Genesis: A Framework for Achieving Software Component Diversity
暂无分享,去创建一个
[1] Nicholas Nethercote,et al. Dynamic Binary Analysis and Instrumentation , 2004 .
[2] Kevin P. Lawton. Bochs: A Portable PC Emulator for Unix/X , 1996 .
[3] Crispin Cowan,et al. FormatGuard: Automatic Protection From printf Format String Vulnerabilities , 2001, USENIX Security Symposium.
[4] Emery D. Berger,et al. DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.
[5] D. Wilson. The STRATUS computer system , 1986 .
[6] K. J. Bma. Integrity considerations for secure computer systems , 1977 .
[7] Nathanael Paul,et al. Where's the FEEB? The Effectiveness of Instruction Set Randomization , 2005, USENIX Security Symposium.
[8] David H. Ackley,et al. Randomized instruction set emulation , 2005, TSEC.
[9] Aleksandar Milenkovic,et al. Using instruction block signatures to counter code injection attacks , 2005, CARN.
[10] Matt Bishop,et al. Testing C Programs for Buffer Overflow Vulnerabilities , 2003, NDSS.
[11] Olatunji Ruwase,et al. A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.
[12] Mark Stamp,et al. Risks of monoculture , 2004, CACM.
[13] Richard Sharp,et al. Abstracting application-level web security , 2002, WWW.
[14] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.
[15] Jack W. Davidson,et al. Strata: A Software Dynamic Translation Infrastructure , 2001 .
[16] Daniel C. DuVarney,et al. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.
[17] Navjot Singh,et al. Libsafe 2.0: Detection of Format String Vulnerability Exploits , 2003 .
[18] David H. Ackley,et al. Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).
[19] Liming Chen,et al. N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..
[20] Salim Hariri,et al. Randomized Instruction Set Emulation To Disrupt Binary Code Injection Attacks , 2003 .
[21] P. Reynier,et al. Active replication in Delta-4 , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.
[22] Michael Rodeh,et al. CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.
[23] Harrick M. Vin,et al. Heterogeneous networking: a new survivability paradigm , 2001, NSPW '01.
[24] Eric Rotenberg,et al. Slipstream processors: improving both performance and fault tolerance , 2000, SIGP.
[25] Ruby B. Lee,et al. A processor architecture defense against buffer overflow attacks , 2003, International Conference on Information Technology: Research and Education, 2003. Proceedings. ITRE2003..
[26] Mark Kenneth Joseph. Architectural issues in fault-tolerant, secure computing systems , 1988 .
[27] Jonathan D. Pincus,et al. Beyond stack smashing: recent advances in exploiting buffer overruns , 2004, IEEE Security & Privacy Magazine.
[28] Margo I. Seltzer,et al. An architecture a day keeps the hacker away , 2005, CARN.
[29] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.
[30] Jon Erickson,et al. Hacking: The Art of Exploitation , 2008 .
[31] Miodrag Potkonjak,et al. Enabling trusted software integrity , 2002, ASPLOS X.
[32] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..
[33] David W. Litchfield. Variations in Exploit methods between Linux and Windows , 2003 .
[34] David Thomas,et al. Programming Ruby: the pragmatic programmer's guide , 2000 .
[35] Gary McGraw,et al. ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).
[36] Andy Oram,et al. Understanding the Linux Kernel, Second Edition , 2002 .
[37] Kenneth C. Knowlton,et al. A Combination Hardware-Software Debugging System , 1968, IEEE Transactions on Computers.
[38] Frederic T. Chong,et al. Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities , 2005, DIMVA.
[39] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.
[40] Mary Lou Soffa,et al. Retargetable and reconfigurable software dynamic translation , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..
[41] David Evans,et al. Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..
[42] Shih-Kun Huang,et al. Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.
[43] Naveen Kumar,et al. Flexible Instrumentation for Software Dynamic Translation , .
[44] Karl N. Levitt,et al. Learning Unknown Attacks - A Start , 2002, RAID.
[45] Dan Grossman,et al. Preventing format-string attacks via automatic and efficient dynamic checking , 2005, CCS '05.
[46] A. Jefferson Offutt,et al. Bypass testing of Web applications , 2004, 15th International Symposium on Software Reliability Engineering.
[47] David A. Wagner,et al. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.
[48] Fred B. Schneider,et al. Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.
[49] David Evans,et al. Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.
[50] Jack W. Davidson,et al. Secure and practical defense against code-injection attacks using software dynamic translation , 2006, VEE '06.
[51] George Coulouris,et al. Distributed systems - concepts and design , 1988 .
[52] Vincent Rijmen,et al. The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .
[53] A. One,et al. Smashing The Stack For Fun And Profit , 1996 .
[54] George Varghese,et al. Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).
[55] Carla E. Brodley,et al. Detection and prevention of stack buffer overflow attacks , 2005, CACM.
[56] Kenneth P. Birman,et al. Replication and fault-tolerance in the ISIS system , 1985, SOSP '85.
[57] Debin Gao,et al. Behavioral Distance for Intrusion Detection , 2005, RAID.
[58] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.
[59] Tzi-cker Chiueh,et al. A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks , 2003, USENIX Annual Technical Conference, General Track.
[60] Karl N. Levitt,et al. The design and implementation of an intrusion tolerant system , 2002, Proceedings International Conference on Dependable Systems and Networks.
[61] Fred B. Schneider,et al. Distributed Trust: Supporting Fault-tolerance and Attack-tolerance , 2004 .
[62] David A. Wagner,et al. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .
[63] Derek Bruening,et al. An infrastructure for adaptive dynamic optimization , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..
[64] Dawn Song,et al. Mitigating buffer overflows by operating system randomization , 2002 .
[65] Navjot Singh,et al. Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.
[66] De BosschereKoen,et al. Link-time optimization of ARM binaries , 2004 .
[67] Koen De Bosschere,et al. Link-time optimization of ARM binaries , 2004, LCTES '04.
[68] Dan S. Wallach,et al. Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.
[69] Mihai Budiu,et al. Control-flow integrity principles, implementations, and applications , 2009, TSEC.
[70] Mikhail J. Atallah,et al. A Survey of Anti-Tamper Technologies , 2004 .
[71] David H. Ackley,et al. Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.
[72] Angelos D. Keromytis,et al. A Dynamic Mechanism for Recovering from Buffer Overflow Attacks , 2005, ISC.
[73] Derek Bruening,et al. Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.
[74] Nancy G. Leveson,et al. An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.
[75] Hovav Shacham,et al. On the effectiveness of address-space randomization , 2004, CCS '04.
[76] Michael Benedikt,et al. VeriWeb: Automatically Testing Dynamic Web Sites , 2002 .
[77] Gary McGraw,et al. Exploiting Software: How to Break Code , 2004 .
[78] Ravishankar K. Iyer,et al. Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..
[79] Jack W. Davidson,et al. Safe virtual execution using software dynamic translation , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..
[80] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[81] Harish Sethu,et al. On achieving software diversity for improved network security using distributed coloring algorithms , 2004, CCS '04.
[82] Bruce R. Childers,et al. Compact binaries with code compression in a software dynamic translator , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.
[83] Paolo Tonella,et al. Analysis and testing of Web applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.
[84] K. Sundaramoorthy,et al. Slipstream processors: improving both performance and fault tolerance , 2000, SIGP.
[85] Ruby B. Lee,et al. Enlisting Hardware Architecture to Thwart Malicious Code Injection , 2004, SPC.
[86] John Johansen,et al. PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.
[87] Jun Xu,et al. Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.
[88] D. Jewett,et al. Integrity S2: A Fault-Tolerant Unix Platform , 1991, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..