Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
|
|
|
- Camron Gaines
- 5 years ago
- Views:
Transcription
1 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti Universita degli Studi di Milano Cisco Systems, Inc. Eurecom USENIX Security Austin, USA 1
2 SPRAYING Traditional code based spraying JIT spraying Data spraying and stack pivoting 2
3 RELATED WORK HEAP SPRAYING Egele et al. - DIMVA 09 Nozzle - USENIX Security 09 BuBBLE - ESSoS 10 3
4 RELATED WORK HEAP SPRAYING Egele et al. - DIMVA 09 Nozzle - USENIX Security 09 BuBBLE - ESSoS 10 JIT SPRAYING JITsec - VEE 06 Bania - Whitepaper 10 JITDefender - IFIP 11 Lobotomy - Ares 14 4
5 RELATED WORK HEAP SPRAYING Egele et al. - DIMVA 09 Nozzle - USENIX Security 09 BuBBLE - ESSoS 10 JIT SPRAYING JITsec - VEE 06 Bania - Whitepaper 10 JITDefender - IFIP 11 Lobotomy - Ares 14 DATA SPRAYING EMET - Microsoft 09 Browser solutions 5
6 RELATED WORK HEAP SPRAYING Egele et al. - DIMVA 09 Nozzle - USENIX Security 09 BuBBLE - ESSoS 10 - No comprehensive JIT SPRAYING and scalable solutions vs spraying - No OS agnostic JITsec - VEE solutions 06 Bania - Whitepaper 10 JITDefender - IFIP 11 Lobotomy - Ares 14 DATA SPRAYING EMET - Microsoft 09 Browser solutions 6
7 MEMORY FOOTPRINT 7
8 MEMORY FOOTPRINT 8
9 GOALS The system should be completely independent from the memory allocator used by the protected application The system should not require any OS dependent information The overhead introduced by our system should be reasonable Modular framework based on plugins 9
10 ARCHITECTURE OVERVIEW 10
11 ARCHITECTURE OVERVIEW 11
12 MEMORY TRACER Creation/Modification/Removal of the page: Detected by looking at the PTE Creation/Modification/Removal of the page table: Detected by looking at the PDE 12
13 Overhead issues: INTERFERENCE PROBLEM A modification of the memory page of the running process creates a side effect modification of a memory page in another process Due to kernel memory operations optimizations 13
14 INTERFERENCE PROBLEM Overhead for Internet Explorer 10 (IE): 22% Overhead for Acrobat Reader and Firefox on top of IE: 63% IE s overhead increases from 22% to 63% 14
15 MICRO-VIRTUALIZATION Each monitored process runs inside its own virtual memory sandbox Graffiti enables the memory protection only for the actual running and monitored process 15
16 MICRO-VIRTUALIZATION: DETAILS Micro-virtualization is based on EPT: Select a set of physical pages to monitor the target process One EPT pointer (EPTP) per process 16
17 ARCHITECTURE OVERVIEW 17
18 STATIC ANALYZER Set of heuristics to detect the different spraying techniques: Malicious code detector [ACSAC10, SEC11] 18
19 STATIC ANALYZER Set of heuristics to detect the different spraying techniques: Malicious code detector [ACSAC10, SEC11] Self-unpacking shellcode detector [ACSAC07] 19
20 STATIC ANALYZER Set of heuristics to detect the different spraying techniques: Malicious code detector [ACSAC10, SEC11] Self-unpacking shellcode detector [ACSAC07] Data spraying detector [RAID13,RAID15] 20
21 EXPERIMENTS: OVERHEAD The memory tracer is always active Stress suite results (8MB every 2s): Windows 7: 24% Linux 3.2: 25% 21
22 EXPERIMENTS: OVERHEAD 22
23 DETECTION ACCURACY 23
24 DETECTION ACCURACY System tested also with 1000 malicious PDF, 1000 benign PDF documents and top 1000 Alexa websites Conservative threshold (150MB) Graffiti detected all the attacks with zero false alarms 24
25 GLOBAL EXPERIMENTS Final global test in which real users use Graffiti during their everyday activities for a total of 8-10 hours per day in a period of 7 days Conservative threshold of 150MB on IE8 for Windows 7 machines 25
26 GLOBAL EXPERIMENTS 492 distinct web pages visited Detectors activated 55 times (~8 times per day) 12 alerts on pages that seemed to be benign. A closer inspection of the false positive shows the data spraying detector to be the only responsible 26
27 CONCLUSIONS First efficient and comprehensive solution to defeat spraying Micro-virtualization Open source 27
28 SOURCE CODE Code available at 28
29 QUESTIONS? Mariano 29
Heap Taichi: Exploiting Memory Allocation Granularity in Heap-Spraying Attacks
Heap Taichi: Exploiting Memory Allocation Granularity in Heap-Spraying Attacks Yu Ding 1, Tao Wei 1, Tielei Wang 1, Zhenkai Liang 2, Wei Zou 1 1 Peking University, 2 National University of Singapore A
Detecting Self-Mutating Malware Using Control-Flow Graph Matching
Detecting Self-Mutating Malware Using Control-Flow Graph Matching Danilo Bruschi Lorenzo Martignoni Mattia Monga Dipartimento di Informatica e Comunicazione Università degli Studi di Milano {bruschi,martign,monga}@dico.unimi.it
Malware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
JITDefender: A Defense against JIT Spraying Attacks
JITDefender: A Defense against JIT Spraying Attacks Ping Chen, Yi Fang, Bing Mao, Li Xie To cite this version: Ping Chen, Yi Fang, Bing Mao, Li Xie. JITDefender: A Defense against JIT Spraying Attacks.
Heaps of Heap-based Memory Attacks
Heaps of Heap-based Memory Attacks Kevin Leach kleach2@gmu.edu Center for Secure Information Systems 3 October 2012 K. Leach (CSIS) Heaps of Heap-based Memory Attacks 3 October 2012 1 / 23 Goals During
Is Exploitation Over? Bypassing Memory Protections in Windows 7
Is Exploitation Over? Bypassing Memory Protections in Windows 7 Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Published research into reliable exploitation techniques: Heap
LOBOTOMY An Architecture for JIT Spraying Mitigation
LOBOTOMY An Architecture for JIT Spraying Mitigation Martin Jauernig Vienna University of Technology Matthias Neugschwandtner Vienna University of Technology Christian Platzer Vienna University of Technology
PlatPal: Detecting Malicious Documents with Platform Diversity
PlatPal: Detecting Malicious Documents with Platform Diversity Meng Xu and Taesoo Kim Georgia Institute of Technology 1 Malicious Documents On the Rise 2 3 4 Adobe Components Exploited Element parser JavaScript
Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment
Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment Salman Javaid Aleksandar Zoranic Irfan Ahmed Golden G. Richard III University of New Orleans Greater New
Robust Shell Code Return Oriented Programming and HeapSpray. Zhiqiang Lin
CS 6V81-05: System Security and Malicious Code Analysis Robust Shell Code Return Oriented Programming and HeapSpray Zhiqiang Lin Department of Computer Science University of Texas at Dallas April 16 th,
CSE 127: Computer Security. Memory Integrity. Kirill Levchenko
CSE 127: Computer Security Memory Integrity Kirill Levchenko November 18, 2014 Stack Buffer Overflow Stack buffer overflow: writing past end of a stackallocated buffer Also called stack smashing One of
Live Attack Visualization and Analysis. What does a Malware attack look like?
Live Attack Visualization and Analysis What does a Malware attack look like? Introduction Bromium is a virtualization pioneer whose micro-virtualization technology delivers dependable, secure and manageable
Undermining Information Hiding (And What to do About it)
Undermining Information Hiding (And What to do About it) Enes Göktaş, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, Herbert Bos Overview Mitigating
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
Lecture 10. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. Asia Slowinska, Herbert Bos. Advanced Operating Systems
Lecture 10 Pointless Tainting? Evaluating the Practicality of Pointer Tainting Asia Slowinska, Herbert Bos Advanced Operating Systems December 15, 2010 SOA/OS Lecture 10, Pointer Tainting 1/40 Introduction
Towards Automatic Generation of Vulnerability- Based Signatures
Towards Automatic Generation of Vulnerability- Based Signatures David Brumley, James Newsome, Dawn Song, Hao Wang, and Somesh Jha (presented by Boniface Hicks) Systems and Internet Infrastructure Security
Operating Systems. IV. Memory Management
Operating Systems IV. Memory Management Ludovic Apvrille ludovic.apvrille@telecom-paristech.fr Eurecom, office 470 http://soc.eurecom.fr/os/ @OS Eurecom Outline Basics of Memory Management Hardware Architecture
System Security. Aurélien Francillon
System Security Aurélien Francillon francill@eurecom.fr News of the week Memory corruption vulnerabilities and counter measures Aurélien Francillon francill@eurecom.fr It s quite an old field Internet
The Slide does not contain all the information and cannot be treated as a study material for Operating System. Please refer the text book for exams.
The Slide does not contain all the information and cannot be treated as a study material for Operating System. Please refer the text book for exams. Operating System Services User Operating System Interface
Detection and Mitigation of Performance Attacks in Multi-Tenant Cloud Computing
Institute for Cyber Security Department of Computer Science Detection and Mitigation of Performance Attacks in Multi-Tenant Cloud Computing Carlos Cardenas and Rajendra V. Boppana Computer Science Department
SECURE2013 ANDROTOTAL A SCALABLE FRAMEWORK FOR ANDROID ANTIMALWARE TESTING
SECURE2013 ANDROTOTAL A SCALABLE FRAMEWORK FOR ANDROID ANTIMALWARE TESTING Federico Maggi, Andrea Valdi, Stefano Zanero Politecnico di Milano, DEIB fede@maggi.cc ROADMAP 1. Android threats and protections
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
Virtual Memory I. Jo, Heeseung
Virtual Memory I Jo, Heeseung Today's Topics Virtual memory implementation Paging Segmentation 2 Paging Introduction Physical memory Process A Virtual memory Page 3 Page 2 Frame 11 Frame 10 Frame 9 4KB
ShieldFS: The Last Word in Ransomware Resilient Filesystems
ShieldFS: The Last Word in Ransomware Resilient Filesystems Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, Federico Maggi * US patent
Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization
Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Anton Kuijsten Andrew S. Tanenbaum Vrije Universiteit Amsterdam 21st USENIX Security Symposium Bellevue,
Training for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
CSE 227 Computer Security Spring 2010 S f o t ftware D f e enses I Ste St f e an f Sa v Sa a v g a e g
CSE 227 Computer Security Spring 2010 Software Df Defenses I Stefan Savage Kinds of defenses Eliminate violation of runtime model Better languages, code analysis Don t allow bad input Input validation
White Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection
White Paper New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection The latest version of the flagship McAfee Gateway Anti-Malware technology adapts to new threats and plans for future
Nested EPT to Make Nested VMX Faster. Red Hat Author Gleb Natapov October 21, 2013
Nested EPT to Make Nested VMX Faster Red Hat Author Gleb Natapov October 21, 2013 Section 1 Background Shadow Paging Background 3 Shadow Paging Background 4 Shadow Paging Background 5 Shadow Paging Background
BlackBox. Lightweight Security Monitoring for COTS Binaries. Byron Hawkins and Brian Demsky University of California, Irvine, USA
BlackBox Lightweight Security Monitoring for COTS Binaries Byron Hawkins and Brian Demsky University of California, Irvine, USA Michael B. Taylor University of California, San Diego, USA Why Security Monitoring?
Process. Operating Systems (Fall/Winter 2018) Yajin Zhou ( Zhejiang University
Operating Systems (Fall/Winter 2018) Process Yajin Zhou (http://yajin.org) Zhejiang University Acknowledgement: some pages are based on the slides from Zhi Wang(fsu). Review System calls implementation
Self-Learning Systems for Network Intrusion Detection
Self-Learning Systems for Network Intrusion Detection Konrad Rieck Computer Security Group University of Göttingen GEORG-AUGUST-UNIVERSITÄT GÖTTINGEN About Me» Junior Professor for Computer Security» Research
ARMlock: Hardware-based Fault Isolation for ARM
ARMlock: Hardware-based Fault Isolation for ARM Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang North Carolina State University Xi an Jiaotong University Florida State University Software is Complicated
SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees
![SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees](/thumbs/84/90671868.jpg "SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees")
SandBlast Agent FAQ What is Check Point SandBlast Agent? Check Point SandBlast Agent defends endpoints and web browsers with a complete set of realtime advanced browser and endpoint protection technologies,
From bottom to top: Exploiting hardware side channels in web browsers
From bottom to top: Exploiting hardware side channels in web browsers Clémentine Maurice, Graz University of Technology July 4, 2017 RMLL, Saint-Étienne, France Rennes Graz Clémentine Maurice PhD since
Secure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
Outline. Memory Exploit
Outline CS 6V81-05: System Security and Malicious Code Analysis Robust Shell Code Return Oriented Programming and HeapSpray Zhiqiang Lin Department of Computer Science University of Texas at Dallas April
CS 261 Fall Mike Lam, Professor. Virtual Memory
CS 261 Fall 2016 Mike Lam, Professor Virtual Memory Topics Operating systems Address spaces Virtual memory Address translation Memory allocation Lingering questions What happens when you call malloc()?
Secure In-VM Monitoring Using Hardware Virtualization
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif Georgia Institute of Technology Atlanta, GA, USA msharif@cc.gatech.edu Wenke Lee Georgia Institute of Technology Atlanta, GA, USA wenke@cc.gatech.edu
CSSR: Automatic Detection of Unsafe Component Loadings MURI Earl T. Barr Taeho Kwon Zhendong Su. Helix
CSSR: Automatic Detection of Unsafe Component Loadings MURI 2010 Earl T. Barr Taeho Kwon Zhendong Su Helix Helix Integration Metamorphic Shield Precise Signatures, Patches, Re-Diversification, Validated
SentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
Trouble Shooting Portable Documents Format (PDF) Q/A Solutions: AT ANY TIME THE USER CAN SAVE THE FILE TO THEIR COMPUTER AND FILL OUT THE FORM
Trouble Shooting Portable Documents Format (PDF) Q/A Solutions: 1. How do I save PDF forms to my computer? 2. Please wait screen 3. Browsers and 3rd party extensions fixes AT ANY TIME THE USER CAN SAVE
A Smart Fuzzer for x86 Executables
Università degli Studi di Milano Facoltà di Scienze Matematiche, Fisiche e Naturali A Smart Fuzzer for x86 Executables Andrea Lanzi, Lorenzo Martignoni, Mattia Monga, Roberto Paleari May 19, 2007 Lanzi,
Stack Overflow. Faculty Workshop on Cyber Security May 23, 2012
Stack Overflow Faculty Workshop on Cyber Security May 23, 2012 Goals Learn to hack into computer systems using buffer overflow Steal sensitive data Crash computer programs Lay waste to systems throughout
PERFVIEW..NET runtime performance and ETW event analysis tool
PERFVIEW.NET runtime performance and ETW event analysis tool OVERVIEW Formerly from Vance Morrison (.NET performance architect) Open-source Performance-analysis tool Can be used to investigate CPU and
143A: Principles of Operating Systems. Lecture 5: Address translation. Anton Burtsev October, 2018
143A: Principles of Operating Systems Lecture 5: Address translation Anton Burtsev October, 2018 Two programs one memory Or more like renting a set of rooms in an office building Or more like renting a
Paging. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Paging Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today s Topics Virtual memory implementation Paging Segmentation 2 Paging (1) Paging Permits
Fundamentals of Linux Platform Security
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security Module 8 Arbitrary Code Execution: Threats & Countermeasures
Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection
Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection Jeffrey Bickford *, H. Andrés Lagar-Cavilla #, Alexander Varshavsky #, Vinod Ganapathy *, and Liviu Iftode * * Rutgers University
CodeXt: Automatic Extraction of Obfuscated Attack Code from Memory Dump
CodeXt: Automatic Extraction of Obfuscated Attack Code from Memory Dump Ryan Farley and Xinyuan Wang George Mason University Information Security, the 17 th International Conference ISC 2014, Hong Kong
NGN Progress Report. Table of Contents
NGN Progress Report Title: Simulator Scalability Testing Prepared by: Richard Nelson Date: 08 February, 2006 Table of Contents Introduction...2 Simulators...2 Test Method...2 Simulation Model...2 CPU Utilisation...2
Live Virtual Machine Migration with Efficient Working Set Prediction
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore Live Virtual Machine Migration with Efficient Working Set Prediction Ei Phyu Zaw
CSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
Towards High Assurance Networks of Virtual Machines
Towards High Assurance Networks of Virtual Machines Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
Security Bugs in Embedded Interpreters
Security Bugs in Embedded Interpreters Haogang Chen, Cody Cutler, Taesoo Kim, Yandong Mao, Xi Wang, Nickolai Zeldovich and M. Frans Kaashoek MIT CSAIL Embedded interpreters Host system Bytecode Input Embedded
Cling: A Memory Allocator to Mitigate Dangling Pointers. Periklis Akritidis
Cling: A Memory Allocator to Mitigate Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory Through Dangling Pointers Techniques : Heap Spraying, Feng Shui Manual
Suite Hardware and Software Requirements - V4.00
Suite and Software Requirements - V4.00 Server/Workstation Component Requirements Workstation Database Server Repository Server Terminal Services (Optional) Notes: Processor Multi Core or better Memory
Runtime Application Self-Protection (RASP) Performance Metrics
Product Analysis June 2016 Runtime Application Self-Protection (RASP) Performance Metrics Virtualization Provides Improved Security Without Increased Overhead Highly accurate. Easy to install. Simple to
CS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017
CS 471 Operating Systems Yue Cheng George Mason University Fall 2017 Review: Segmentation 2 Virtual Memory Accesses o Approaches: Static Relocation Dynamic Relocation Base Base-and-Bounds Segmentation
Cloud Sandboxing Against Advanced Persistent Attacks
CANTO 2017 Cloud Sandboxing Against Advanced Persistent Attacks Ric Leung Director of Product Management Huawei Technologies Co., Ltd. Traditional Defenses Are Ineffective Against Advanced Unknown Threats
Paging. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Paging Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today s Topics Virtual memory implementation Paging Segmentation 2 Paging (1) Paging Permits
Secure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware
to Detect Keystroke-Harvesting Malware Menlo Park, 21st September 2011 Stefano Ortolani - ortolani@cs.vu.nl Cristiano Giuffrida - giuffrida@cs.vu.nl Vrije Universiteit Amsterdam, The Netherlands Bruno
COMP 3430 Robert Guderian
Operating Systems COMP 3430 Robert Guderian file:///users/robg/dropbox/teaching/3430-2018/slides/03_processes/index.html?print-pdf#/ 1/53 1 Processes file:///users/robg/dropbox/teaching/3430-2018/slides/03_processes/index.html?print-pdf#/
Vulnerability Analysis I:
Vulnerability Analysis I: Exploit Hardening Made Easy Surgically Returning to Randomized Lib(c) Mitchell Adair September 9 th, 2011 Outline 1 Background 2 Surgically Returning to Randomized lib(c) 3 Exploit
ENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks
ENEE 457: Computer Systems Security Lecture 16 Buffer Overflow Attacks Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park Buffer overflow
VIRTUAL MEMORY. Operating Systems 2015 Spring by Euiseong Seo
VIRTUAL MEMORY Operating Systems 2015 Spring by Euiseong Seo Today s Topics Virtual memory implementation Paging Segmentation Paging Permits the physical address space of a process to be noncontiguous
A Multi-OS Cross-Layer Study of Bloating in User Programs, Kernel and Managed Execution Environments
A Multi-OS Cross-Layer Study of Bloating in User Programs, Kernel and Managed Execution Environments Anh Quach, Rukayat Erinfolami, David Demicco, Aravind Prakash Code Bloating in Software Stack Bloating:
Virtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
Secure Coding Techniques
Secure Coding Techniques "... the world outside your function should be treated as hostile and bent upon your destruction" [Writing Secure Code, Howard and LeBlanc] "Distrust and caution are the parents
ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version:
ID: 2 Sample Name:._k.php Cookbook: default.jbs Time: 0:41:1 Date: 2/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification
Adon'tbe an Adobe victim
Adon'tbe an Adobe victim An overview of how recent Adobe-related flaws affect your web application Joshua Stabiner EY Agenda Introductions Background Cross-site scripting (PDF) Overview Exploit Mitigation
ProdDiagNode - Version: 1. Production Diagnostics for Node Applications
ProdDiagNode - Version: 1 Production Diagnostics for Node Applications Production Diagnostics for Node Applications ProdDiagNode - Version: 1 2 days Course Description: Node.js, the popular cross-platform
Manufacturing Tools in the UEFI Secure Boot Environment
Manufacturing Tools in the UEFI Secure Boot Environment Presented by Stefano Righi presented by UEFI Plugfest May 2014 Agenda Introduction Transition of Manufacturing Tools to UEFI Manufacturing Tools
Gone, But Not Forgotten: The Current State of Private Computing
Gone, But Not Forgotten: The Current State of Private Computing Aseem Rastogi Jun Yuan Rob Johnson University of Maryland, College Park Stony Brook University Web browser private mode Web browser private
Discovering Application-level Insider Attacks using Symbolic Execution. Karthik Pattabiraman Zbigniew Kalbarczyk Ravishankar K.
Discovering Application-level Insider Attacks using Symbolic Execution Karthik Pattabiraman Zbigniew Kalbarczyk Ravishankar K. Iyer Motivation: Insider Attacks Malicious insiders can plant logic-bombs/back-doors
143A: Principles of Operating Systems. Lecture 6: Address translation (Paging) Anton Burtsev October, 2017
143A: Principles of Operating Systems Lecture 6: Address translation (Paging) Anton Burtsev October, 2017 Paging Pages Pages Paging idea Break up memory into 4096-byte chunks called pages Modern hardware
Unikernel support for the deployment of light-weight, self-contained, and latency avoiding services
Unikernel support for the deployment of light-weight, self-contained, and latency avoiding services University of St Andrews Ward Jaradat, Alan Dearle, and Jonathan Lewis Overview Motivation Goals Unikernels
BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks
BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks Francesco Gadaleta, Yves Younan, and Wouter Joosen IBBT-Distrinet, Katholieke Universiteit Leuven, 3001, Leuven Belgium Abstract.
Monitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015
Monitoring Hypervisor Integrity at Runtime Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015 Motivation - Server Virtualization Trend x86 servers were virtualized
Extensible Network Security Services on Software Programmable Router OS. David Yau, Prem Gopalan, Seung Chul Han, Feng Liang
Extensible Network Security Services on Software Programmable Router OS David Yau, Prem Gopalan, Seung Chul Han, Feng Liang System Software and Architecture Lab Department of Computer Sciences Purdue University
Chapter 4: Threads. Operating System Concepts 8 th Edition,
Chapter 4: Threads, Silberschatz, Galvin and Gagne 2009 Chapter 4: Threads Overview Multithreading Models Thread Libraries 4.2 Silberschatz, Galvin and Gagne 2009 Objectives To introduce the notion of
1/13/2019 Operating Systems. file:///volumes/users/rasit/desktop/comp3430/coursematerial/slides/03_processes/index.html?
Operating Systems COMP 3430 Eskicioglu & Guderian file:///volumes/users/rasit/desktop/comp3430/coursematerial/slides/03_processes/index.html?print-pdf#/ 1/52 1 Processes file:///volumes/users/rasit/desktop/comp3430/coursematerial/slides/03_processes/index.html?print-pdf#/
Digital Forensics Lecture 02 PDF Structure
Digital Forensics Lecture 02 PDF Structure PDF Files Structure Akbar S. Namin Texas Tech University Spring 2017 PDF Format and Structure Tools used Text editor (e.g., vi) ClamAV antivirus (http://www.clamav.net/lang/en/download/
Setting up to download Grants Group Application Forms
Setting up to download Grants Group Application Forms Guidance on setting up Adobe Reader Although it is in common use, we recognise that you may not use Adobe Reader as your preferred pdf reader but it
Anatomy of a Real-Time Intrusion Prevention System
Anatomy of a Real-Time Intrusion Prevention System Koller, R.; Rangaswami, R.; Marrero, J.; Hernandez, I.; Smith, G.; Barsilai, M.; Necula, S.; Sadjadi, S.M.; Tao Li; Merrill, K., Autonomic Computing,
CSE 544 Advanced Systems Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems
CS162 - Operating Systems and Systems Programming. Address Translation => Paging"
CS162 - Operating Systems and Systems Programming Address Translation => Paging" David E. Culler! http://cs162.eecs.berkeley.edu/! Lecture #15! Oct 3, 2014!! Reading: A&D 8.1-2, 8.3.1. 9.7 HW 3 out (due
For use by students enrolled in #71251 CSE430 Fall 2012 at Arizona State University. Do not use if not enrolled.
Operating Systems: Internals and Design Principles Chapter 4 Threads Seventh Edition By William Stallings Operating Systems: Internals and Design Principles The basic idea is that the several components
Dynamic Vertical Memory Scalability for OpenJDK Cloud Applications
Dynamic Vertical Memory Scalability for OpenJDK Cloud Applications Rodrigo Bruno, Paulo Ferreira: INESC-ID / Instituto Superior Técnico, University of Lisbon Ruslan Synytsky, Tetiana Fydorenchyk: Jelastic
Heap Off by 1 Overflow Illustrated. Eric Conrad October 2007
Heap Off by 1 Overflow Illustrated Eric Conrad October 2007 1 The Attack Older CVS versions are vulnerable to an Off by 1 attack, where an attacker may insert one additional character into the heap CVS
kguard++: Improving the Performance of kguard with Low-latency Code Inflation
kguard++: Improving the Performance of kguard with Low-latency Code Inflation Jordan P. Hendricks Brown University Abstract In this paper, we introduce low-latency code inflation for kguard, a GCC plugin
Memory Management Part 1. Operating Systems in Depth XX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Memory Management Part 1 Operating Systems in Depth XX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. The Address-Space Concept Protect processes from one another Protect the OS from user processes
ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:
ID: 82 Sample Name: GeZNwROcB.bin Cookbook: default.jbs Time: 1:22:4 Date: 0/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
Configuring Dashboards
CHAPTER 2 This chapter describes dashboards, and how to add and delete them. It contains the following topics: Understanding Dashboards, page 2-1 Adding and Deleting Dashboards, page 2-1 Understanding
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices Marius Muench 1 Jan Stijohann 2,3 Frank Kargl 3 Aurélien Francillon 1 Davide Balzarotti 1 1 EURECOM 2 Siemens AG 3 Ulm University
Operating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
DRUKPORTAL MANUAL VERSION 3 - SEP.2014
CONTENT System requirements 3 Help and support 3 1 E-mail: account has been created 4 2 Change your user name if desired 5 3 Check your system 7 3.1 Click on the link check my system on the login screen
System Security. Aurélien Francillon
System Security Aurélien Francillon francill@eurecom.fr https://ha.cking.ch/s8_data_line_locator/ Intel ME Intel ME Intel ME how bad is it? Memory corruption vulnerabilities and counter measures counter
Virtual Memory. Yannis Smaragdakis, U. Athens
Virtual Memory Yannis Smaragdakis, U. Athens Example Modern Address Space (64-bit Linux) location of code : 0x40057d location of heap : 0xcf2010 location of stack : 0x7fff9ca45fcc 0x400000 0x401000 0xcf2000