Language:
English
繁體中文
Help
回圖書館首頁
手機版館藏查詢
Login
Back
Switch To:
Labeled
|
MARC Mode
|
ISBD
Design for security: Measurement, a...
~
Chen, Shuo.
Linked to FindBook
Google Book
Amazon
博客來
Design for security: Measurement, analysis and mitigation techniques.
Record Type:
Language materials, printed : Monograph/item
Title/Author:
Design for security: Measurement, analysis and mitigation techniques./
Author:
Chen, Shuo.
Description:
112 p.
Notes:
Adviser: Ravishankar K. Iyer.
Contained By:
Dissertation Abstracts International67-01B.
Subject:
Computer Science. -
Online resource:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3202072
ISBN:
9780542501463
Design for security: Measurement, analysis and mitigation techniques.
Chen, Shuo.
Design for security: Measurement, analysis and mitigation techniques.
- 112 p.
Adviser: Ravishankar K. Iyer.
Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2005.
This dissertation is focused on measurement and analysis of security vulnerability impact and root causes, as well as the design of several techniques for vulnerability mitigation. The research begins with the analysis of the security vulnerabilities published in the Bugtraq list and CERT advisories. An in-depth analysis of vulnerability reports and the corresponding source code of the applications motivate our development of a finite state machine (FSM) model to reason about security vulnerabilities, which provides a more formal way to depict these attacks. Besides the analysis of security vulnerabilities, this work also shows that although most current attacks compromise system security by overwriting control data, a new type of attack, namely non-control-data attack, can be generally applicable to attack real-world software. The notion of pointer taintedness is introduced as the basis for detecting control-data attacks and non-control-data attacks in a unified manner. A pointer is said to be tainted if the pointer value comes directly or indirectly from user input. Pointer taintedness allows the user to arbitrarily specify the target memory address to read, write or transfer control to, which is usually a pathological program behavior due to memory corruption attacks. Based on the notion of pointer taintedness, we developed a theorem proving technique to identify potential security vulnerabilities via static source code analysis, and implemented a processor architecture mechanism for dynamic pointer taintedness detection. The evaluation shows that the proposed techniques offer a better security coverage than existing methods.
ISBN: 9780542501463Subjects--Topical Terms:
626642
Computer Science.
Design for security: Measurement, analysis and mitigation techniques.
LDR
:02538nam 2200265 a 45
001
972964
005
20110928
008
110928s2005 eng d
020
$a
9780542501463
035
$a
(UnM)AAI3202072
035
$a
AAI3202072
040
$a
UnM
$c
UnM
100
1
$a
Chen, Shuo.
$3
1257712
245
1 0
$a
Design for security: Measurement, analysis and mitigation techniques.
300
$a
112 p.
500
$a
Adviser: Ravishankar K. Iyer.
500
$a
Source: Dissertation Abstracts International, Volume: 67-01, Section: B, page: 0351.
502
$a
Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2005.
520
$a
This dissertation is focused on measurement and analysis of security vulnerability impact and root causes, as well as the design of several techniques for vulnerability mitigation. The research begins with the analysis of the security vulnerabilities published in the Bugtraq list and CERT advisories. An in-depth analysis of vulnerability reports and the corresponding source code of the applications motivate our development of a finite state machine (FSM) model to reason about security vulnerabilities, which provides a more formal way to depict these attacks. Besides the analysis of security vulnerabilities, this work also shows that although most current attacks compromise system security by overwriting control data, a new type of attack, namely non-control-data attack, can be generally applicable to attack real-world software. The notion of pointer taintedness is introduced as the basis for detecting control-data attacks and non-control-data attacks in a unified manner. A pointer is said to be tainted if the pointer value comes directly or indirectly from user input. Pointer taintedness allows the user to arbitrarily specify the target memory address to read, write or transfer control to, which is usually a pathological program behavior due to memory corruption attacks. Based on the notion of pointer taintedness, we developed a theorem proving technique to identify potential security vulnerabilities via static source code analysis, and implemented a processor architecture mechanism for dynamic pointer taintedness detection. The evaluation shows that the proposed techniques offer a better security coverage than existing methods.
590
$a
School code: 0090.
650
4
$a
Computer Science.
$3
626642
690
$a
0984
710
2 0
$a
University of Illinois at Urbana-Champaign.
$3
626646
773
0
$t
Dissertation Abstracts International
$g
67-01B.
790
$a
0090
790
1 0
$a
Iyer, Ravishankar K.,
$e
advisor
791
$a
Ph.D.
792
$a
2005
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3202072
based on 0 review(s)
Location:
ALL
電子資源
Year:
Volume Number:
Items
1 records • Pages 1 •
1
Inventory Number
Location Name
Item Class
Material type
Call number
Usage Class
Loan Status
No. of reservations
Opac note
Attachments
W9131221
電子資源
11.線上閱覽_V
電子書
EB W9131221
一般使用(Normal)
On shelf
0
1 records • Pages 1 •
1
Multimedia
Reviews
Add a review
and share your thoughts with other readers
Export
pickup library
Processing
...
Change password
Login