research-article

Public Access

Shredder: Breaking Exploits through API Specialization

Authors:

Shachee Mishra,

Michalis PolychronakisAuthors Info & Claims

ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference

Pages 1 - 16

https://doi.org/10.1145/3274694.3274703

Published: 03 December 2018 Publication History

Abstract

Code reuse attacks have been a threat to software security since the introduction of non-executable memory protections. Despite significant advances in various types of additional defenses, such as control flow integrity (CFI) and leakage-resilient code randomization, recent code reuse attacks have demonstrated that these defenses are often not enough to prevent successful exploitation. Sophisticated exploits can reuse code comprising larger code fragments that conform to the enforced CFI policy and which are not affected by randomization.

As a step towards improving our defenses against code reuse attacks, in this paper we present Shredder, a defense-in-depth exploit mitigation tool for the protection of closed-source applications. In a preprocessing phase, Shredder statically analyzes a given application to pinpoint the call sites of potentially useful (to attackers) system API functions, and uses backwards data flow analysis to derive their expected argument values and generate whitelisting policies in a best-effort way. At runtime, using library interposition, Shredder exposes to the protected application only specialized versions of these critical API functions, and blocks any invocation that violates the enforced policy. We have experimentally evaluated our prototype implementation for Windows programs using a large set of 251 shellcode and 30 code reuse samples, and show that it improves significantly upon code stripping, a state-of-the-art code surface reduction technique, by blocking a larger number of malicious payloads with negligible runtime overhead.

References

[1]

McSema: Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode. (2017). https://github.com/trailofbits/mcsema.

[2]

Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM conference on Computer and Communications Security (CCS). 340--353.

Digital Library

[3]

Alex Abramov. Manually Enumerating Process Modules. (2015). http://www.codereversing.com/blog/archives/265.

[4]

S. Andersson, A. Clark, G. Mohay, B. Schatz, and J. Zimmermann. 2005. A framework for detecting network-based code injection attacks targeting Windows and UNIX. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC).

Digital Library

[5]

Dennis Andriesse, Xi Chen, Victor van der Veen, Asia Slowinska, and Herbert Bos. 2016. An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries. In Proceedings of the 25rd USENIX Security Symposium. 583--600.

Digital Library

[6]

Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, and Jannik Pewny. 2014. You Can Run but You Can'T Read: Preventing Disclosure Exploits in Executable Code. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS). 1342--1353.

Digital Library

[7]

Arash Baratloo, Navjot Singh, and Timothy Tsai. 2000. Transparent Run-Time Defense Against Stack Smashing Attacks. In Proceedings of the USENIX Annual Technical Conference.

Digital Library

[8]

Roberto Battistoni, Emanuele Gabrielli, and Luigi V. Mancini. 2004. A Host Intrusion Prevention System for Windows Operating Systems. In Proceedings of the 9th European Symposium on Research in Computer Security (ESORICS). 352--368.

[9]

James Bennett, Yichong Lin, and Thoufique Haq. The Number of the Beast. (2013). http://blog.fireeye.com/research/2013/02/the-number-of-the-beast.html.

[10]

Massimo Bernaschi, Emanuele Gabrielli, and Luigi V. Mancini. 2002. Remus: A Security-enhanced Operating System. ACM Trans. Inf. Syst. Secur. 5, 1 (Feb. 2002), 36--61.

Digital Library

[11]

S. Bhatkar, A. Chaturvedi, and R. Sekar. 2006. Dataflow anomaly detection. In Proceedings of the IEEE Symposium on Security & Privacy.

Digital Library

[12]

Erik Bosman and Herbert Bos. 2014. Framing Signals - A Return to Portable Shellcode. In IEEE Symposium on Security and Privacy. 243--258.

Digital Library

[13]

Kjell Braden, Stephen Crane, Lucas Davi, Michael Franz, Per Larsen, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2016. Leakage-Resilient Layout Randomization for Mobile Devices. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

[14]

Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-Flow Integrity: Precision, Security, and Performance. ACM Comput. Surv. 50, 1, Article 16 (April 2017), 33 pages.

Digital Library

[15]

Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. In Proceedings of the 24th USENIX Security Symposium. 161--176.

Digital Library

[16]

Ping Chen, Hai Xiao, Xiaobin Shen, Xinchun Yin, Bing Mao, and Li Xie. 2009. DROP: Detecting Return-Oriented Programming Malicious Code. In Proceedings of the 5th International Conference on Information Systems Security (ICISS). 163--177.

Digital Library

[17]

Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer. 2005. Non-Control-Data Attacks Are Realistic Threats. In Proceedings of the 14th USENIX Security Symposium.

Digital Library

[18]

Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed M Azab, Long Lu, Hayawardh Vijayakumar, and Wenbo Shen. 2017. NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch64. In Proceedings of the 38th IEEE Symposium on Security & Privacy (S&P).

[19]

Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, and Robert H. Deng. 2014. ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks. (2014).

[20]

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, and Michael Franz. 2015. Readactor: Practical Code Randomization Resilient to Memory Disclosure. In Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P).

Digital Library

[21]

Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Kevin Z. Snow, and Fabian Monrose. 2015. Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

[22]

Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In Proceedings of the 2009 ACM workshop on Scalable Trusted Computing (STC). 49--54.

Digital Library

[23]

Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. 2011. ROPdefender: A Detection Tool to Defend Against Return-oriented Programming Attacks. In Proceedings of the 6th ACM ASIACCS. 40--51.

Digital Library

[24]

Solar Designer. Getting around non-executable stack (and fix). (1997). http://seclists.org/bugtraq/1997/Aug/63.

[25]

Thomas Dullien. 2018. Security, Moore's law, and the anomaly of cheap complexity. CyCon.

[26]

Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015. Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). 901--913.

Digital Library

[27]

H. H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, and Weibo Gong. 2003. Anomaly detection using call stack information. In Proceedings of the IEEE Symposium on Security & Privacy. 62--75.

Digital Library

[28]

Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, and Thomas A. Longstaff. 1996. A Sense of Self for Unix Processes. In Proceedings of the IEEE Symposium on Security & Privacy.

Digital Library

[29]

Ivan Fratric. 2012. ROPGuard: Runtime Prevention of Return-Oriented Programming Attacks. (2012). http://www.ieee.hr/_download/repository/Ivan_Fratric.pdf/

[30]

Galen Hunt and Doug Brubacher. 1999. Detours: Binary Interception of Win32 Functions. https://www.cs.columbia.edu/~junfeng/10fa-e6998/papers/detours.pdf.

[31]

Tal Garfinkel. 2003. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

[32]

Jason Gionta, William Enck, and Peng Ning. 2015. HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (CODASPY). 325--336.

Digital Library

[33]

Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. 1996. A Secure Environment for Untrusted Helper Applications Confining the Wily Hacker. In Proceedings of the 6th USENIX Security Symposium.

Digital Library

[34]

Zhongshu Gu, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. 2014. FACE-CHANGE: Application-Driven Dynamic Kernel View Switching in a Virtual Machine. In 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 491--502.

Digital Library

[35]

Jason Hiser, Anh Nguyen-Tuong, Michele Co, Matthew Hall, and Jack W. Davidson. 2012. ILR: Where'd My Gadgets Go?. In Proceedings of the 33rd IEEE Symposium on Security & Privacy (S&P). 571--585.

Digital Library

[36]

Sebastian Krahmer. x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique. (2005). http://www.suse.de/~krahmer/no-nx.pdf.

[37]

Christopher Kruegel, Darren Mutz, Fredrik Valeur, and Giovanni Vigna. 2003. On the Detection of Anomalous System Call Arguments. In Proceedings of the 8th European Symposium on Research in Computer Security (ESORICS). 326--343.

[38]

Anil Kurmus, Sergej Dechand, and Rüdiger Kapitza. 2014. Quantifiable Run-Time Kernel Attack Surface Reduction. In Proceedings of the 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). 212--234.

[39]

Anil Kurmus, Alessandro Sorniotti, and Rüdiger Kapitza. 2011. Attack Surface Reduction for Commodity OS Kernels: Trimmed Garden Plants May Attract Less Bugs. In Proceedings of the 4th European Workshop on System Security (EuroSec).

Digital Library

[40]

Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, and Rüdiger Kapitza. 2013. Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

[41]

Volodymyr Kuznetsov, László Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-pointer Integrity. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation (OSDI). 147--163.

Digital Library

[42]

MWR Labs. MWR Labs Pwn2Own 2013 Write-up - Webkit Exploit. (2013). https://labs.mwrinfosecurity.com/blog/mwr-labs-pwn2own-2013-write-up-webkit-exploit/.

[43]

Aaron Lamb. The Chakra Exploit And The Limitations Of Modern Cyber Security Threat Mitigation Techniques. https://www.endgame.com/blog/technical-blog/chakra-exploit-and-limitations-modern-mitigation-techniques. (2017).

[44]

Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. 2014. SoK: Automated Software Diversity. In Proceedings of the 35th IEEE Symposium on Security & Privacy. 276--291.

Digital Library

[45]

Jinku Li, Zhi Wang, Xuxian Jiang, Michael Grace, and Sina Bahram. 2010. Defeating return-oriented rootkits with "Return-Less" kernels. In Proceedings of the 5th European conference on Computer Systems (EuroSys). 195--208.

Digital Library

[46]

P. Li, H. Park, D. Gao, and J. Fu. 2008. Bridging the Gap between Data-Flow and Control-Flow Analysis for Anomaly Detection. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 392--401.

Digital Library

[47]

M. Russinovich, D. A. Solomon, and A. Ionescu. 2012. Windows Internals. (2012).

[48]

Gregory Malecha, Ashish Gehani, and Natarajan Shankar. 2015. Automated Software Winnowing. In Proceedings of the 30th Annual ACM Symposium on Applied Computing (SAC '15). 1504--1511.

Digital Library

[49]

Microsoft. Enhanced Mitigation Experience Toolkit. ({n. d.}). http://www.microsoft.com/emet.

[50]

Collin Mulliner and Matthias Neugschwandtner. 2015. Breaking Payloads with Runtime Code Stripping and Image Freezing. Black Hat USA.

[51]

Nergal. 2001. The advanced return-into-lib(c) exploits: PaX case study. Phrack 11, 58 (Dec. 2001).

[52]

Tim Newsham. Non-exec stack. (2000). http://seclists.org/bugtraq/2000/May/90.

[53]

Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. 2010. G-Free: defeating return-oriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC). 49--58.

Digital Library

[54]

Vasilis Pappas, Michalis Polychronakis, and Angelos D Keromytis. 2012. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In Proceedings of the 2012 IEEE Symposium on Security and Privacy. 601--615.

Digital Library

[55]

Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2013. Transparent ROP Exploit Mitigation using Indirect Branch Tracing. In Proceedings of the 22nd USENIX Security Symposium. 447--462.

Digital Library

[56]

Mathias Payer and Thomas R. Gross. 2011. Fine-grained User-space Security Through Virtualization. In Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE). 157--168.

Digital Library

[57]

Marios Pomonis, Theofilos Petsios, Angelos D. Keromytis, Michalis Polychronakis, and Vasileios P. Kemerlis. 2017. kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse. In Proceedings of the 12th European conference on Computer Systems (EuroSys). 420--436.

Digital Library

[58]

Anh Quach, Aravind Prakash, and Lok Kwong Yan. 2018. Debloating Software through Piece-Wise Compilation and Loading. In Proceedings of the 27th USENIX Security Symposium.

Digital Library

[59]

Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Christopher Liebchen Stephen Crane, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi, and Hamed Okhravi. 2017. Address-Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

[60]

Mark Russinovich. Inside Native Applications. (Nov. 2006). http://technet.microsoft.com/en-us/sysinternals/bb897447.aspx.

[61]

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, and Thorsten Holz. 2015. Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications. In Proceedings of the 36th IEEE Symposium on Security & Privacy (S&P). 745--762.

Digital Library

[62]

R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. 2001. A fast automaton-based method for detecting anomalous program behaviors. In Proceedings of the IEEE Symposium on Security & Privacy. 144--155.

Digital Library

[63]

Hovav Shacham. 2007. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and Communications Security (CCS). 552--561.

Digital Library

[64]

Skape. Understanding Windows Shellcode. (2003). http://www.hick.org/code/skape/papers/win32-shellcode.pdf.

[65]

Kevin Z. Snow, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Fabian Monrose, and Ahmad-Reza Sadeghi. 2013. Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization. In Proceedings of the 34th IEEE Symposium on Security & Privacy (S&P). 574--588.

Digital Library

[66]

Kevin Z. Snow, Roman Rogowski, Jan Werner, Hyungjoon Koo, Fabian Monrose, and Michalis Polychronakis. 2016. Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks. In Proceedings of the 37th IEEE Symposium on Security & Privacy (S&P). 954--968.

[67]

Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2015. Heisenbyte: Thwarting Memory Disclosure Attacks Using Destructive Code Reads. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). 256--267.

Digital Library

[68]

Reinhard Tartler, Anil Kurmus, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Daniela Dorneanu, Rüdiger Kapitza, Wolfgang Schröder-Preikschat, and Daniel Lohmann. 2012. Automatic OS Kernel TCB Reduction by Leveraging Compile-time Configurability. In Proceedings of the 8th USENIX Conference on Hot Topics in System Dependability (HotDep).

Digital Library

[69]

PaX Team. Address Space Layout Randomization. (2003). http://pax.grsecurity.net/docs/aslr.txt.

[70]

Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, and Cristiano Giuffrdia. 2017. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 1675--1689.

Digital Library

[71]

D. Wagner and R. Dean. 2001. Intrusion detection via static analysis. In Proceedings of the IEEE Symposium on Security & Privacy. 156--168.

Digital Library

[72]

Richard Wartell, Vishwath Mohan, Kevin W Hamlen, Zhiqiang Lin, and W Campbell Rd. 2012. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proceedings of the 19th ACM conference on Computer and communications security (CCS). 157--168.

Digital Library

[73]

Jan Werner, George Baltas, Rob Dallara, Nathan Otternes, Kevin Snow, Fabian Monrose, and Michalis Polychronakis. 2016. No-Execute-After-Read: Preventing Code Disclosure in Commodity Software. In Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (ASIACCS). 35--46.

Digital Library

[74]

Andreas Wespi, Marc Dacier, and Hervé Debar. 2000. Intrusion Detection Using Variable-Length Audit Trail Patterns. In Proceedings of the 3rd Conference in Recent Advances in Intrusion Detection (RAID). 110--129.

Digital Library

[75]

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, László Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical Control Flow Integrity & Randomization for Binary Executables. In Proceedings of the 34th IEEE Symposium on Security & Privacy (S&P).

Digital Library

[76]

Mingwei Zhang and R Sekar. 2013. Control flow integrity for COTS binaries. In 22nd USENIX Security Symposium.

Digital Library

Cited By

Yang SKang BNam J(2024)Optimus: association-based dynamic system call filtering for container attack surface reductionJournal of Cloud Computing10.1186/s13677-024-00639-313:1Online publication date: 23-Mar-2024
https://doi.org/10.1186/s13677-024-00639-3
Wodiany IPop ALuján MFilkov VRay BZhou M(2024)LeanBin: Harnessing Lifting and Recompilation to Debloat BinariesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695515(1434-1446)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695515
Huang Z(2024)Debloating Feature-Rich Closed-Source Windows Software2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00047(400-405)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00047
Show More Cited By

Shredder: Breaking Exploits through API Specialization
1. Security and privacy
  1. Systems security

Recommendations

CLOUD SHREDDER: Removing the Laptop On-road Data Disclosure Threat in the Cloud Computing Era
TRUSTCOM '11: Proceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications

Data Disclosure due to laptop loss, especially in travel, is a top threat to businesses, governments, and non-profit organizations. An effective protection against this threat should guarantee the data confidentiality, even if the adversary has ...
D-ward: source-end defense against distributed denial-of-service attacks
Detecting Insider Theft of Trade Secrets

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference

December 2018

766 pages

ISBN:9781450365697

DOI:10.1145/3274694

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 December 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Conference

ACSAC '18

ACSAC '18: 2018 Annual Computer Security Applications Conference

December 3 - 7, 2018

PR, San Juan, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
1,054
Total Downloads

Downloads (Last 12 months)184
Downloads (Last 6 weeks)27

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang SKang BNam J(2024)Optimus: association-based dynamic system call filtering for container attack surface reductionJournal of Cloud Computing10.1186/s13677-024-00639-313:1Online publication date: 23-Mar-2024
https://doi.org/10.1186/s13677-024-00639-3
Wodiany IPop ALuján MFilkov VRay BZhou M(2024)LeanBin: Harnessing Lifting and Recompilation to Debloat BinariesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695515(1434-1446)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695515
Huang Z(2024)Debloating Feature-Rich Closed-Source Windows Software2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00047(400-405)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00047
Qin KGu D(2024)One System Call Hook to Rule All TEE OSes in the Cloud2024 IEEE 17th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD62652.2024.00032(205-216)Online publication date: 7-Jul-2024
https://doi.org/10.1109/CLOUD62652.2024.00032
Jahanshahi RAzad BNikiforakis NEgele MCalandrino JTroncoso C(2023)MinimalistProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620548(5557-5573)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620548
Rommel FDietrich CZiegler AOstapyshyn ILohmann DEgger BLee D(2023)Thread-Level Attack-Surface ReductionProceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems10.1145/3589610.3596281(64-75)Online publication date: 13-Jun-2023
https://dl.acm.org/doi/10.1145/3589610.3596281
Amin Azad BNikiforakis NShehab MFernandez MLi N(2023)Role Models: Role-based Debloating for Web ApplicationsProceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy10.1145/3577923.3583647(251-262)Online publication date: 24-Apr-2023
https://dl.acm.org/doi/10.1145/3577923.3583647
Rajagopalan VKleftogiorgos KGöktas EXu JPortokalidis GMeng WJensen CCremers CKirda E(2023)SysPart: Automated Temporal System Call Filtering for BinariesProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623207(1979-1993)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623207
Soto-Valero CTiwari DToady TBaudry B(2023)Automatic Specialization of Third-Party Java DependenciesIEEE Transactions on Software Engineering10.1109/TSE.2023.332495049:11(5027-5045)Online publication date: Nov-2023
https://doi.org/10.1109/TSE.2023.3324950
Zhan DYu ZYu XZhang HYe L(2023)Shrinking the Kernel Attack Surface Through Static and Dynamic Syscall LimitationIEEE Transactions on Services Computing10.1109/TSC.2022.317379116:2(1431-1443)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TSC.2022.3173791
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents