| 000 | 03174nam a22003737a 4500 | ||
|---|---|---|---|
| 001 | 20749413 | ||
| 003 | APU | ||
| 005 | 20221101101610.0 | ||
| 008 | 210804t20182018nyua b 000 0 eng d | ||
| 010 | _a2018303882 | ||
| 020 | _a9781970001822 (epub) | ||
| 020 | _a9781970001815 (pdf) | ||
| 035 | _a(OCoLC)on1030607469 | ||
| 040 |
_aAZU _beng _cAPU _dSF |
||
| 042 | _alccopycat | ||
| 050 | 0 | 0 |
_aQA76.9.A25 _bL36 2018eb |
| 082 | 0 | 4 |
_a005.8 _223 |
| 100 | 1 |
_aLarsen, Per, _d1980- _947431 |
|
| 245 | 1 | 4 |
_aThe continuing arms race : _bcode-reuse attacks and defenses _h[electronic resource] / _cPer Larsen, Ahmad-Reza Sadeghi. |
| 260 |
_a[New York] : _bAssociation for Computing Machinery, _cc2018. |
||
| 300 |
_a1 online resource (xiii, 288 pages) : _billustrations (some color) ; _c24 cm. |
||
| 490 | 1 |
_aACM books, _x2374-6769 ; _v#18 |
|
| 504 | _aIncludes bibliographical references (pages 261-281). | ||
| 505 | 0 | _aHow Memory Safety Violations Enable Exploitation of Programs -- Protecting Dynamic Code -- Diversity and Information Leaks -- Code-Pointer Integrity -- Evaluating Control: Flow Restricting Devices -- Attacking Dynamic Code -- Hardware Control Flow Integrity -- Multi-Variant Execution Environments. | |
| 520 | _aAs human activities moved to the digital domain, so did all the well-known malicious behaviors including fraud, theft, and other trickery. There is no silver bullet, and each security threat calls for a specific answer. One specific threat is that applications accept malformed inputs, and in many cases it is possible to craft inputs that let an intruder take full control over the target computer system. The nature of systems programming languages lies at the heart of the problem. Rather than rewriting decades of well-tested functionality, this book examines ways to live with the (programming) sins of the past while shoring up security in the most efficient manner possible. We explore a range of different options, each making significant progress towards securing legacy programs from malicious inputs. The solutions explored include enforcement-type defenses, which excludes certain program executions because they never arise during normal operation. Another strand explores the idea of presenting adversaries with a moving target that unpredictably changes its attack surface thanks to randomization. We also cover tandem execution ideas where the compromise of one executing clone causes it to diverge from another thus revealing adversarial activities. The main purpose of this book is to provide readers with some of the most influential works on run-time exploits and defenses. We hope that the material in this book will inspire readers and generate new ideas and paradigms. -- | ||
| 650 | 0 | _aComputer security. | |
| 650 | 0 |
_aHacking _xPrevention. _947432 |
|
| 650 | 0 |
_aMemory management (Computer science) _910870 |
|
| 650 | 7 |
_aComputer security. _2fast _947433 |
|
| 700 | 1 |
_aSadeghi, Ahmad-Reza, _947434 |
|
| 830 | 0 |
_aACM books ; _v#18. _947379 |
|
| 856 |
_uhttps://dl-acm-org.ezproxy.apiit.edu.my/doi/book/10.1145/3129743 _zAvailable in ACM Digital Library. Requires Log In to view full text. |
||
| 942 |
_2lcc _cE-Book |
||
| 999 |
_c383494 _d383494 |
||