A Mathematical Modeling of Exploitations and Mitigation Techniques Using Set Theory
作者: Rodrigo Branco , Kekai Hu , Henrique Kawakami , Ke Sun
关键词:
摘要: One of the most challenging problems in computer security is formalization vulnerabilities, exploits, mitigations and their relationship. In spite various existing researches theories, a mathematical model that can be used to quantitatively represent analyze exploit complexity mitigation effectiveness still absence. this work, we introduce novel way modeling exploits techniques with concepts from set theory big O notation. The proposed establishes formulaic relationships between primitives objectives, enables quantitative evaluation vulnerabilities features system. We demonstrate application two real world techniques. It serves as first step toward comprehensive understanding exploitations mitigations, which will largely benefit facilitate practice system assessment.
sci-hub.se 参考文章(6)
Sergey Bratus, Julian Bangert, Rebecca Shapiro, Sean W. Smith, The page-fault weird machine: lessons in instruction-less computation WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies. pp. 13- 13 ,(2013)
Carlos Sarraute, Automated attack planning arXiv: Artificial Intelligence. ,(2013)
Kekai Hu, Harikrishnan Chandrikakutty, Russell Tessier, Tilman Wolf, Scalable hardware monitors to protect network processors from data plane attacks communications and networking symposium. pp. 314- 322 ,(2013) , 10.1109/CNS.2013.6682721
Julien Vanegue, The Weird Machines in Proof-Carrying Code ieee symposium on security and privacy. pp. 209- 213 ,(2014) , 10.1109/SPW.2014.37
Thomas Dullien, Weird Machines, Exploitability, and Provable Unexploitability IEEE Transactions on Emerging Topics in Computing. ,vol. 8, pp. 391- 403 ,(2020) , 10.1109/TETC.2017.2785299
Michael E. Locasto, Len Sassaman, Sergey Bratus, Anna Shubina, Meredith L. Patterson, Exploit Programming: From Buffer Overflows to "Weird Machines" and Theory of Computation. login Usenix Mag.. ,vol. 36, ,(2011)