I. Program Analysis II. Data Flow Analysis ✓ Available Expressions ✓ Liveness Analysis ✓ Reaching Definitions ✓ Very Busy Expressions III.Theory Behind IV. Sensitivity V. Summary
文件格式: PPTX大小: 1.61MB页数: 57
• Static Program Representation ➢ Control Flow Graph ➢ Program Dependence Graph ➢ Points-to Graph ➢ Call Graph • Control Flow Graph Extraction ➢ Source Code to CFG ➢ ELF/PE File to CFG • Applications ➢ Control Flow Integrity – Principles and Implementations(CFI) ➢ Practical Control Flow Integrity & Randomization for Binary Executables(CCFIR) • Summary
文件格式: PPTX大小: 2.14MB页数: 110
南京大学:《软件安全 Software Security》课程教学资源(PPT课件讲稿)Return-Orinted Programming(ROP Attack)
文件格式: PPT大小: 2.67MB页数: 65
◼ What Is a Format String ◼ Format Functions ◼ Ellipsis and va_args ◼ Summary ◼ Using Format Strings ◼ Format Tokens ◼ Types of Format Specifiers ◼ Summary ◼ Format String Vulnerability ◼ Abusing Format Strings ◼ Reading Memory ◼ Writing to Memory ◼ Summary ◼ Finding Format String Bugs ◼ FlawFinder
文件格式: PPTX大小: 1.49MB页数: 51
• Threat Model • Control Flow Graph • Control Flow Integrity basic implementation – Build CFG – Instrumentation – Evaluation – Security and Adversary • Binary-CFI(CCFIR) – Introduce – Implementation – Context-Sensitive CFI
文件格式: PPTX大小: 2.38MB页数: 58
南京大学:《软件安全 Software Security》课程教学资源(PPT课件讲稿)Redundant dynamic Canary
文件格式: PPT大小: 371.5KB页数: 15
Background Control Flow Hijack Control Flow Hijack Defense Canary Defense StackGuard StackGuard Weakness DiffGuard Polymorphic Canary Data Execution Prevention Definition DEP Scorecard Return-to-libc Attack ASLR ASLR Randomization ASLR
文件格式: PDF大小: 2.28MB页数: 57
Buffer Overflow:The Essentials Vulnerability Metrics What are Buffer Overflow? Basic Example Shellcode Definition Basic Example Shell-Spawning Shellcode A Real World Buffer Overflow Attack Key Point A vulnerability in Easy RM to MP3 Conversion How to hack the vulnerable program Integer Overflow Overview A Real World Example Common Patterns in Integer Overflow Heap Overflow What is the Heap? An Abstract Example
文件格式: PDF大小: 8.54MB页数: 112
• Background • Software Security: Control-flow Hijack Attack ➢ Memory Layout , Stack frame, & Procedure ➢ Buffer Overflow: Vulnerability, & Defenses ➢ RILC, Return-Oriented Programming ➢ ASLR & CFI • Software Security: Non-control Data Attack ➢ Data Oriented Programming • Summary
文件格式: PPTX大小: 1.25MB页数: 52
Software Security Course Overview Description Goal Text Books Course Schedule Prerequisites Tentative Course Project Teaching Assistant Contact Information Introduction to Software Security Background Root Cause of the Security Problems Vulnerability Exploits
文件格式: PDF大小: 4.1MB页数: 32