Global ETD Search

11	DESERVE: A FRAMEWORK FOR DETECTING PROGRAM SECURITY VULNERABILITY EXPLOITATIONS MOHOSINA, AMATUL 20 September 2011 (has links) It is difficult to develop a program that is completely free from vulnerabilities. Despite the applications of many approaches to secure programs, vulnerability exploitations occur in real world in large numbers. Exploitations of vulnerabilities may corrupt memory spaces and program states, lead to denial of services and authorization bypassing, provide attackers the access to authorization information, and leak sensitive information. Monitoring at the program code level can be a way of vulnerability exploitation detection at runtime. In this work, we propose a monitor embedding framework DESERVE (a framework for DEtecting program SEcuRity Vulnerability Exploitations). DESERVE identifies exploitable statements from source code based on static backward slicing and embeds necessary code to detect attacks. During the deployment stage, the enhanced programs execute exploitable statements in a separate test environment. Unlike traditional monitors that extract and store program state information to compare with vulnerable free program states to detect exploitation, our approach does not need to save state information. Moreover, the slicing technique allows us to avoid the tracking of fine grained level of information about runtime program environments such as input flow and memory state. We implement DESERVE for detecting buffer overflow, SQL injection, and cross-site scripting attacks. We evaluate our approach for real world programs implemented in C and PHP languages. The results show that the approach can detect some of the well-known attacks. Moreover, the approach imposes negligible runtime overhead. / Thesis (Master, Electrical & Computer Engineering) -- Queen's University, 2011-09-19 19:04:28.423 cross-site scripting buffer overflow software engineering vulnerability monitor software security runtime testing sql injection
12	Detecting and characterising malicious executable payloads Andersson, Stig January 2009 (has links) Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.
13	Uma ferramenta multiplataforma para prevenção de buffer overflow / A Multiplatform tool to prevent buffer overflows Mello, Paulo Estima January 2009 (has links) Este trabalho apresenta um método para prevenir as vulnerabilidades causadas por erros de programação insegura que, normalmente, é resultado da solução de um problema proposto ou do desenvolvimento de funcionalidade sem levar em consideração a segurança do sistema como um todo. Os erros de programação (no contexto da segurança de um sistema e não apenas da sua funcionalidade) são normalmente frutos da ignorância do programador sobre as vulnerabilidades apresentadas pelas suas ferramentas para construção de programas. O estado da arte é brevemente apresentado demonstrando as soluções atuais em termos de proteção contra ataques de buffer overflow baseado em pilha. Soluções em tempo de compilação e pós-compilação por parte do sistema operacional são as mais comuns. Neste escopo é demonstrada a solução proposta por um protótipo funcional que valida o modelo para uma série de aplicações em duas plataformas diferentes (Windows e Linux). A solução converge a instrumentação de aplicações com o uso de um repositório de endereços de retorno para prevenir o retorno de funções a endereços não legalmente especificados. Testes do protótipo foram realizados em ambas as plataformas e mostraram a eficácia do protótipo prevenindo falhas em casos reais de buffer overflow baseado em pilha. / This paper presents a method to prevent the vulnerabilities caused by insecure programming which, usually, is an outcome of taking into account only the solution of a proposed problem or the development of new functionalities disregarding security on development of the system as a whole. The programming mistakes (in the context of the system security despite the system's functionality) are usually a result of the unawareness of the programmed about the vulnerabilities contained on the tools they use to develop software. The state of the art is briefly presented showing the current solutions related to preventing buffer overflows based on stack. Both compile time and post-compilation solutions (usually as part of the operating system) are the most widely used. In this work the proposed solution is demonstrated by a functional prototype which validates the model for a set of applications in two different platforms (Windows and Linux). The solution converges process instrumentation with a return address repository to prevent a function from returning to an address not legally specified. Testes of the prototype were performed in both platforms previously mentioned and have proved the correctness of the prototype by actually preventing exploitation on real case scenarios of real world applications. Seguranca : Computadores Tolerancia : Falhas : Software Security Instrumentation Buffer overflow Programming error
14	Uma ferramenta multiplataforma para prevenção de buffer overflow / A Multiplatform tool to prevent buffer overflows Mello, Paulo Estima January 2009 (has links) Este trabalho apresenta um método para prevenir as vulnerabilidades causadas por erros de programação insegura que, normalmente, é resultado da solução de um problema proposto ou do desenvolvimento de funcionalidade sem levar em consideração a segurança do sistema como um todo. Os erros de programação (no contexto da segurança de um sistema e não apenas da sua funcionalidade) são normalmente frutos da ignorância do programador sobre as vulnerabilidades apresentadas pelas suas ferramentas para construção de programas. O estado da arte é brevemente apresentado demonstrando as soluções atuais em termos de proteção contra ataques de buffer overflow baseado em pilha. Soluções em tempo de compilação e pós-compilação por parte do sistema operacional são as mais comuns. Neste escopo é demonstrada a solução proposta por um protótipo funcional que valida o modelo para uma série de aplicações em duas plataformas diferentes (Windows e Linux). A solução converge a instrumentação de aplicações com o uso de um repositório de endereços de retorno para prevenir o retorno de funções a endereços não legalmente especificados. Testes do protótipo foram realizados em ambas as plataformas e mostraram a eficácia do protótipo prevenindo falhas em casos reais de buffer overflow baseado em pilha. / This paper presents a method to prevent the vulnerabilities caused by insecure programming which, usually, is an outcome of taking into account only the solution of a proposed problem or the development of new functionalities disregarding security on development of the system as a whole. The programming mistakes (in the context of the system security despite the system's functionality) are usually a result of the unawareness of the programmed about the vulnerabilities contained on the tools they use to develop software. The state of the art is briefly presented showing the current solutions related to preventing buffer overflows based on stack. Both compile time and post-compilation solutions (usually as part of the operating system) are the most widely used. In this work the proposed solution is demonstrated by a functional prototype which validates the model for a set of applications in two different platforms (Windows and Linux). The solution converges process instrumentation with a return address repository to prevent a function from returning to an address not legally specified. Testes of the prototype were performed in both platforms previously mentioned and have proved the correctness of the prototype by actually preventing exploitation on real case scenarios of real world applications. Seguranca : Computadores Tolerancia : Falhas : Software Security Instrumentation Buffer overflow Programming error
15	Nuking Duke Nukem : Reaching the Stack via a Glboal Buffer Overflow in DOS Protected Mode Lindblom, Henrik January 2023 (has links) Control-flow hijack attacks on software exploit vulnerabilities in the software’s memory handling. Over the years, various security mitigations have been developed to counter these attacks. However, compatibility issues have hindered the adoption of such measures in some legacy systems. This thesis focuses on the case of the legacy DOS system and examines whether a DOS system running the DOS/4GW protected mode extender can provide control-flow protection against an attack exploiting a buffer overflow vulnerability in the well-known retro game Duke Nukem3D. To investigate this, three model programs were created, and designed with memory models that share memory layout characteristics with the target retro game’s executable. Experimental attacks were then conducted on these models, aiming to identify an effective attack vector for the target vulnerability. The underlying theory suggests that memory models that segregate application data into distinct memory segments could potentially safeguard against the demonstrated attack. However, attempts to implement such a memory model within an application proved unsuccessful. The challenge that remains is to prove the existence of memory models under DOSprotected mode that can effectively shield Duke Nukem 3D, or other legacy games, from the control-flow hijack attack demonstrated in this thesis. Computer Security Operating Systems Control-flow hijack attacks Buffer Overflow Stack DOS Computer Sciences Datavetenskap (datalogi)
16	Analýza automatizovaného generování signatur s využitím Honeypotu / Analysis of Automated Generation of Signatures Using Honeypots Bláha, Lukáš January 2012 (has links) In this paper, system of automatic processing of attacks using honeypots is discussed. The first goal of the thesis is to become familiar with the issue of signatures to detect malware on the network, especially the analysis and description of existing methods for automatic generation of signatures using honeypots. The main goal is to use the acquired knowledge to the design and implementation of tool which will perform the detection of new malicious software on the network or end user's workstation.
17	Detekce Útoků v Síťovém Provozu / Intrusion Detection in Network Traffic Homoliak, Ivan Unknown Date (has links) Tato práce se zabývá problematikou anomální detekce síťových útoků s využitím technik strojového učení. Nejdříve jsou prezentovány state-of-the-art datové kolekce určené pro ověření funkčnosti systémů detekce útoků a také práce, které používají statistickou analýzu a techniky strojového učení pro nalezení síťových útoků. V další části práce je prezentován návrh vlastní kolekce metrik nazývaných Advanced Security Network Metrics (ASNM), který je součástí konceptuálního automatického systému pro detekci průniků (AIPS). Dále jsou navrženy a diskutovány dva různé přístupy k obfuskaci - tunelování a modifikace síťových charakteristik - sloužících pro úpravu provádění útoků. Experimenty ukazují, že použité obfuskace jsou schopny předejít odhalení útoků pomocí klasifikátoru využívajícího metriky ASNM. Na druhé straně zahrnutí těchto obfuskací do trénovacího procesu klasifikátoru může zlepšit jeho detekční schopnosti. Práce také prezentuje alternativní pohled na obfuskační techniky modifikující síťové charakteristiky a demonstruje jejich použití jako aproximaci síťového normalizéru založenou na vhodných trénovacích datech.
18	Software Security Analysis : Managing source code audit Persson, Daniel, Baca, Dejan January 2004 (has links) Software users have become more conscious of security. More people have access to Internet and huge databases of security exploits. To make secure products, software developers must acknowledge this threat and take action. A first step is to perform a software security analysis. The software security analysis was performed using automatic auditing tools. An experimental environment was constructed to check if the findings were exploitable or not. Open source projects were used as reference to learn what patterns to search for. The results of the investigation show the differences in the automatic auditing tools used. Common types of security threats found in the product have been presented. Four different types of software security exploits have also been presented. The discussion presents the effectiveness of the automatic tools for auditing software. A comparison between the security in the examined product and the open source project Apache is presented. Furthermore, the incorporation of the software security analysis into the development process, and the results and cost of the security analysis is discussed. Finally some conclusions were drawn. Software security audit exploit closed source open source buffer overflow Computer Sciences Datavetenskap (datalogi) Software Engineering Programvaruteknik
19	Architectural Support For Improving Computer Security Kong, Jingfei 01 January 2010 (has links) Computer security and privacy are becoming extremely important nowadays. The task of protecting computer systems from malicious attacks and potential subsequent catastrophic losses is, however, challenged by the ever increasing complexity and size of modern hardware and software design. We propose several methods to improve computer security and privacy from architectural point of view. They provide strong protection as well as performance efficiency. In our first approach, we propose a new dynamic information flow method to protect systems from popular software attacks such as buffer overflow and format string attacks. In our second approach, we propose to deploy encryption schemes to protect the privacy of an emerging non-volatile main memory technology - phase change memory (PCM). The negative impact of the encryption schemes on PCM lifetime is evaluated and new methods including a new encryption counter scheme and an efficient error correct code (ECC) management are proposed to improve PCM lifetime. In our third approach, we deconstruct two previously proposed secure cache designs against software data-cache-based side channel attacks and demonstrate their weaknesses. We propose three hardware-software integrated approaches as secure protections against those data cache attacks. Also we propose to apply them to protect instruction caches from similar threats. Furthermore, we propose a simple change to the update policy of Branch Target Buffer (BTB) to defend against BTB attacks. Our experiments show that our proposed schemes are both security effective and performance efficient. dynamic information flow buffer overflow phase change memory counter-mode encryption wear leveling secure cache designs informing loads Computer Sciences Engineering
20	Alocação de recursos em redes sem fio OFDM multiusuário utilizando modelagem multifractal adaptativa / Resource allocation for multiuser OFDM wireless networks based on adaptive multifractal modeling Rocha, Flávio Geraldo Coelho 22 November 2016 (has links) Submitted by Cássia Santos (cassia.bcufg@gmail.com) on 2016-12-16T13:58:28Z No. of bitstreams: 2 Tese - Flávio Geraldo Coelho Rocha - 2016.pdf: 4809831 bytes, checksum: e575d503488bc0e0cb8f1a1b3478d982 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Approved for entry into archive by Jaqueline Silva (jtas29@gmail.com) on 2016-12-16T16:59:35Z (GMT) No. of bitstreams: 2 Tese - Flávio Geraldo Coelho Rocha - 2016.pdf: 4809831 bytes, checksum: e575d503488bc0e0cb8f1a1b3478d982 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Made available in DSpace on 2016-12-16T16:59:35Z (GMT). No. of bitstreams: 2 Tese - Flávio Geraldo Coelho Rocha - 2016.pdf: 4809831 bytes, checksum: e575d503488bc0e0cb8f1a1b3478d982 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2016-11-22 / Fundação de Amparo à Pesquisa do Estado de Goiás - FAPEG / In this work, in order to describe network traffic characteristics, such as long-range dependence among samples, self-similarity and multiscale behavior, we propose a Multifractal Adaptive Model based on a multiscale cascade in the Wavelet Domain. We compare the proposed model performance with those of other models presented in the literature. It is also proposed an envelope process for the network traffic that takes into account parameters of the Multifractal Adaptive Model. Furthermore, we derive an equation in order to estimate the buffer overflow probability for both a simplified communication system with a single server, single queue and finite buffer, and to a wireless network multiuser scenario based on OFDM technology. To this end, we consider the service curve of the round-robin scheduling algorithm of the OFDM network. Taking into account the envelope process and the service curve we obtain, through the Network Calculus theory, the maximum delay experienced by users of the OFDM network. Moreover, assuming a similar network scenario to an LTE network, we propose a joint channel-aware and queue-aware resource scheduling algorithm. Based on the presented scheduler, we propose a minimum service curve for the LTE user and through this we propose an approach to accomplish maximum delay guarantee. / Neste trabalho, com o objetivo de descrever características do tráfego de redes, tais como longa-dependência entre amostras, autossimilaridade e comportamento multiescala, propõe-se um Modelo Multifractal Adaptativo baseado em uma cascata multiescala no domínio Wavelet. O desempenho do modelo proposto é comparado a outros modelos presentes na literatura. Também é proposto um processo envelope para o tráfego de redes que leva em consideração parâmetros do Modelo Multifractal Adaptativo proposto. Além disso, deduz-se uma equação para o cálculo da probabilidade de transbordo do buffer, tanto para um sistema de comunicação simplificado com servidor único, fila única e buffer finito, quanto para um ambiente multiusuário de rede sem fio baseado na tecnologia OFDM. Para tanto, utiliza-se a curva de serviço do escalonador round-robin da rede OFDM. Utilizando-se do processo envelope e da curva de serviço, obtém-se por meio do Cálculo de Rede a estimativa para o retardo máximo experimentado pelos usuários da rede OFDM. Em seguida, assume-se um ambiente de rede similar ao de uma rede LTE e propõe-se para essa rede um escalonador de recursos sensível às condições do canal de comunicação e à probabilidade de transbordo do buffer. Com base no escalonador apresentado, propõe-se uma curva de serviço mínima para o usuário da rede LTE e por meio dessa, propõe-se uma abordagem para garantia de retardo. Multifractal Tráfego de rede Cálculo de rede Curva de serviço Processo envelope Probabilidade de transbordo do buffer Retardo OFDM LTE Multifractal Network traffic Network calculus Service curve Envelope process Buffer overflow probability Delay OFDM LTE

Search results