Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity: Information Security and Cryptography
Autor Yan Linen Limba Engleză Paperback – mai 2021
In this book, we propose novel solutions to handle these three fundamental components.To generate a precise CFI policy without the support of the source code, we systematically study two methods which recover CFI policy based on function signature matching at the binary level and propose our novel rule- and heuristic-based mechanism to more accurately recover function signature. To embed CFI policy securely, we design a novel platform which encodes the policy into the machine instructions directly without relying on consulting any read-only data structure, by making use of the idea of instruction-set randomization. Each basic block is encrypted with a key derived from the CFG. To efficiently enforce CFI policy, we make use of a mature dynamic code optimization platform called DynamoRIO to enforce the policy so that we are only required to do the CFI check when needed.
Din seria Information Security and Cryptography
- 20%
Preț: 352.02 lei - 20%
Preț: 770.30 lei - 20%
Preț: 303.85 lei - 20%
Preț: 1452.94 lei - 20%
Preț: 988.47 lei - 20%
Preț: 327.10 lei - 20%
Preț: 453.21 lei - 20%
Preț: 607.34 lei - 20%
Preț: 331.40 lei - 20%
Preț: 406.32 lei - 20%
Preț: 346.56 lei - 18%
Preț: 950.52 lei - 24%
Preț: 795.26 lei - 20%
Preț: 595.07 lei - 20%
Preț: 487.73 lei -
Preț: 450.28 lei - 20%
Preț: 877.77 lei - 20%
Preț: 332.39 lei - 20%
Preț: 418.59 lei - 20%
Preț: 649.28 lei - 20%
Preț: 552.72 lei - 20%
Preț: 577.40 lei - 20%
Preț: 653.38 lei - 20%
Preț: 670.25 lei - 20%
Preț: 334.53 lei - 20%
Preț: 414.72 lei - 20%
Preț: 640.69 lei
Preț: 636.41 lei
Preț vechi: 795.50 lei
-20% Nou
Puncte Express: 955
Preț estimativ în valută:
121.81€ • 126.69$ • 102.08£
121.81€ • 126.69$ • 102.08£
Carte tipărită la comandă
Livrare economică 13-27 martie
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9783030731403
ISBN-10: 3030731405
Ilustrații: XIII, 95 p. 23 illus.
Dimensiuni: 155 x 235 mm
Greutate: 0.17 kg
Ediția:1st ed. 2021
Editura: Springer International Publishing
Colecția Springer
Seria Information Security and Cryptography
Locul publicării:Cham, Switzerland
ISBN-10: 3030731405
Ilustrații: XIII, 95 p. 23 illus.
Dimensiuni: 155 x 235 mm
Greutate: 0.17 kg
Ediția:1st ed. 2021
Editura: Springer International Publishing
Colecția Springer
Seria Information Security and Cryptography
Locul publicării:Cham, Switzerland
V-ar putea interesa
-
On the Foundations of ComputingGiuseppe Primiero-27%Preț: 337.41 lei463.55 lei -
Algorithms Are Not EnoughHerbert L. Roitblat-20%Preț: 215.82 lei269.77 lei -
Blockchain Chicken FarmXiaowei WangPreț: 93.22 lei -
Possible Minds: Twenty-Five Ways of Looking at AIJohn Brockman-34%Preț: 75.23 lei113.68 lei -
CCTV for Security ProfessionalsAlan Matchett-20%Preț: 634.26 lei792.82 lei -
-20%Preț: 1285.31 lei1606.64 lei -
-20%Preț: 1280.84 lei1601.05 lei -
-20%Preț: 448.83 lei561.05 lei -
The Zynq BookLouise H CrockettPreț: 277.95 lei -
Algorithms Illuminated (Part 2)Tim Roughgarden-20%Preț: 92.70 lei115.88 lei -
Database SystemsRamez Elmasri-20%Preț: 486.43 lei608.04 lei -
The Rationalist's Guide to the GalaxyTom Chivers-38%Preț: 42.04 lei68.27 lei -
Problem Solving with Algorithms and Data Structures Using PythonBradley N. MillerPreț: 369.03 lei -
-20%Preț: 448.53 lei560.66 lei -
tmux 2Brian P. Hogan-20%Preț: 93.09 lei116.36 lei -
The Revolutionary PhenotypeJean-François GariépyPreț: 117.92 lei -
AdventureJamie LendinoPreț: 122.60 lei -
The Alignment ProblemBrian Christian-40%Preț: 53.81 lei90.29 lei -
Preț: 446.59 lei -
-20%Preț: 381.60 lei477.00 lei -
Zero-Day Exploit: Countdown to DarknessRob Shein-20%Preț: 373.53 lei466.91 lei -
-20%Preț: 323.48 lei404.36 lei -
Inside the SPAM Cartel: By Spammer-XSpammer-X Spammer-X-20%Preț: 379.79 lei474.73 lei -
-20%Preț: 304.26 lei380.32 lei -
-20%Preț: 338.81 lei423.52 lei -
Peeling Design PatternsNarasimha KarumanchiPreț: 301.86 lei -
FUZZY SETS,FUZZY LOGIC,& FUZZY SYS (V6)G J Klir Bo Yuan-20%Preț: 739.01 lei923.77 lei
Cuprins
{draft, needs completion}
1 Introduction
1.1 Overview of Control-Flow Integrity
1.2 Practicality of Recovering Fine-grained CFI Policies1.3 Control-Flow Carrying Code
1.4 Control-Flow Integrity Enforcement Based on Dynamic Code Optimization
2 Literature Review
2.1 Control-Flow Hijacking
2.2 Deployed Defenses
2.3 Control-Flow Integrity
3 When Function Signature Recovery Meets Compiler Optimization
3.1 Introduction
3.2 Background and Unified Notation
3.3 Eight Ways in Which Compiler Optimization Impacts Function Signature Recovery
3.4 Evaluation
3.5 Revised Policy
3.6 Evaluation on revised policy
3.7 Summary
4 Control-Flow Carrying Code
4.1 Introduction
4.2 Overview of C^3
4.3 Detailed Designed of C^3
4.4 Implementation
4.5 Evaluation
4.6 Discussion
4.7 Summary
5 Control-Flow Integrity Enforcement with Dynamic Code Optimization
5.1 Introduction
5.2 Design, Implementation, and Security Comparison
5.3 Detailed Performance Profiling
5.4 Security Evaluation
5.5 Summary
6 Conclusion
Bibliography
Notă biografică
Yan Lin is at the School of Computing and Information Systems, Singapore Management University. Her extensive studies have focused on the area of cybersecurity, and her current researches focus on software security and system security.
Textul de pe ultima copertă
Control-Flow Integrity (CFI) is an attractive security property with which most injected and code-reuse attacks can be defeated, including advanced attacking techniques like return-oriented programming.
CFI extracts a control-flow graph (CFG) for a given program, with checks inserted before indirect branch instructions. Before executed during runtime, the checks consult the CFG to ensure that the indirect branch is allowed to reach the intended target. Hence, any sort of control-flow hijacking can be prevented. This concise volume proposes novel solutions to handle the fundamental components of CFI enforcement: accurately recovering the policy (CFG); embedding the CFI policy securely; and efficiently enforcing the CFI policy.
Addressing the first component, the book systematically studies two methods that recover CFI policy based on function signature matching at the binary level, then offers a unique rule-and heuristic-based mechanism to more accurately recover function signature. To embed CFI policy securely, the book advocates a new platform that encodes the policy into the machine instructions directly without relying on consulting any read-only data structure. Finally, the work prescribes a mature dynamic-code-optimization platform called DynamoRIO to enforce the policy when needed.
Key features:
- Provides deep understanding of Control-Flow Integrity
- Offers new insights on the relationship between function signature and compiler optimization
- Demonstrates how CFI can be more efficient than Data Execution Prevention
This focused, distinctive volume will appeal to researchers, scientists, lecturers, as well as postgraduates with a background in binary analysis. Libraries, practitioners, and professionals will also benefit, depending on their missions and programs.
Yan Lin is at the School of Computing and Information Systems, Singapore Management University. Her extensive foundational studies have focused on the area of cybersecurity, and her current research focuses on software security and system security.
Caracteristici
Provides deep understanding of Control-Flow Integrity Offers new insights on the relationship between function signature and compiler optimization Demonstrates how CFI can be more efficient than Data Execution Prevention