Course Hero Logo

Runtime measure.docx - Run-Time Countermeasures Executable...

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 1 - 2 out of 3 pages.

Run-Time CountermeasuresExecutable Space Protection –A lot of exploits build on injecting and executing malicious code• By separating the memory space of a process into executable and modifiable parts, codeinjection can be prevented. Limitation: cannot fully protect programs that create and executecode at runtime – NXU bitCounter-countermeasure Circumventing Executable Space Protection – The attacker can re-useexisting code from the memory space of the process for malicious purposes. The attacker hascontrol over the stack → attacker can set up parameters for the C library functionAddress Space Layout Randomization (ASLR) • randomly arrange the positions of theexecutable, the stack, and the heap in the process’s address space • may prevent return-to-libcattacks • most operating systems (e.g., Windows, Linux) implement some randomization •Counter-countermeasures • information leakage (e.g., print vulnerability) • random guessing.Information Leakage with printf Vulnerability. can be used to figure out the address of theexecutable can be used to figure out the address of the stack. Limitations of ASLR • stack andheap cannot be located at any address. Heap spraying • fills up the memory with a certainsequence of bytes.Secure Programming -Trade-off problem: secure programming can increase development time(and cost), and decrease the performance of the software product.Input Validation Approaches – Blacklist -list “known bad” inputs • do not allow inputs thatare on the blacklist. listing all bad inputs is difficult and error-prone • typically lower impact onusability. Whitelist - list “known good” inputs • allow only inputs that are on the whitelist.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 3 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
Trombetta,Shattuck,Pai
Tags
Intrusion detection system

Other Related Materials

Newly uploaded documents

This makes sense at the micro level of the individual firm and individual

0

This makes sense at the micro level of the individual firm and individual

document

16

4-1 Career Center Activity.docx

0

4-1 Career Center Activity.docx

3

Domestic Tourism Promotion.docx

0

Domestic Tourism Promotion.docx

7

2639 Overall in this study parents expressed a preference for written

0

2639 Overall in this study parents expressed a preference for written

document

10

ADMS 3541 SU2021 A2 Questions.docx

0

ADMS 3541 SU2021 A2 Questions.docx

4

PGDBM Operation Management Formative assessment No.2_Ntakadzeni.pdf

0

PGDBM Operation Management Formative assessment No.2_Ntakadzeni.pdf

20

SSE104 Onlline assignment 6.doc

0

SSE104 Onlline assignment 6.doc

2

401maths.pdf

0

401maths.pdf

2

FamilyMart; Eataly .docx

0

FamilyMart; Eataly .docx

6

CJ 210 Module Six Journal.docx

0

CJ 210 Module Six Journal.docx

3

MECH4310_Spring2022_Sec001_HW#8(1).pdf

0

MECH4310_Spring2022_Sec001_HW#8(1).pdf

2

Three more authorities agree on 1 Span of control the number of people reporting

0

Three more authorities agree on 1 Span of control the number of people reporting

document

28

power sharing government between the Hutu dominated government and the Tutsi

0

power sharing government between the Hutu dominated government and the Tutsi

document

64

Life's Greatest Mircale.docx

0

Life's Greatest Mircale.docx

3

7a7ac581-132d-41cf-a401-5558a00d64b0.jpg

0

7a7ac581-132d-41cf-a401-5558a00d64b0.jpg

1

Week 1 Assignment.docx

0

Week 1 Assignment.docx

5

If a prospective new audit client does not allow the auditor to contact its

0

If a prospective new audit client does not allow the auditor to contact its

document

10

MGMT 371 Chapter 2 Notes.docx

0

MGMT 371 Chapter 2 Notes.docx

3

returnPAthtoString ionstoreperg03pub2586ioncachejsonCache51 2020 01 01 160359408

0

returnPAthtoString ionstoreperg03pub2586ioncachejsonCache51 2020 01 01 160359408

document

925

six-ratio-coordinats.pdf

0

six-ratio-coordinats.pdf

2

UNIT 4 - Assignment 12 - Percent Yield Problems - Answer Key.pdf

0

UNIT 4 - Assignment 12 - Percent Yield Problems - Answer Key.pdf

2

Order-1547232820 Text Translation (1).edited.docx

0

Order-1547232820 Text Translation (1).edited.docx

6

ACT Comma and Semi-colon practice.docx

0

ACT Comma and Semi-colon practice.docx

2

See more documents like this
Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture