東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Design for security: Measurement, a...

Chen, Shuo.

FindBook

Google Book

Amazon

博客來

Design for security: Measurement, analysis and mitigation techniques.

紀錄類型:	書目-語言資料,印刷品 : Monograph/item
正題名/作者:	Design for security: Measurement, analysis and mitigation techniques./
作者:	Chen, Shuo.
面頁冊數:	112 p.
附註:	Adviser: Ravishankar K. Iyer.
Contained By:	Dissertation Abstracts International67-01B.
標題:	Computer Science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3202072
ISBN:	9780542501463

Design for security: Measurement, analysis and mitigation techniques.
Chen, Shuo.

Design for security: Measurement, analysis and mitigation techniques. - 112 p.

Adviser: Ravishankar K. Iyer.

Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2005.

This dissertation is focused on measurement and analysis of security vulnerability impact and root causes, as well as the design of several techniques for vulnerability mitigation. The research begins with the analysis of the security vulnerabilities published in the Bugtraq list and CERT advisories. An in-depth analysis of vulnerability reports and the corresponding source code of the applications motivate our development of a finite state machine (FSM) model to reason about security vulnerabilities, which provides a more formal way to depict these attacks. Besides the analysis of security vulnerabilities, this work also shows that although most current attacks compromise system security by overwriting control data, a new type of attack, namely non-control-data attack, can be generally applicable to attack real-world software. The notion of pointer taintedness is introduced as the basis for detecting control-data attacks and non-control-data attacks in a unified manner. A pointer is said to be tainted if the pointer value comes directly or indirectly from user input. Pointer taintedness allows the user to arbitrarily specify the target memory address to read, write or transfer control to, which is usually a pathological program behavior due to memory corruption attacks. Based on the notion of pointer taintedness, we developed a theorem proving technique to identify potential security vulnerabilities via static source code analysis, and implemented a processor architecture mechanism for dynamic pointer taintedness detection. The evaluation shows that the proposed techniques offer a better security coverage than existing methods.

ISBN: 9780542501463Subjects--Topical Terms:

626642
Computer Science.

Design for security: Measurement, analysis and mitigation techniques.
LDR:02538nam 2200265 a 45 001 972964
005 20110928
008 110928s2005 eng d
020 $a 9780542501463
035 $a (UnM)AAI3202072
035 $a AAI3202072
040 $a UnM $c UnM
100 1 $a Chen, Shuo. $3 1257712
245 1 0 $a Design for security: Measurement, analysis and mitigation techniques.
300 $a 112 p.
500 $a Adviser: Ravishankar K. Iyer.
500 $a Source: Dissertation Abstracts International, Volume: 67-01, Section: B, page: 0351.
502 $a Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2005.
520 $a This dissertation is focused on measurement and analysis of security vulnerability impact and root causes, as well as the design of several techniques for vulnerability mitigation. The research begins with the analysis of the security vulnerabilities published in the Bugtraq list and CERT advisories. An in-depth analysis of vulnerability reports and the corresponding source code of the applications motivate our development of a finite state machine (FSM) model to reason about security vulnerabilities, which provides a more formal way to depict these attacks. Besides the analysis of security vulnerabilities, this work also shows that although most current attacks compromise system security by overwriting control data, a new type of attack, namely non-control-data attack, can be generally applicable to attack real-world software. The notion of pointer taintedness is introduced as the basis for detecting control-data attacks and non-control-data attacks in a unified manner. A pointer is said to be tainted if the pointer value comes directly or indirectly from user input. Pointer taintedness allows the user to arbitrarily specify the target memory address to read, write or transfer control to, which is usually a pathological program behavior due to memory corruption attacks. Based on the notion of pointer taintedness, we developed a theorem proving technique to identify potential security vulnerabilities via static source code analysis, and implemented a processor architecture mechanism for dynamic pointer taintedness detection. The evaluation shows that the proposed techniques offer a better security coverage than existing methods.
590 $a School code: 0090.
650 4 $a Computer Science. $3 626642
690 $a 0984
710 2 0 $a University of Illinois at Urbana-Champaign. $3 626646
773 0 $t Dissertation Abstracts International $g 67-01B.
790 $a 0090
790 1 0 $a Iyer, Ravishankar K., $e advisor
791 $a Ph.D.
792 $a 2005
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3202072