摘要: Weaknesses in software security have been numerous, sometimes startling, and often serious. Many of them stem from apparently small low-level errors (e.g., buffer overflows). Ideally, those should be avoided by design, or at least fixed after the fact. In practice, on other hand, we may to tolerate some vulnerabilities, with appropriate models, architectures, tools.
springer.com
ucsc.edu
sci-hub.st 参考文章(22)
Úlfar Erlingsson, Low-level software security: attacks and defenses Foundations of security analysis and design IV. pp. 92- 134 ,(2007) , 10.1007/978-3-540-74810-6_4
Morrie Gasser, Building a Secure Computer System ,(1988)
John J. Marciniak, Encyclopedia of Software Engineering ,(1994)
Greg Morrisett, Stephen McCamant, Evaluating SFI for a CISC architecture usenix security symposium. pp. 15- ,(2006)
Foundations of Security Analysis and Design V: FOSAD 2007/2008/2009 Tutorial Lectures Lecture Notes in Computer Science. ,vol. 5705, ,(2009) , 10.1007/978-3-642-03829-7
Matthew Hennessy, Robin Milner, On Observing Nondeterminism and Concurrency international colloquium on automata, languages and programming. pp. 299- 309 ,(1980) , 10.1007/3-540-10003-2_79
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
J. Pincus, B. Baker, Beyond stack smashing: recent advances in exploiting buffer overruns ieee symposium on security and privacy. ,vol. 2, pp. 20- 27 ,(2004) , 10.1109/MSP.2004.36
Greg Morrisett, Gang Tan, Joseph Tassarotti, Jean-Baptiste Tristan, Edward Gan, RockSalt: better, faster, stronger SFI for the x86 programming language design and implementation. ,vol. 47, pp. 395- 404 ,(2012) , 10.1145/2254064.2254111
Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytis, Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization ieee symposium on security and privacy. pp. 601- 615 ,(2012) , 10.1109/SP.2012.41