- -

Address Space Layout Randomization Next Generation

RiuNet: Repositorio Institucional de la Universidad Politécnica de Valencia

Compartir/Enviar a

Citas

Estadísticas

  • Estadisticas de Uso

Address Space Layout Randomization Next Generation

Mostrar el registro completo del ítem

Marco-Gisbert, H.; Ripoll-Ripoll, I. (2019). Address Space Layout Randomization Next Generation. Applied Sciences. 9(14):1-25. https://doi.org/10.3390/app9142928

Por favor, use este identificador para citar o enlazar este ítem: http://hdl.handle.net/10251/144813

Ficheros en el ítem

Metadatos del ítem

Título: Address Space Layout Randomization Next Generation
Autor: Marco-Gisbert, Héctor Ripoll-Ripoll, Ismael
Entidad UPV: Universitat Politècnica de València. Departamento de Informática de Sistemas y Computadores - Departament d'Informàtica de Sistemes i Computadors
Fecha difusión:
Resumen:
[EN] Systems that are built using low-power computationally-weak devices, which force developers to favor performance over security; which jointly with its high connectivity, continuous and autonomous operation makes those ...[+]
Palabras clave: Security , Internet of things address space layout randomisation , Vulnerability analysis , Protection techniques
Derechos de uso: Reconocimiento (by)
Fuente:
Applied Sciences. (eissn: 2076-3417 )
DOI: 10.3390/app9142928
Editorial:
MDPI AG
Versión del editor: https://doi.org/10.3390/app9142928
Tipo: Artículo

References

Aga, M. T., & Austin, T. (2019). Smokestack: Thwarting DOP Attacks with Runtime Stack Layout Randomization. 2019 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). doi:10.1109/cgo.2019.8661202

Object Size Checking to Prevent (Some) Buffer Overflows (GCC FORTIFY) http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html

Shahriar, H., & Zulkernine, M. (2012). Mitigating program security vulnerabilities. ACM Computing Surveys, 44(3), 1-46. doi:10.1145/2187671.2187673 [+]
Aga, M. T., & Austin, T. (2019). Smokestack: Thwarting DOP Attacks with Runtime Stack Layout Randomization. 2019 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). doi:10.1109/cgo.2019.8661202

Object Size Checking to Prevent (Some) Buffer Overflows (GCC FORTIFY) http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html

Shahriar, H., & Zulkernine, M. (2012). Mitigating program security vulnerabilities. ACM Computing Surveys, 44(3), 1-46. doi:10.1145/2187671.2187673

Carlier, M., Steenhaut, K., & Braeken, A. (2019). Symmetric-Key-Based Security for Multicast Communication in Wireless Sensor Networks. Computers, 8(1), 27. doi:10.3390/computers8010027

Choudhary, J., Balasubramanian, P., Varghese, D., Singh, D., & Maskell, D. (2019). Generalized Majority Voter Design Method for N-Modular Redundant Systems Used in Mission- and Safety-Critical Applications. Computers, 8(1), 10. doi:10.3390/computers8010010

Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., & Boneh, D. (2004). On the effectiveness of address-space randomization. Proceedings of the 11th ACM conference on Computer and communications security - CCS ’04. doi:10.1145/1030083.1030124

Marco-Gisbert, H., & Ripoll, I. (2013). Preventing Brute Force Attacks Against Stack Canary Protection on Networking Servers. 2013 IEEE 12th International Symposium on Network Computing and Applications. doi:10.1109/nca.2013.12

Friginal, J., de Andres, D., Ruiz, J.-C., & Gil, P. (2010). Attack Injection to Support the Evaluation of Ad Hoc Networks. 2010 29th IEEE Symposium on Reliable Distributed Systems. doi:10.1109/srds.2010.11

Jun Xu, Kalbarczyk, Z., & Iyer, R. K. (s. f.). Transparent runtime randomization for security. 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings. doi:10.1109/reldis.2003.1238076

Zhan, X., Zheng, T., & Gao, S. (2014). Defending ROP Attacks Using Basic Block Level Randomization. 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion. doi:10.1109/sere-c.2014.28

Iyer, V., Kanitkar, A., Dasgupta, P., & Srinivasan, R. (2010). Preventing Overflow Attacks by Memory Randomization. 2010 IEEE 21st International Symposium on Software Reliability Engineering. doi:10.1109/issre.2010.22

Van der Veen, V., dutt-Sharma, N., Cavallaro, L., & Bos, H. (2012). Memory Errors: The Past, the Present, and the Future. Lecture Notes in Computer Science, 86-106. doi:10.1007/978-3-642-33338-5_5

PaX Address Space Layout Randomization (ASLR) http://pax.grsecurity.net/docs/aslr.txt

Kernel Address Space Layout Randomization https://lwn.net/Articles/569635

Rahman, M. A., & Asyhari, A. T. (2019). The Emergence of Internet of Things (IoT): Connecting Anything, Anywhere. Computers, 8(2), 40. doi:10.3390/computers8020040

Bojinov, H., Boneh, D., Cannings, R., & Malchev, I. (2011). Address space randomization for mobile devices. Proceedings of the fourth ACM conference on Wireless network security - WiSec ’11. doi:10.1145/1998412.1998434

Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., & Davidson, J. W. (2012). ILR: Where’d My Gadgets Go? 2012 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2012.39

Xu, H., & Chapin, S. J. (2009). Address-space layout randomization using code islands. Journal of Computer Security, 17(3), 331-362. doi:10.3233/jcs-2009-0322

Wartell, R., Mohan, V., Hamlen, K. W., & Lin, Z. (2012). Binary stirring. Proceedings of the 2012 ACM conference on Computer and communications security - CCS ’12. doi:10.1145/2382196.2382216

Growable Maps Removal https://lwn.net/Articles/294001/

Silent Stack-Heap Collision under GNU/Linux https://gcc.gnu.org/ml/gcc-help/2014-07/msg00076.html

AMD Bulldozer Linux ASLR Weakness: Reducing Entropy by 87.5% http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html

CVE-2015-1593—Linux ASLR Integer Overflow: Reducing Stack Entropy by Four http://hmarco.org/bugs/linux-ASLR-integer-overflow.html

Linux ASLR Mmap Weakness: Reducing Entropy by Half http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html

LESNE, A. (2014). Shannon entropy: a rigorous notion at the crossroads between probability, information theory, dynamical systems and statistical physics. Mathematical Structures in Computer Science, 24(3). doi:10.1017/s0960129512000783

Scraps of Notes on Remote Stack Overflow Exploitation http://www.phrack.org/issues.html?issue=67&id=13#article

Uchenick, G. M., & Vanfleet, W. M. (2005). Multiple independent levels of safety and security: high assurance architecture for MSLS/MLS. MILCOM 2005 - 2005 IEEE Military Communications Conference. doi:10.1109/milcom.2005.1605749

Lee, B., Lu, L., Wang, T., Kim, T., & Lee, W. (2014). From Zygote to Morula: Fortifying Weakened ASLR on Android. 2014 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2014.34

The Heartbleed Bug http://heartbleed.com

[-]

recommendations

 

Este ítem aparece en la(s) siguiente(s) colección(ones)

Mostrar el registro completo del ítem