高级搜索
    删除搜索历史记录.
    我的图书馆

    Compiler-instrumented, dynamic secret-redaction of legacy processes for attacker deception

    作者: Kevin W. Hamlen , Frederico Araujo

    DOI:

    关键词:

    摘要: An enhanced dynamic taint-tracking semantics is presented and implemented, facilitating fast precise runtime secret redaction from legacy processes, such as those compiled C/C++. The reduce the annotation burden imposed upon developers seeking to add secret-redaction capabilities code, while curtailing over-tainting label creep. An implementation for LLVM's DataFlow Sanitizer automatically instruments support into annotated C/C++ programs at compile-time, yielding that can self-censor their address spaces in response emerging cyber-attacks. technology applied produce first information flow-based honey-patching architecture Apache web server. Rather than merely blocking intrusions, modified server deceptively diverts attacker connections secret-sanitized process clones monitor activities disinform adversaries with honey-data.

    参考文章(44)
    1.
    Clint Gibler, Jonathan Crussell, Jeremy Erickson, Hao Chen, AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale trust and trustworthy computing. pp. 291- 307 ,(2012) , 10.1007/978-3-642-30921-2_17
    2.
    Mona Attariyan, Jason Flinn, Automating configuration troubleshooting with dynamic information flow analysis operating systems design and implementation. pp. 237- 250 ,(2010) , 10.5555/1924943.1924960
    3.
    G. Portokalidis, H.J. Bos, J.M. Slowinska, Argos: an Emulator for Fingerprinting Zero-Day Attacks ,(2006)
    4.
    Tal Garfinkel, Mendel Rosenblum, Kevin Christopher, Ben Pfaff, Jim Chow, Understanding data lifetime via whole system simulation usenix security symposium. pp. 22- 22 ,(2004)
    5.
    Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans, Automatically Hardening Web Applications Using Precise Tainting information security conference. pp. 295- 307 ,(2004) , 10.1007/0-387-25660-1_20
    6.
    Shuo Chen, Karthik Pattabiraman, Zbigniew Kalbarczyk, Ravi K. Iyer, Formal Reasoning of Various Categories of Widely Exploited Security Vulnerabilities Using Pointer Taintedness Semantics information security conference. pp. 83- 99 ,(2004) , 10.1007/1-4020-8143-X_6
    7.
    Sandeep Bhatkar, R. Sekar, Wei Xu, Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks usenix security symposium. pp. 9- ,(2006)
    8.
    Tal Garfinkel, Mendel Rosenblum, Ben Pfaff, Jim Chow, Shredding your garbage: reducing data lifetime through secure deallocation usenix security symposium. pp. 22- 22 ,(2005)
    9.
    Erik Bosman, Asia Slowinska, Herbert Bos, Minemu: The World’s Fastest Taint Tracker Lecture Notes in Computer Science. pp. 1- 20 ,(2011) , 10.1007/978-3-642-23644-0_1
    10.
    James Cheney, Michael W. Hicks, Yanling Wang, Dan Grossman, J. Greg Morrisett, Trevor Jim, Cyclone: A Safe Dialect of C usenix annual technical conference. pp. 275- 288 ,(2002)
    来源期刊
    usenix security symposium USENIX Association
    • 2015 年,
    • Volume: , Issue: ,
    • Page: 145-159
    相似文章 9
    学术资源搜索(ver.BATE)

    为学术研究人员、学生以及专业人士设计的在线资源检索工具。
    致力于为用户提供全球范围内高质量开放学术文献、研究报告、会议论文、期刊文章等学术资源的便捷访问.

    Copyright © 2023. KipHub all right reserved. 沪ICP备2023020492号-1
    联系方式Terms & ConditionsSecurity
    Copyright 2023 ©KipHub.