Program variation for software security
暂无分享,去创建一个
[1] Michael Franz,et al. E unibus pluram: massive-scale software diversity as a defense mechanism , 2010, NSPW '10.
[2] Christopher Krügel,et al. Improving the efficiency of dynamic malware analysis , 2010, SAC '10.
[3] Debin Gao,et al. BinHunt: Automatically Finding Semantic Differences in Binary Programs , 2008, ICICS.
[4] Marco Torchiano,et al. Towards experimental evaluation of code obfuscation techniques , 2008, QoP '08.
[5] Daniel J. Bernstein,et al. Cache-timing attacks on AES , 2005 .
[6] Jean-Pierre Seifert,et al. On the power of simple branch prediction analysis , 2007, ASIACCS '07.
[7] Shon Harris. All-in-one gray hat hacking : the ethical hacker's handbook , 2004 .
[8] Kevin W. Hamlen,et al. Binary stirring: self-randomizing instruction addresses of legacy x86 binary code , 2012, CCS.
[9] David Schultz,et al. The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.
[10] Angelos D. Keromytis,et al. Band-aid patching , 2007 .
[11] Andy King,et al. BinSlayer: accurate comparison of binary executables , 2013, PPREW '13.
[12] Carl E. Landwehr,et al. A Taxonomy of Computer Program Security Flaws, with Examples , 1993 .
[13] Billy Bob Brumley,et al. Remote Timing Attacks Are Still Practical , 2011, ESORICS.
[14] Bernhard Plattner,et al. Firefox (In) security update dynamics exposed , 2008, CCRV.
[15] Harsimran Walia. Reversing Microsoft patches to reveal vulnerable code , 2011 .
[16] Curtis B. Storlie,et al. Graph-based malware detection using dynamic analysis , 2011, Journal in Computer Virology.
[17] Stefan Katzenbeisser,et al. Software transformations to improve malware detection , 2007, Journal in Computer Virology.
[18] Xiangyu Zhang,et al. Whole execution traces and their applications , 2005, TACO.
[19] Stefan Dziembowski,et al. Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.
[20] Onur Aciiçmez,et al. Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.
[21] Avishai Wool,et al. Install-time vaccination of Windows executables to defend against stack smashing attacks , 2004, IEEE Transactions on Dependable and Secure Computing.
[22] Dakshi Agrawal,et al. The EM Side-Channel(s) , 2002, CHES.
[23] David A. Basin,et al. An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.
[24] Scott A. Mahlke,et al. Control CPR: a branch height reduction optimization for EPIC architectures , 1999, PLDI '99.
[25] S. Debray,et al. Compiler Techniques for Code Compression , 1999 .
[26] Saumya K. Debray,et al. Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.
[27] Michael K. Reiter,et al. Cross-VM side channels and their use to extract private keys , 2012, CCS.
[28] Paul C. van Oorschot,et al. White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.
[29] Adi Shamir,et al. Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.
[30] Roberto Giacobazzi,et al. Obfuscation by partial evaluation of distorted interpreters , 2012, PEPM '12.
[31] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.
[32] G. Brinkmann,et al. An efficient algorithm for the generation of planar polycyclic hydrocarbons with a given boundary , 2009 .
[33] Zheng Wang,et al. BMAT - A Binary Matching Tool for Stale Profile Propagation , 2000, J. Instr. Level Parallelism.
[34] Mark Loveless. Corporate Security: A Hacker Perspective , 2006, LISA.
[35] Xiangyu Zhang,et al. Matching execution histories of program versions , 2005, ESEC/FSE-13.
[36] Thomas Dullien,et al. Graph-based comparison of Executable Objects , 2005 .
[37] Margaret Martonosi,et al. Improving prediction for procedure returns with return-address-stack repair mechanisms , 1998, Proceedings. 31st Annual ACM/IEEE International Symposium on Microarchitecture.
[38] Bjorn De Sutter,et al. Compiler techniques for code compaction , 2000, TOPL.
[39] Koen De Bosschere,et al. The design and implementation of FIT: a flexible instrumentation toolkit , 2004, PASTE '04.
[40] Igor E. Shparlinski,et al. The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.
[41] Stamatis Vassiliadis,et al. The TM3270 media-processor , 2005, 38th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'05).
[42] Koen De Bosschere,et al. Link-time optimization of ARM binaries , 2004, LCTES '04.
[43] Steven D. Galbraith,et al. Mathematics of Public Key Cryptography , 2012 .
[44] Stephan Krenn,et al. Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.
[45] David H. Ackley,et al. Randomized instruction set emulation , 2005, TSEC.
[46] Lieven Eeckhout,et al. Javana: a system for building customized Java program analysis tools , 2006, OOPSLA '06.
[47] David Brumley,et al. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[48] Koen De Bosschere,et al. A Novel Obfuscation: Class Hierarchy Flattening , 2012, FPS.
[49] Koen De Bosschere,et al. Hybrid static-dynamic attacks against software protection mechanisms , 2005, DRM '05.
[50] S. Mahlke,et al. The program decision logic approach to predicated execution , 1999, Proceedings of the 26th International Symposium on Computer Architecture (Cat. No.99CB36367).
[51] Koen De Bosschere,et al. Instruction Set Limitation in Support of Software Diversity , 2009, ICISC.
[52] Daniel Dolz,et al. Using Exception Handling to Build Opaque Predicates in Intermediate Code Obfuscation Techniques , 2008 .
[53] Michael Backes,et al. Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks , 2008, ESORICS.
[54] Michael Franz,et al. Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space , 2009, EuroSys '09.
[55] G. Edward Suh,et al. Orthrus: efficient software integrity protection on multi-cores , 2010, ASPLOS XV.
[56] Roberto Giacobazzi,et al. Towards a formally verified obfuscating compiler , 2012 .
[57] Koen De Bosschere,et al. Sifting out the mud: low level C++ code reuse , 2002, OOPSLA '02.
[58] Koen De Bosschere,et al. DIOTA: Dynamic Instrumentation, Optimization and Transformation of Applications , 2002, PACT 2002.
[59] Colin Percival. CACHE MISSING FOR FUN AND PROFIT , 2005 .
[60] U. Bayer,et al. TTAnalyze: A Tool for Analyzing Malware , 2006 .
[61] Bertrand Anckaert,et al. Diversiteit voor softwarebescherming Diversity for Software Protection , 2008 .
[62] Angela Demke Brown,et al. Comprehensive kernel instrumentation via dynamic binary translation , 2012, ASPLOS XVII.
[63] Bart Coppens,et al. Feedback-driven binary code diversification , 2013, TACO.
[64] David Salomon,et al. Data Compression: The Complete Reference , 2006 .
[65] Ruby B. Lee,et al. Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).
[66] Steven S. Muchnick,et al. Advanced Compiler Design and Implementation , 1997 .
[67] Arun Lakhotia,et al. Fast location of similar code fragments using semantic 'juice' , 2013, PPREW '13.
[68] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.
[69] Ken Kennedy,et al. Conversion of control dependence to data dependence , 1983, POPL '83.
[70] Hovav Shacham,et al. Eliminating fine grained timers in Xen , 2011, CCSW '11.
[71] Nigel P. Smart,et al. Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..
[72] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.
[73] Paul C. van Oorschot,et al. A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.
[74] Bjorn De Sutter,et al. Matching Control Flow of Program Versions , 2007, 2007 IEEE International Conference on Software Maintenance.
[75] Paolo Ienne,et al. A first step towards automatic application of power analysis countermeasures , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).
[76] David Evans,et al. N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.
[77] Nicholas Nethercote,et al. Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.
[78] Joseph Bonneau,et al. Cache-Collision Timing Attacks Against AES , 2006, CHES.
[79] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.
[80] Dan S. Wallach,et al. Opportunities and Limits of Remote Timing Attacks , 2009, TSEC.
[81] Koen De Bosschere,et al. A Model for Self-Modifying Code , 2006, Information Hiding.
[82] Onur Aciiçmez,et al. New Results on Instruction Cache Attacks , 2010, CHES.
[83] Wei-Ming Hu,et al. Reducing timing channels with fuzzy time , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.
[84] Andrew Blyth,et al. An empirical examination of the reverse engineering process for binary files , 2006, Comput. Secur..
[85] Jerry den Hartog,et al. Towards Static Flow-Based Declassification for Legacy and Untrusted Programs , 2010, 2010 IEEE Symposium on Security and Privacy.
[86] Daniel C. DuVarney,et al. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.
[87] Paul C. Kocher,et al. Differential Power Analysis , 1999, CRYPTO.
[88] David H. Ackley,et al. Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).
[89] Jean-Pierre Seifert,et al. Cheap Hardware Parallelism Implies Cheap Security , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).
[90] Samuel T. King,et al. Digging for Data Structures , 2008, OSDI.
[91] Danfeng Zhang,et al. Predictive black-box mitigation of timing channels , 2010, CCS '10.
[92] Gregory R. Andrews,et al. Binary Obfuscation Using Signals , 2007, USENIX Security Symposium.
[93] Risto M. Hakala,et al. Cache-Timing Template Attacks , 2009, ASIACRYPT.
[94] Vikram S. Adve,et al. LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..
[95] Koen De Bosschere,et al. DNS Tunneling for Network Penetration , 2012, ICISC.
[96] Barton P. Miller,et al. Learning to Analyze Binary Computer Code , 2008, AAAI.
[97] Koen De Bosschere,et al. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[98] Ruby B. Lee,et al. New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.
[99] Bart Coppens,et al. Compiler mitigations for time attacks on modern x86 processors , 2012, TACO.
[100] David Naccache,et al. Temperature Attacks , 2009, IEEE Security & Privacy.
[101] Barton P. Miller,et al. Binary-code obfuscations in prevalent packer tools , 2013, CSUR.
[102] Jonathon T. Giffin,et al. Automatic Reverse Engineering of Malware Emulators , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[103] Jack W. Davidson,et al. Protection of software-based survivability mechanisms , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].
[104] Hovav Shacham,et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.
[105] Mattia Monga,et al. Code Normalization for Self-Mutating Malware , 2007, IEEE Security & Privacy.
[106] Gerald S. Rogers,et al. Mathematical Statistics: A Decision Theoretic Approach , 1967 .
[107] Simha Sethumadhavan,et al. TimeWarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).
[108] David Brumley,et al. Remote timing attacks are practical , 2003, Comput. Networks.
[109] Andrew Walenstein,et al. Constructing malware normalizers using term rewriting , 2008, Journal in Computer Virology.
[110] Koen De Bosschere,et al. Link-time binary rewriting techniques for program compaction , 2005, TOPL.
[111] Ramarathnam Venkatesan,et al. Proteus: virtualization for diversified tamper-resistance , 2006, DRM '06.
[112] Halvar Flake,et al. Structural Comparison of Executable Objects , 2004, DIMVA.
[113] Jeffrey C. Mogul,et al. The VCDIFF Generic Differencing and Compression Data Format , 2002, RFC.
[114] Genevieve Arboit,et al. A Method for Watermarking Java Programs via Opaque Predicates , 2002 .
[115] Easwaran Raman,et al. MAO — An extensible micro-architectural optimizer , 2011, International Symposium on Code Generation and Optimization (CGO 2011).
[116] Clark Thomborson,et al. Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.
[117] Koen De Bosschere,et al. Instrumenting self-modifying code , 2003, ArXiv.
[118] Christopher Krügel,et al. Static Disassembly of Obfuscated Binaries , 2004, USENIX Security Symposium.
[119] Jack W. Davidson,et al. Software Tamper Resistance: Obstructing Static Analysis of Programs , 2000 .
[120] Colin Percival. Naı̈ve Differences of Executable Code , 2003 .
[121] Marco Torchiano,et al. The effectiveness of source code obfuscation: An experimental assessment , 2009, 2009 IEEE 17th International Conference on Program Comprehension.
[122] Dawn Xiaodong Song,et al. How Open Should Open Source Be? , 2011, ArXiv.
[123] Markus Dürmuth,et al. A Provably Secure and Efficient Countermeasure against Timing Attacks , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.
[124] Koen De Bosschere,et al. An efficient data race detector backend for DIOTA , 2003, PARCO.
[125] Harish Sethu,et al. On achieving software diversity for improved network security using distributed coloring algorithms , 2004, CCS '04.