Building Secure Defenses Against Code-Reuse Attacks / by Lucas Davi, Ahmad-Reza Sadeghi.
By: Davi, Lucas [author.]
Contributor(s): Sadeghi, Ahmad-Reza [author.] | SpringerLink (Online service)
Material type: TextLanguage: İngilizce Series: SpringerBriefs in Computer SciencePublisher: Cham : Springer International Publishing : Imprint: Springer, 2015Edition: 1st ed. 2015Description: 1 online resourceContent type: text Media type: computer Carrier type: online resourceISBN: 9783319255460Subject(s): Computer security | Computer science | Information systems | Systems and Data Security | Programming Techniques | Programming Languages, Compilers, Interpreters | Information Systems and Communication ServiceLOC classification: QA76.9.A25Online resources: Springer eBooks Online access link to the resourceItem type | Current location | Home library | Collection | Call number | Status | Notes | Date due | Barcode |
---|---|---|---|---|---|---|---|---|
E-Book | Merkez Kütüphane | Merkez Kütüphane | E-Kitap Koleksiyonu | QA76.9.A25EBK (Browse shelf) | Geçerli değil-e-Kitap / Not applicable-e-Book | BİL | EBK00164 |
Introduction -- Background and Evolution of Code-Reuse Attacks -- Building Control-Flow Integrity Defenses -- Building Code Randomization Defenses -- Discussion and Conclusion.
This book provides an in-depth look at return-oriented programming attacks. It explores several conventional return-oriented programming attacks and analyzes the effectiveness of defense techniques including address space layout randomization (ASLR) and the control-flow restrictions implemented in security watchdogs such as Microsoft EMET. Chapters also explain the principle of control-flow integrity (CFI), highlight the benefits of CFI and discuss its current weaknesses. Several improved and sophisticated return-oriented programming attack techniques such as just-in-time return-oriented programming are presented. Building Secure Defenses against Code-Reuse Attacks is an excellent reference tool for researchers, programmers and professionals working in the security field. It provides advanced-level students studying computer science with a comprehensive overview and clear understanding of important runtime attacks.
There are no comments for this item.