Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity (Record no. 177388)
[ view plain ]
000 -LEADER | |
---|---|
fixed length control field | 04421nam a22006135i 4500 |
001 - CONTROL NUMBER | |
control field | 978-3-030-73141-0 |
003 - CONTROL NUMBER IDENTIFIER | |
control field | DE-He213 |
005 - DATE AND TIME OF LATEST TRANSACTION | |
control field | 20240423125403.0 |
007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
fixed length control field | cr nn 008mamaa |
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
fixed length control field | 210430s2021 sz | s |||| 0|eng d |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 9783030731410 |
-- | 978-3-030-73141-0 |
024 7# - OTHER STANDARD IDENTIFIER | |
Standard number or code | 10.1007/978-3-030-73141-0 |
Source of number or code | doi |
050 #4 - LIBRARY OF CONGRESS CALL NUMBER | |
Classification number | QA76.9.A25 |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | UR |
Source | bicssc |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | UTN |
Source | bicssc |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | COM053000 |
Source | bisacsh |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | UR |
Source | thema |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | UTN |
Source | thema |
082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER | |
Classification number | 005.8 |
Edition number | 23 |
100 1# - MAIN ENTRY--PERSONAL NAME | |
Personal name | Lin, Yan. |
Relator term | author. |
Relator code | aut |
-- | http://id.loc.gov/vocabulary/relators/aut |
245 10 - TITLE STATEMENT | |
Title | Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity |
Medium | [electronic resource] / |
Statement of responsibility, etc | by Yan Lin. |
250 ## - EDITION STATEMENT | |
Edition statement | 1st ed. 2021. |
264 #1 - | |
-- | Cham : |
-- | Springer International Publishing : |
-- | Imprint: Springer, |
-- | 2021. |
300 ## - PHYSICAL DESCRIPTION | |
Extent | XIII, 95 p. 23 illus. |
Other physical details | online resource. |
336 ## - | |
-- | text |
-- | txt |
-- | rdacontent |
337 ## - | |
-- | computer |
-- | c |
-- | rdamedia |
338 ## - | |
-- | online resource |
-- | cr |
-- | rdacarrier |
347 ## - | |
-- | text file |
-- | |
-- | rda |
490 1# - SERIES STATEMENT | |
Series statement | Information Security and Cryptography, |
International Standard Serial Number | 2197-845X |
505 0# - FORMATTED CONTENTS NOTE | |
Formatted contents note | Introduction -- Literature Review -- When Function Signature Recovery Meets Compiler Optimization -- Control-Flow Carrying Code -- Control-Flow Integrity Enforcement with Dynamic Code Optimization -- Conclusion -- Bibliography. |
520 ## - SUMMARY, ETC. | |
Summary, etc | Control-Flow Integrity (CFI) is an attractive security property with which most injected and code-reuse attacks can be defeated, including advanced attacking techniques like return-oriented programming. CFI extracts a control-flow graph (CFG) for a given program, with checks inserted before indirect branch instructions. Before executed during runtime, the checks consult the CFG to ensure that the indirect branch is allowed to reach the intended target. Hence, any sort of control-flow hijacking can be prevented. This concise volume proposes novel solutions to handle the fundamental components of CFI enforcement: accurately recovering the policy (CFG); embedding the CFI policy securely; and efficiently enforcing the CFI policy. Addressing the first component, the book systematically studies two methods that recover CFI policy based on function signature matching at the binary level, then offers a unique rule-and heuristic-based mechanism to more accurately recover function signature. To embed CFI policy securely, the book advocates a new platform that encodes the policy into the machine instructions directly without relying on consulting any read-only data structure. Finally, the work prescribes a mature dynamic-code-optimization platform called DynamoRIO to enforce the policy when needed. Key features: Provides deep understanding of Control-Flow Integrity Offers new insights on the relationship between function signature and compiler optimization Demonstrates how CFI can be more efficient than Data Execution Prevention This focused, distinctive volume will appeal to researchers, scientists, lecturers, as well as postgraduates with a background in binary analysis. Libraries, practitioners, and professionals will also benefit, depending on their missions and programs. Yan Lin is at the School of Computing and Information Systems, Singapore Management University. Her extensive foundational studies have focused on the area of cybersecurity, and her current research focuses on software security and system security. . |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data protection. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data structures (Computer science). |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Information theory. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Computer programming. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Compilers (Computer programs). |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Mathematical optimization. |
650 14 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data and Information Security. |
650 24 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data Structures and Information Theory. |
650 24 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Programming Techniques. |
650 24 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Compilers and Interpreters. |
650 24 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Continuous Optimization. |
710 2# - ADDED ENTRY--CORPORATE NAME | |
Corporate name or jurisdiction name as entry element | SpringerLink (Online service) |
773 0# - HOST ITEM ENTRY | |
Title | Springer Nature eBook |
776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
Display text | Printed edition: |
International Standard Book Number | 9783030731403 |
776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
Display text | Printed edition: |
International Standard Book Number | 9783030731427 |
830 #0 - SERIES ADDED ENTRY--UNIFORM TITLE | |
Uniform title | Information Security and Cryptography, |
-- | 2197-845X |
856 40 - ELECTRONIC LOCATION AND ACCESS | |
Uniform Resource Identifier | <a href="https://doi.org/10.1007/978-3-030-73141-0">https://doi.org/10.1007/978-3-030-73141-0</a> |
912 ## - | |
-- | ZDB-2-SCS |
912 ## - | |
-- | ZDB-2-SXCS |
942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
Koha item type | eBooks-CSE-Springer |
No items available.