排序方式: 共有62条查询结果,搜索用时 93 毫秒
61.
For various reasons, many of the security programming rules applicable to specific software have not been recorded in official documents, and hence can hardly be employed by static analysis tools for detection. In this paper, we propose a new approach, named SVR Miner (Security Validation Rules Miner), which uses frequent sequence mining technique [1 4] to automatically infer implicit security validation rules from large software code written in C programming language. Different from the past works in this area, SVR Miner introduces three techniques which are sensitive thread, program slicing [5 7], and equivalent statements computing to improve the accuracy of rules. Experiments with the Linux Kernel demonstrate the effectiveness of our approach. With the ten given sensitive threads, SVR Miner automatically generated 17 security validation rules and detected 8 violations, 5 of which were published by Linux Kernel Organization before we detected them. We have reported the other three to the Linux Kernel Organization recently. 相似文献
62.
Although there exist a few good schemes to protect the kernel hooks of operating systems, attackers are still able to circumvent existing defense mechanisms with spurious context information. To address this challenge, this paper proposes a framework, called HookIMA, to detect compromised kernel hooks by using hardware debugging features. The key contribution of the work is that context information is captured from hardware instead of from relatively vulnerable kernel data. Using commodity hardware, a proof-of-concept prototype system of HookIMA has been developed. This prototype handles 3 082 dynamic control-flow transfers with related hooks in the kernel space. Experiments show that HookIMA is capable of detecting compromised kernel hooks caused by kernel rootkits. Performance evaluations with UnixBench indicate that runtime overhead introduced by HookIMA is about 21.5% . 相似文献