有哪些信誉好的足球投注网站- 1、本文档共41页,可阅读全部内容。
- 2、有哪些信誉好的足球投注网站(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
Dynamic Taint Analysis for Automatic Detection, Analysis,
and Signature Generation of Exploits on Commodity Software
Authors: James Newsome, Dawn Song
Presenters:
Sheikh M Qumruzzaman
Khaled M Al-Naami
Welcome and Introduction
Overview
Dynamic Taint Analysis
TaintCheck
TaintSeed
TaintTracker
TaintAssert
Exploit Analyzer
Security Analysis of TaintCheck
Evaluation and Performance
Automatic Signature Generation
Conclusion
Overview
Worms exploit software vulnerabilities.
Buffer Overflow.
Format String.
Dangling Pointers.
SQL Injection.
CodeRed and Slammer exploit vulnerabilities and can compromise hundreds of thousands of hosts within hours or minutes.
Slammer
The geographical spread of Slammer in the 30 minutes after its release.
Source: /xpls/abs_all.jsp?arnumber=1219056tag=1
CodeRed
Code Red’s probe rate during its re-emergence on 1 August, 2001
Source: /xpls/abs_all.jsp?arnumber=1219056tag=1
WHAT DO WE NEED?
An automatic detect and defense system.
Automatic development of attack signatures.
In this paper authors proposed new technique ‘Dynamic Taint Analysis’ and showed how it can be used to detect and analyze software exploits
ATTACK DETECTORS
Coarse grained detectors:
Detect anomalous behavior such as scanning and do not provide detailed information about vulnerability and how it exploited.
Fine grained detectors:
Detect attack on a program vulnerability, and provide detailed information about it.
Several approaches for fine grained detectors. But most of them are not dynamic.
Dynamic Taint Analysis
Tainted Data: Data from un-trusted sources.
Keep track of tainted data.
Monitor program execution to track how tainted attributes propagate
Check when tainted data is used in dangerous ways
TaintCheck – An automatic dynamic taint analysis tool.
TaintCheck
Doesn’t require source code/special compilation.
Reliably detects most overwrite attacks.
No known false positives.
Enables automatic semantic analysis based signature generation.
Design and Impleme
您可能关注的文档
- Domain Name System Computer Science at RPI域名系统在RPI计算机科学.ppt
- Domains of Learning EdPsyc Interactive域的学习edpsyc互动.ppt
- DISP2003 Introduction to Digital Signal Processingdisp2003介绍数字信号处理.ppt
- Doing Business in China Texas Association of 在中国做生意德克萨斯协会.ppt
- DON'T WORRY, BE HAPPY musicbulletinboards别担心要快乐 musicbulletinboards.net.ppt
- DOMESTIC ANIMALS bglog国内动物bglog.net.ppt
- Donation Championship Teams The Physician Champion捐赠冠军队的医生冠军.ppt
- Dollar General Balloon Program Balloons美元通用气球计划气球 .ppt
- Don‘t worry be happy Amazon Web Services不要担心快乐亚马逊网络服务.ppt
- Don’t Let a Fall Get You Down CAOT不要让秋天让你不.ppt
- Dynamic Vibration Absorber for Suppression of 动力减振器.ppt
- Dynamic Topic Analysis of Synchronous Chat vw同步聊天大众的动态话题分析.indiana.ppt
- Dynamic Systems Approach kin动态系统方法亲属.sjsu.ppt
- Dynamic Systems UMass Amherst Information 动力系统马萨诸塞大学阿默斯特分校的信息.ppt
- Dynamic vs动态与. Static Characters Courtney Maida.ppt
- Dynamically Parameterized Architectures for Power Aware Video用于功率感知的视频的动态参数化结构.ppt
- Dynamical” Vs“与动态. “Genetic” Disease What Do Complex Rhythms.ppt
- Dynamics and Thermodynamics of the Glass Transition 玻璃化转变的动力学与热力学.ppt
- Dynamics of gravitationally interacting systems unibo引力相互作用的系统unibo动力学.it.ppt
- Dynamos in Accretion Disks cmso发电机在吸积盘 cmso.info.ppt
最近下载
- 统编人教部编版语文三年级下册第八单元教材解读及教学目标教学建议教研备课校本培训.pptx
- EZVIZ 萤石 智能锁Y3000FV用户手册说明书.pdf
- 2025年中考数学模拟试卷押题卷(含答案).docx
- 产业园区智能化规划设计方案.pdf
- 《旅游类学生就业指导:扬就业之帆 启梦想之旅》 模块三 了解形势,选择去向.pptx
- 新航道留学预备三级读写答案.pdf
- 两角和与差的余弦公式PPT课件.ppt
- 2024广东珠海横琴粤澳深度合作区执行委员会招聘澳门特别行政区居民90人笔试备考试题及答案解析.docx
- 基于excite timing drive的汽油机多阀系仿真及优化研究浙江大学等.pdf VIP
- 2025届河南省豫西北教研联盟(许洛平)高三上学期第一次质量检测(一模)思想政治试题(含答案).docx VIP
文档评论(0)