Vulnerability diagnosis is important for program security analysis. It is a further step to understand the vulnerability after it is detected, as well as a preparatory step for vulnerability repair or exploitation. This paper mainly analyses the inner theories of major memory vulnerabilities and the threats of them. And then suggests some methods to diagnose several types of memory vulnerabilities for the binary programs, which is a difficult task due to the lack of source code. The diagnosis methods target at buffer overflow, use after free (UAF) and format string vulnerabilities. We carried out some tests on the Linux platform to validate the effectiveness of the diagnosis methods. It is proved that the methods can judge the type of the v...
Recently fault injection has increasingly been used both to attack software applications, and to tes...
In this book we examine a number of vulnerabilities in C-like languages that can be exploited by att...
This paper is a discussion of current software security vulnerabilities in the Linux operating syste...
This research investigates the complexity of, and develops a formal approach for, vulnerability disc...
Background. One of the main reasons for memory corruption vulnerabilities lies in the lack of built...
Cyber attacks against networked computers have become relentless in recent years. The most common at...
International audienceThis paper presents a method for exploitable vulnerabilities detection in bina...
Buffer overflow attacks have been a computer security threat in software-based systems andapplications...
This article presents the method for purposeful detection of vulnerabilities depending on input data...
Security vulnerabilities are present in most software systems, especially in projects with a large ...
Pointer taintedness is a concept which has been successfully employed as basis for vulnerability ana...
Security vulnerabilities are present in most software systems, especially in projects with a large c...
Abstract—In this paper we present MAYHEM, a new sys-tem for automatically finding exploitable bugs i...
Abstract—In this paper we present MAYHEM, a new sys-tem for automatically finding exploitable bugs i...
International audienceFault attacks are a major threat requiring to protect applications. We present...
Recently fault injection has increasingly been used both to attack software applications, and to tes...
In this book we examine a number of vulnerabilities in C-like languages that can be exploited by att...
This paper is a discussion of current software security vulnerabilities in the Linux operating syste...
This research investigates the complexity of, and develops a formal approach for, vulnerability disc...
Background. One of the main reasons for memory corruption vulnerabilities lies in the lack of built...
Cyber attacks against networked computers have become relentless in recent years. The most common at...
International audienceThis paper presents a method for exploitable vulnerabilities detection in bina...
Buffer overflow attacks have been a computer security threat in software-based systems andapplications...
This article presents the method for purposeful detection of vulnerabilities depending on input data...
Security vulnerabilities are present in most software systems, especially in projects with a large ...
Pointer taintedness is a concept which has been successfully employed as basis for vulnerability ana...
Security vulnerabilities are present in most software systems, especially in projects with a large c...
Abstract—In this paper we present MAYHEM, a new sys-tem for automatically finding exploitable bugs i...
Abstract—In this paper we present MAYHEM, a new sys-tem for automatically finding exploitable bugs i...
International audienceFault attacks are a major threat requiring to protect applications. We present...
Recently fault injection has increasingly been used both to attack software applications, and to tes...
In this book we examine a number of vulnerabilities in C-like languages that can be exploited by att...
This paper is a discussion of current software security vulnerabilities in the Linux operating syste...