We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component, such as layouts of stack frames. Existing software analysis tools, while effective at identifying vulnerabilities, fail to model low-level details, and are hence unsuitable for exploit-finding. We study the issues involved in exploit-finding by considering application programming interface (API) level exploits. A software component is vulnerable to an API-level exploit if its security can be compromised by invoking a sequence of API operations allowed by the component. We develop a formal framework that allows us to model low-level details of API...
The number of security failure discovered and disclosed publicly are increasing at a pace like never...
Today's software industry relies heavily on the reuse of existing software libraries. Such libraries...
Cryptography is often a critical component in secure software systems. Cryptographic primitive misus...
A system is vulnerable to an API-level attack if its security can be compromised by invoking an allo...
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering an...
In 2000, Bond and Anderson exposed a new family of attacks on application programming interfaces (AP...
One of the recent trends adopted by malware authors is to use packers or software tools that instiga...
Web application programmers must be aware of a wide range of potential security risks. Although the ...
Abstract. Security has become the Achilles ’ heel of most modern soft-ware systems. Techniques rangi...
Application Programming Interfaces (APIs) in cryptography typically impose concealed usage con...
Application Programming Interfaces (APIs) typically come with (implicit) usage constraints. The viol...
In recent years, increased attention is being given to software quality assurance and protection. Wi...
We explore the problem of identifying unauthorized privilege es-calation instances in a web applicat...
Software vulnerabilities are mistakes in software such that its execution can violate the security p...
We introduce and demonstrate the viability of a novel technique for verifying that implementations o...
The number of security failure discovered and disclosed publicly are increasing at a pace like never...
Today's software industry relies heavily on the reuse of existing software libraries. Such libraries...
Cryptography is often a critical component in secure software systems. Cryptographic primitive misus...
A system is vulnerable to an API-level attack if its security can be compromised by invoking an allo...
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering an...
In 2000, Bond and Anderson exposed a new family of attacks on application programming interfaces (AP...
One of the recent trends adopted by malware authors is to use packers or software tools that instiga...
Web application programmers must be aware of a wide range of potential security risks. Although the ...
Abstract. Security has become the Achilles ’ heel of most modern soft-ware systems. Techniques rangi...
Application Programming Interfaces (APIs) in cryptography typically impose concealed usage con...
Application Programming Interfaces (APIs) typically come with (implicit) usage constraints. The viol...
In recent years, increased attention is being given to software quality assurance and protection. Wi...
We explore the problem of identifying unauthorized privilege es-calation instances in a web applicat...
Software vulnerabilities are mistakes in software such that its execution can violate the security p...
We introduce and demonstrate the viability of a novel technique for verifying that implementations o...
The number of security failure discovered and disclosed publicly are increasing at a pace like never...
Today's software industry relies heavily on the reuse of existing software libraries. Such libraries...
Cryptography is often a critical component in secure software systems. Cryptographic primitive misus...