Shoshitaishvili et al., 2016 - Google Patents
Sok:(state of) the art of war: Offensive techniques in binary analysisShoshitaishvili et al., 2016
View PDF- Document ID
- 10419815341999671123
- Author
- Shoshitaishvili Y
- Wang R
- Salls C
- Stephens N
- Polino M
- Dutcher A
- Grosen J
- Feng S
- Hauser C
- Kruegel C
- Vigna G
- Publication year
- Publication venue
- 2016 IEEE symposium on security and privacy (SP)
External Links
Snippet
Finding and exploiting vulnerabilities in binary code is a challenging task. The lack of high- level, semantically rich information about data structures and control constructs makes the analysis of program properties harder to scale. However, the importance of binary analysis …
- 238000004458 analytical method 0 title abstract description 170
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3676—Test management for coverage analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3636—Software debugging by tracing the execution of the program
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/445—Programme loading or initiating
- G06F9/44589—Programme code verification, e.g. Java bytecode verification, proof-carrying code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformations of program code
- G06F8/41—Compilation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Shoshitaishvili et al. | Sok:(state of) the art of war: Offensive techniques in binary analysis | |
| Peng et al. | T-Fuzz: fuzzing by program transformation | |
| Dolan-Gavitt et al. | Repeatable reverse engineering with PANDA | |
| Peng et al. | {X-Force}:{Force-Executing} binary programs for security applications | |
| Clause et al. | Dytan: a generic dynamic taint analysis framework | |
| Schwartz et al. | Q: Exploit hardening made easy | |
| Huang et al. | Software crash analysis for automatic exploit generation on binary programs | |
| Jia et al. | Towards efficient heap overflow discovery | |
| Parvez | Combining static analysis and targeted symbolic execution for scalable bug-finding in application binaries | |
| Dolan-Gavitt et al. | Repeatable reverse engineering for the greater good with panda | |
| Shaw et al. | Automatically fixing c buffer overflows using program transformations | |
| Mallissery et al. | Demystify the fuzzing methods: A comprehensive survey | |
| Biswas et al. | Code specialization through dynamic feature observation | |
| Zeng et al. | Palantír: Optimizing attack provenance with hardware-enhanced system observability | |
| Vishnyakov et al. | Survey of methods for automated code-reuse exploit generation | |
| Dresel et al. | Artist: the android runtime instrumentation toolkit | |
| Zhan et al. | ErrHunter: Detecting Error-Handling Bugs in the Linux Kernel Through Systematic Static Analysis | |
| Chen et al. | Dynamically discovering likely memory layout to perform accurate fuzzing | |
| Lopes | Discovering vulnerabilities in webassembly with code property graphs | |
| Zhang et al. | Ffuzz: Towards full system high coverage fuzz testing on binary executables | |
| Bertani et al. | Untangle: Aiding Global Function Pointer Hijacking for Post-CET Binary Exploitation | |
| Yadegari | Automatic deobfuscation and reverse engineering of obfuscated code | |
| Shoshitaishvili | Building a Base for Cyber-autonomy | |
| Hauser et al. | Sleak: Automating address space layout derandomization | |
| Lu | Securing software systems by preventing information leaks. |