Đang chuẩn bị liên kết để tải về tài liệu:
NOZZLE: A Defense Against Heap-spraying Code Injection Attacks

Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ

If a node calculates that it does not have enough storage capacity for the table, it initiates the group formation algo- rithm. To minimize the number of times an original tuple must be transmitted to make it available to every member of a group, we require that all nodes in the group are within broadcast range of each other. A second required property of a group is that it must have enough cumulative storage capacity to accommodate the table of predicates. If these requirements can not be met, the join classification (see Section 3.2) is not intermediate but rather. | Nozzle a Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan Cornell University paruj@csl.cornell.edu Benjamin Livshits Microsoft Research livshits@microsoft.com Benjamin zorn Microsoft Research zorn@microsoft.com Abstract Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe applications. In a heap-spraying attack an attacker coerces an application to allocate many objects containing malicious code in the heap increasing the success rate of an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms of attack spraying has been used in many recent security exploits. Spraying is especially effective in web browsers where the attacker can easily allocate the malicious objects using JavaScript embedded in a web page. In this paper we describe Nozzle a runtime heap-spraying detector. NozzLE examines individual objects in the heap interpreting them as code and performing a static analysis on that code to detect malicious intent. To reduce false positives we aggregate measurements across all heap objects and define a global heap health metric. We measure the effectiveness of Nozzle by demonstrating that it successfully detects 12 published and 2 000 synthetically generated heap-spraying exploits. We also show that even with a detection threshold set six times lower than is required to detect published malicious attacks Nozzle reports no false positives when run over 150 popular Internet sites. Using sampling and concurrent scanning to reduce overhead we show that the performance overhead of Nozzle is less than 7 on average. While Nozzle currently targets heap-based spraying attacks its techniques can be applied to any attack that attempts to fill the address space with malicious code objects e.g. stack spraying 42 . 1 Introduction In recent years security improvements have made it increasingly difficult for attackers to compromise systems. .

TAILIEUCHUNG - Chia sẻ tài liệu không giới hạn
Địa chỉ : 444 Hoang Hoa Tham, Hanoi, Viet Nam
Website : tailieuchung.com
Email : tailieuchung20@gmail.com
Tailieuchung.com là thư viện tài liệu trực tuyến, nơi chia sẽ trao đổi hàng triệu tài liệu như luận văn đồ án, sách, giáo trình, đề thi.
Chúng tôi không chịu trách nhiệm liên quan đến các vấn đề bản quyền nội dung tài liệu được thành viên tự nguyện đăng tải lên, nếu phát hiện thấy tài liệu xấu hoặc tài liệu có bản quyền xin hãy email cho chúng tôi.
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.