{"title":"识别和修复x86机器代码中的漏洞的统一方法","authors":"Kirill Kononenko","doi":"10.1145/2348543.2348593","DOIUrl":null,"url":null,"abstract":"The security of software systems is threatened by a wide range of attack vectors, such as buffer overflows, insecure information flow, and side channels, which can leak private information, e.g., by monitoring a program's execution time. Even if programmers manage to avoid such vulnerabilities in a program's source code or bytecode, new vulnerabilities can arise as compilers generate machine code from those representations.\n We propose a virtual execution environment for x86 machine code that combines information from compositional, static, and dynamic program analysis to identify vulnerabilities and timing channels, and uses code transformations to prevent those from being exploited. To achieve an appropriate level of performance as well as combine analysis results, our approach stores summary information in the form of conditional rules that can be shared among analyses.","PeriodicalId":378295,"journal":{"name":"ACM/IEEE International Conference on Mobile Computing and Networking","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A unified approach to identifying and healing vulnerabilities in x86 machine code\",\"authors\":\"Kirill Kononenko\",\"doi\":\"10.1145/2348543.2348593\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security of software systems is threatened by a wide range of attack vectors, such as buffer overflows, insecure information flow, and side channels, which can leak private information, e.g., by monitoring a program's execution time. Even if programmers manage to avoid such vulnerabilities in a program's source code or bytecode, new vulnerabilities can arise as compilers generate machine code from those representations.\\n We propose a virtual execution environment for x86 machine code that combines information from compositional, static, and dynamic program analysis to identify vulnerabilities and timing channels, and uses code transformations to prevent those from being exploited. To achieve an appropriate level of performance as well as combine analysis results, our approach stores summary information in the form of conditional rules that can be shared among analyses.\",\"PeriodicalId\":378295,\"journal\":{\"name\":\"ACM/IEEE International Conference on Mobile Computing and Networking\",\"volume\":\"71 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM/IEEE International Conference on Mobile Computing and Networking\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2348543.2348593\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM/IEEE International Conference on Mobile Computing and Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2348543.2348593","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A unified approach to identifying and healing vulnerabilities in x86 machine code
The security of software systems is threatened by a wide range of attack vectors, such as buffer overflows, insecure information flow, and side channels, which can leak private information, e.g., by monitoring a program's execution time. Even if programmers manage to avoid such vulnerabilities in a program's source code or bytecode, new vulnerabilities can arise as compilers generate machine code from those representations.
We propose a virtual execution environment for x86 machine code that combines information from compositional, static, and dynamic program analysis to identify vulnerabilities and timing channels, and uses code transformations to prevent those from being exploited. To achieve an appropriate level of performance as well as combine analysis results, our approach stores summary information in the form of conditional rules that can be shared among analyses.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
