context/rnd restructure: add weakness mitigation
This commit is contained in:
parent
5fb007ba40
commit
5ec6c7245e
5 changed files with 449 additions and 264 deletions
|
|
@ -3,11 +3,14 @@ Any changes to this file will be lost if it is regenerated by Mendeley.
|
|||
|
||||
BibTeX export options can be customized via Options -> BibTeX in Mendeley Desktop
|
||||
|
||||
@misc{TheStackClash,
|
||||
author = {Advisory, Qualys Security},
|
||||
file = {:home/steveej/src/steveej/msc-thesis/docs/stack-clash.txt:txt},
|
||||
title = {{The Stack Clash}},
|
||||
url = {https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt}
|
||||
@article{GCC540,
|
||||
abstract = {This manual documents how to use the GNU compilers, as well as their features and incom- patibilities, and how to report bugs. It corresponds to the compilers (GCC) version 5.4.0. The internals of the GNU compilers, including how to port them to new targets and some information about how to write front ends for new languages, are documented in a separate manual. See Section Introduction in GNU Compiler Collection (GCC) Internals.},
|
||||
author = {Stallman, Richard M},
|
||||
file = {:home/steveej/src/steveej/msc-thesis/docs/gcc-5.4.0.pdf:pdf},
|
||||
isbn = {188211437X},
|
||||
journal = {Development},
|
||||
title = {{Using the GNU Compiler Collection}},
|
||||
url = {https://gcc.gnu.org/onlinedocs/gcc-5.4.0/gcc.pdf}
|
||||
}
|
||||
@article{Lattner2005,
|
||||
abstract = {The LLVM Compiler Infrastructure (http://llvm.cs. uiuc.edu) is a$\backslash$nrobust system that is well suited for a wide variety of research$\backslash$nand development work. This brief paper introduces the LLVM system$\backslash$nand provides pointers to more extensive documentation, complementing$\backslash$nthe tutorial presented at LCPC.},
|
||||
|
|
@ -182,6 +185,12 @@ title = {{Code-pointer integrity}},
|
|||
url = {https://www.usenix.org/conference/osdi14/technical-sessions/presentation/kuznetsov{\%}5Cnhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-kuznetsov.pdf?utm{\_}source=dlvr.it{\&}utm{\_}medium=tumblr},
|
||||
year = {2014}
|
||||
}
|
||||
@misc{TheStackClash,
|
||||
author = {Advisory, Qualys Security},
|
||||
file = {:home/steveej/src/steveej/msc-thesis/docs/stack-clash.txt:txt},
|
||||
title = {{The Stack Clash}},
|
||||
url = {https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt}
|
||||
}
|
||||
@article{Caballero2012,
|
||||
abstract = {Use-after-free vulnerabilities are rapidly growing in popularity, especially for exploiting web browsers. Use-after-free (and double-free) vulnerabilities are caused by a program operating on a dangling pointer. In this work we propose early detection, a novel runtime approach for finding and diagnosing use-after-free and double-free vulnerabilities. While previous work focuses on the creation of the vulnerability (i.e., the use of a dangling pointer), early detection shifts the focus to the creation of the dangling pointer(s) at the root of the vulnerability. Early detection increases the effectiveness of testing by identifying unsafe dangling pointers in executions where they are created but not used. It also accelerates vulnerability analysis and minimizes the risk of incomplete fixes, by automatically collecting information about all dangling pointers involved in the vulnerability. We implement our early detection technique in a tool called Undangle. We evaluate Undangle for vulnerability analysis on 8 real-world vulnerabilities. The analysis uncovers that two separate vulnerabilities in Firefox had a common root cause and that their patches did not completely fix the underlying bug. We also evaluate Undangle for testing on the Firefox web browser identifying a potential vulnerability.},
|
||||
author = {Caballero, Juan and Grieco, Gustavo and Marron, Mark and Nappa, Antonio},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue