ADD: more bibliographies

This commit is contained in:
Dominik Meyer 2021-10-20 14:28:34 +02:00
parent 0b02e46823
commit 46ab1891d3
No known key found for this signature in database
GPG Key ID: B4C312B600606B64
6 changed files with 184 additions and 1 deletions

42
application_hardening.bib Normal file
View File

@ -0,0 +1,42 @@
@article{Berger2006,
title = "DieHard: Probabilistic Memory Safety for Unsafe Languages",
ISSN = "0362-1340",
DOI = "10.1145/1133255.1134000",
volume = "41",
number = "6",
year = "2006",
URL = "https://doi.org/10.1145/1133255.1134000",
journal = "SIGPLAN Not.",
pages = "158168",
author = "Berger, Emery D. and Zorn, Benjamin G.",
abstract = "Applications written in unsafe languages like C and C++ are vulnerable to memory errors such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can lead to program crashes, security vulnerabilities, and unpredictable behavior. We present DieHard, a runtime system that tolerates these errors while probabilistically maintaining soundness. DieHard uses randomization and replication to achieve probabilistic memory safety by approximating an infinite-sized heap. DieHard's memory manager randomizes the location of objects in a heap that is at least twice as large as required. This algorithm prevents heap corruption and provides a probabilistic guarantee of avoiding memory errors. For additional safety, DieHard can operate in a replicated mode where multiple replicas of the same application are run simultaneously. By initializing each replica with a different random seed and requiring agreement on output, the replicated version of Die-Hard increases the likelihood of correct execution because errors are unlikely to have the same effect across all replicas. We present analytical and experimental results that show DieHard's resilience to a wide range of memory errors, including a heap-based buffer overflow in an actual application.",
file = "DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=15{\&}resourceId=43{\&}filename=d029a4ad8728645a43fd586702f39aa2142b5602:pdf",
keywords = "randomization,DieHard,replication,dynamic memory allocation,probabilistic memory safety"
}
@inproceedings{Bouche2020,
title = "Shadow-Heap: Preventing Heap-Based Memory Corruptions by Metadata Validation",
ISBN = "9781450375993",
DOI = "10.1145/3424954.3424956",
series = "EICC 2020",
year = "2020",
URL = "https://doi.org/10.1145/3424954.3424956",
booktitle = "Proceedings of the European Interdisciplinary Cybersecurity Conference",
author = "Bouch'e, Johannes and Atkinson, Lukas and Kappes, Martin",
abstract = "In the past, stack smashing attacks and buffer overflows were some of the most insidious data-dependent bugs leading to malicious code execution or other unwanted behavior in the targeted application. Since reliable mitigations such as fuzzing or static code analysis are readily available, attackers have shifted towards heap-based exploitation techniques. Therefore, robust methods are required which ensure application security even in the presence of such intrusions, but existing mitigations are not yet adequate in terms of convenience, reliability, and performance overhead.We present a novel method to prevent heap corruption at runtime: by maintaining a copy of heap metadata in a shadow-heap and verifying the heap integrity upon each call to the underlying allocator we can detect most heap metadata manipulation techniques. The results demonstrate that Shadow-Heap is a practical mitigation approach, that our prototypical implementation only requires reasonable overhead due to a user-configurable performance-security tradeoff, and that existing programs can be protected without recompilation.",
publisher = "Association for Computing Machinery",
file = "DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=14{\&}resourceId=42{\&}filename=1678422185293c97d41e7c6054d951590e64c280:pdf"
}
@inproceedings{Habibi2015,
title = "DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices",
ISBN = "978-3-319-25645-0",
year = "2015",
booktitle = "Network and System Security",
pages = "112--129",
author = "Habibi, Javid and Panicker, Ajay and Gupta, Aditi and Bertino, Elisa",
editor = "Qiu, Meikang and Xu, Shouhuai and Yung, Moti and Zhang, Haibo",
abstract = "Security of embedded devices today is a critical requirement for the Internet of Things (IoT) as these devices will access sensitive information such as social security numbers and health records. This makes these devices a lucrative target for attacks exploiting vulnerabilities to inject malicious code or reuse existing code to alter the execution of their software. Existing defense techniques have major drawbacks such as requiring source code or symbolic debugging information, and high overhead, limiting their applicability. In this paper we propose a novel defense technique, DisARM, that protects against both code-injection and code-reuse based buffer overflow attacks by breaking the ability for attackers to manipulate the return address of a function. Our approach operates on arbitrary executable binaries and thus does not require compiler support. In addition it does not require user interactions and can thus be automatically applied. Our experimental results show that our approach incurs low overhead and significantly increases the level of security against both code-injection and code-reuse based attacks.",
publisher = "Springer International Publishing",
file = "DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=19{\&}resourceId=49{\&}filename=780912fea01840b170d5be044cab1e4bd6731596:pdf"
}

11
applications.bib Normal file
View File

@ -0,0 +1,11 @@
@misc{codechecker,
author = {{Ericsson}},
title = {Software: CodeChecker},
url = {https://github.com/Ericsson/codechecker}
}
@misc{valgrind,
author = {Valgrind Open-Source Group},
title ={Software: valgrind},
url = {https://www.valgrind.org/}
}

63
fuzzing.bib Normal file
View File

@ -0,0 +1,63 @@
@book{takanen2018fuzzing,
title={Fuzzing for software security testing and quality assurance},
author={Takanen, Ari and Demott, Jared D and Miller, Charles and Kettunen, Atte},
year={2018},
publisher={Artech House}
}
@misc{anon2021a,
title = "CWE Top 25 Most Dangerous Software Weaknesses",
year = "2021",
howpublished = "\url{https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html}",
month = "July~" # "26--26"
}
@article{Chakkaravarthy2019,
title = "A Survey on malware analysis and mitigation techniques",
ISSN = "1574-0137",
DOI = "https://doi.org/10.1016/j.cosrev.2019.01.002",
volume = "32",
year = "2019",
URL = "https://www.sciencedirect.com/science/article/pii/S1574013718301114",
journal = "Computer Science Review",
pages = "1--23",
author = "Chakkaravarthy, Sibi S. and Sangeetha, D. and Vaidehi, V.",
abstract = "In recent days, malwares are advanced, sophisticatedly engineered to attack the target. Most of such advanced malwares are highly persistent and capable of escaping from the security systems. This paper explores such an advanced malware type called Advanced Persistent Threats (APTs). APTs pave the way for most of the Cyber espionages and sabotages. APTs are highly sophisticated, target specific and operate in a stealthy mode till the target is compromised. The intention of the APTs is to deploy target specific automated malwares in a host or network to initiate an on-demand attack based on continuous monitoring. Encrypted covert communication and advanced, sophisticated attack techniques make the identification of APTs more challenging. Conventional security systems like antivirus, anti-malware systems which depend on signatures and static analysis fail to identify these APTs. The Advanced Evasive Techniques (AET) used in APTs are capable of bypassing the stateful firewalls housed in the enterprise choke points at ease. Hence, this paper presents a detailed study on sophisticated attack and evasion techniques used by the contemporary malwares. Furthermore, existing malware analysis techniques, application hardening techniques and CPU assisted application security schemes are also discussed. Finally, the study concludes by presenting the System and Network Security Design (SNSD) using existing mitigation techniques.",
file = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=20{\&}resourceId=50{\&}filename=9cee10ce7e8e33e77915ff2ce4d88d13a3505d8e:pdf",
keywords = "Evasion,Malware,Malware analysis,Packers,Sandboxes,Advanced persistent threats"
}
@inproceedings{Chen2018,
title = "IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing.",
year = "2018",
booktitle = "NDSS",
author = "Chen, Jiongyi and Diao, Wenrui and Zhao, Qingchuan and Zuo, Chaoshun and Lin, Zhiqiang and Wang, XiaoFeng and Lau, Wing Cheong and Sun, Menghan and Yang, Ronghai and Zhang, Kehuan",
file = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=18{\&}resourceId=48{\&}filename=1961c82250cf02079c34d3f4b990ae8f81c06e15:pdf"
}
@article{Chen2018a,
title = "A systematic review of fuzzing techniques",
ISSN = "0167-4048",
DOI = "https://doi.org/10.1016/j.cose.2018.02.002",
volume = "75",
year = "2018",
URL = "https://www.sciencedirect.com/science/article/pii/S0167404818300658",
journal = "Computers \& Security",
pages = "118--137",
author = "Chen, Chen and Cui, Baojiang and Ma, Jinxin and Wu, Runpu and Guo, Jianchao and Liu, Wenqian",
abstract = "Fuzzing is an effective and widely used technique for finding security bugs and vulnerabilities in software. It inputs irregular test data into a target program to try to trigger a vulnerable condition in the program execution. Since the first random fuzzing system was constructed, fuzzing efficiency has been greatly improved by combination with several useful techniques, including dynamic symbolic execution, coverage guide, grammar representation, scheduling algorithms, dynamic taint analysis, static analysis and machine learning. In this paper, we will systematically review these techniques and their corresponding representative fuzzing systems. By introducing the principles, advantages and disadvantages of these techniques, we hope to provide researchers with a systematic and deeper understanding of fuzzing techniques and provide some references for this field.",
file = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=21{\&}resourceId=51{\&}filename=1e4bcbbd1b2d3bd2399aa403bd3852e89f4fa4c6:pdf",
keywords = "Software bug,Vulnerability,Fuzzing,Dynamic symbolic execution,Coverage guide,Grammar representation,Scheduling algorithms,Taint analysis,Static analysis"
}
@inproceedings{Liu2008,
title = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing",
DOI = "10.1109/ICCIT.2008.9",
volume = "2",
year = "2008",
booktitle = "2008 Third International Conference on Convergence and Hybrid Information Technology",
pages = "491--497",
author = "Liu, Guang-Hong and Wu, Gang and Tao, Zheng and Shuai, Jian-Mei and Tang, Zhuo-Chun",
abstract = "Fuzzing was successfully used to discover security bugs in popular programs, though released without source code. It becomes a major tool in security analysis, but needs large input space, ineffective. This paper presents a new method for the identification of vulnerabilities in executable program called GAFuzzing (genetic algorithm fuzzing), which combines static and dynamic analysis to extend random fuzzing. First, it uses static analysis to obtain the structural behavior, interface and interest region of code, then formally describes test requirement. Second, it uses genetic algorithm to intelligently direct test data generation and improve the testing objective. Unlike many software testing tools, our implementation analyzes the executables without source code directly. Our evaluation shows that GAFuzzing is superior to random fuzzing for vulnerability analysis.",
file = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=22{\&}resourceId=52{\&}filename=829890f42cec5f99ac65a9634a1924f7aade9e74:pdf"
}

43
os_hardening.bib Normal file
View File

@ -0,0 +1,43 @@
@inproceedings{Barabosch2014,
title = "Host-based code injection attacks: A popular technique used by malware",
DOI = "10.1109/MALWARE.2014.6999410",
year = "2014",
booktitle = "2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)",
pages = "8--17",
author = "Barabosch, Thomas and Gerhards-Padilla, Elmar",
}
@INPROCEEDINGS{7546544, author={Snow, Kevin Z. and Rogowski, Roman and Werner, Jan and Koo, Hyungjoon and Monrose, Fabian and Polychronakis, Michalis}, booktitle={2016 IEEE Symposium on Security and Privacy (SP)}, title={Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks}, year={2016}, volume={}, number={}, pages={954-968}, abstract={The concept of destructive code reads is a new defensive strategy that prevents code reuse attacks by coupling fine-grained address space layout randomization with a mitigation for online knowledge gathering that destroys potentially useful gadgets as they are disclosed by an adversary. The intuition is that by destroying code as it is read, an adversary is left with no usable gadgets to reuse in a control-flow hijacking attack. In this paper, we examine the security of this new mitigation. We show that while the concept initially appeared promising, there are several unforeseen attack tactics that render destructive code reads ineffective in practice. Specifically, we introduce techniques for leveraging constructive reloads, wherein multiple copies of native code are loaded into a process' address space (either side-by-side or one-after-another). Constructive reloads allow the adversary to disclose one code copy, destroying it in the process, then use another code copy for their code reuse payload. For situations where constructive reloads are not viable, we show that an alternative, and equally powerful, strategy exists: leveraging code association via implicit reads, which allows an adversary to undo in-place code randomization by inferring the layout of code that follows already disclosed bytes. As a result, the implicitly learned code is not destroyed, and can be used in the adversary's code reuse attack. We demonstrate the effectiveness of our techniques with concrete instantiations of these attacks against popular applications. In light of our successes, we argue that the code inference strategies presented herein paint a cautionary tale for defensive approaches whose security blindly rests on the perceived inability to undo the application of in-place randomization.}, keywords={}, doi={10.1109/SP.2016.61}, ISSN={2375-1207}, month={May},}
@InProceedings{10.1007/978-3-319-62105-0_10,
author="Morton, Micah
and Koo, Hyungjoon
and Li, Forrest
and Snow, Kevin Z.
and Polychronakis, Michalis
and Monrose, Fabian",
editor="Bodden, Eric
and Payer, Mathias
and Athanasopoulos, Elias",
title="Defeating Zombie Gadgets by Re-randomizing Code upon Disclosure",
booktitle="Engineering Secure Software and Systems",
year="2017",
publisher="Springer International Publishing",
address="Cham",
pages="143--160",
abstract="Over the past few years, return-oriented programming (ROP) attacks have emerged as a prominent strategy for hijacking control of software. The full power and flexibility of ROP attacks was recently demonstrated using just-in-time ROP tactics (JIT-ROP), whereby an adversary repeatedly leverages a memory disclosure vulnerability to identify useful instruction sequences and compile them into a functional ROP payload at runtime. Since the advent of just-in-time code reuse attacks, numerous proposals have surfaced for mitigating them, the most practical of which involve the re-randomization of code at runtime or the destruction of gadgets upon their disclosure. Even so, several avenues exist for performing code inference, which allows JIT-ROP attacks to infer values at specific code locations without directly reading the memory contents of those bytes. This is done by reloading code of interest or implicitly determining the state of randomized code. These so-called ``zombie gadgets'' completely undermine defenses that rely on destroying code bytes once they are read. To mitigate these attacks, we present a low-overhead, binary-compatible defense which ensures an attacker is unable to execute gadgets that were identified through code reloading or code inference. We have implemented a prototype of the proposed defense for closed-source Windows binaries, and demonstrate that our approach effectively prevents zombie gadget attacks with negligible runtime overhead.",
isbn="978-3-319-62105-0"
}
@Article{app9142928,
AUTHOR = {Marco-Gisbert, Hector and Ripoll Ripoll, Ismael},
TITLE = {Address Space Layout Randomization Next Generation},
JOURNAL = {Applied Sciences},
VOLUME = {9},
YEAR = {2019},
NUMBER = {14},
ARTICLE-NUMBER = {2928},
URL = {https://www.mdpi.com/2076-3417/9/14/2928},
ISSN = {2076-3417},
ABSTRACT = {Systems that are built using low-power computationally-weak devices, which force developers to favor performance over security; which jointly with its high connectivity, continuous and autonomous operation makes those devices specially appealing to attackers. ASLR (Address Space Layout Randomization) is one of the most effective mitigation techniques against remote code execution attacks, but when it is implemented in a practical system its effectiveness is jeopardized by multiple constraints: the size of the virtual memory space, the potential fragmentation problems, compatibility limitations, etc. As a result, most ASLR implementations (specially in 32-bits) fail to provide the necessary protection. In this paper we propose a taxonomy of all ASLR elements, which categorizes the entropy in three dimensions: (1) how, (2) when and (3) what; and includes novel forms of entropy. Based on this taxonomy we have created, ASLRA, an advanced statistical analysis tool to assess the effectiveness of any ASLR implementation. Our analysis show that all ASLR implementations suffer from several weaknesses, 32-bit systems provide a poor ASLR, and OS X has a broken ASLR in both 32- and 64-bit systems. This is jeopardizing not only servers and end users devices as smartphones but also the whole IoT ecosystem. To overcome all these issues, we present ASLR-NG, a novel ASLR that provides the maximum possible absolute entropy and removes all correlation attacks making ASLR-NG the best solution for both 32- and 64-bit systems. We implemented ASLR-NG in the Linux kernel 4.15. The comparative evaluation shows that ASLR-NG overcomes PaX, Linux and OS X implementations, providing strong protection to prevent attackers from abusing weak ASLRs.},
DOI = {10.3390/app9142928}
}

View File

@ -121,7 +121,6 @@ author={Haase, Jan and Meyer, Dominik and Eckert, Marcel and Klauer, Bernd},
booktitle={Industrial Technology (ICIT), 2016 IEEE International Conference on},
title={Wireless sensor/actuator device configuration by NFC},
year={2016},
note={ACCEPTED},
month={3},}
@misc{Meyer4,
@ -167,3 +166,21 @@ month={6},
year={2017},
organization={IEEE}
}
@inproceedings{meyer2021,
title={A Modern Approach to Application Specific Processors for Improving the Security of Embedded Devices},
keywords = {pub}, author={Meyer, Dominik and Haase, Jan and Eckert, Marcel and Klauer, Bernd},
booktitle={IECON 2021-47rd Annual Conference of the IEEE Industrial Electronics Society},
year={2021},
organization={IEEE},
note={accepted, not yet published}
}
@inproceedings{klauer2017wireless,
title={Wireless sensor/actuator device configuration by NFC with secure key exchange},
keywords = {pub}, author={Klauer, Bernd and Haase, Jan and Meyer, Dominik and Eckert, Marcel},
booktitle={2017 IEEE AFRICON},
pages={473--478},
year={2017},
organization={IEEE}
}

7
security-reports.bib Normal file
View File

@ -0,0 +1,7 @@
@report{cdr2021,
author = {},
title = {Cyberthreat Defense Report},
institution = {CyberEdge Group, LLC},
year = {2021},
url = {https://cyber-edge.com/cdr/}
}