science.

Protecting server programs and systems: Privilege separation, attack surface reduction, and risk assessment.
LDR:03267nmm a2200337 4500 001 2116996
005 20170508115357.5
008 180830s2015 ||||||||||||||||| ||eng d
020 $a 9781339522661
035 $a (MiAaPQ)AAI10026182
035 $a AAI10026182
040 $a MiAaPQ $c MiAaPQ
100 1 $a Wang, Jun. $3 892864
245 1 0 $a Protecting server programs and systems: Privilege separation, attack surface reduction, and risk assessment.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2015
300 $a 145 p.
500 $a Source: Dissertation Abstracts International, Volume: 77-07(E), Section: B.
500 $a Adviser: Peng Liu.
502 $a Thesis (Ph.D.)--The Pennsylvania State University, 2015.
520 $a In today's digitized world, server programs and systems have become an indispensable part of people's daily life and business, such as Web service, file service, database, etc. In the meanwhile, server programs and systems have been attracting more and more attacks and threats, resulting in the reality that they are constantly being targeted and compromised. Besides, the associated impact is becoming larger and larger, ranging from millions of stolen credit card numbers to innumerous Web servers vulnerable and waiting for an emergency security patch.
520 $a In this dissertation, we perform a three-dimensional research study emphasizing on protecting server programs and systems, including privilege separation, attack surface reduction, and risk assessment.
520 $a First, we explore applying privilege separation to enhance the security of server programs. We design and implement Arbiter, a runtime system targeting at fine-grained privilege separation in multithreaded server programs. In Arbiter, different principal threads can have different privileges to access shared data objects so that the compromise or malfunction of one thread does not lead to data contamination or data leakage of another thread. We leverage page table protection bits and devise a new memory allocation mechanism to achieve efficient reference monitoring. Programmers specify security policy through annotating the source code.
520 $a Second, reducing attack surface is an effective preventive measure to strengthen security in large-scale server systems. We propose an automated approach to accurately detect the idling (most likely unused) services and provide ways to reduce their attack surface. We implement this idea and deploy our system in a real working environment of a mid-sized enterprise to identify and constrain unused services that expose attack surface.
520 $a Finally, given a server program or system, it is important to evaluate the effectiveness of different security settings and understand the security risks of potential vulnerabilities. We study an emergent type of vulnerability, namely buffer over-read vulnerability, and propose a systematic methodology to model buffer over-read vulnerabilities and quantitatively measure the potential amount of information leakage.
590 $a School code: 0176.
650 4 $a Computer science. $3 523869
650 4 $a Information science. $3 554358
690 $a 0984
690 $a 0723
710 2 $a The Pennsylvania State University. $3 699896
773 0 $t Dissertation Abstracts International $g 77-07B(E).
790 $a 0176
791 $a Ph.D.
792 $a 2015
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10026182