Vulnerability Development mailing list archives
Re: vulnerabilities researching papers?
From: David Cerezo Sánchez <bitquake () yahoo com>
Date: Thu, 25 Jan 2001 16:43:26 +0100
L> I am trying to find papers, articles and books about techniques, methods, and L> philosophy of researching and finding security vulnerabilities in L> applications. (not penetrating systems, but singular applications, which build L> the systems). L> I know Havlar Flake wrote some interesting material, but I couldn't find any. I already sent this link to the VULN-DEV forum weeks ago: "Auditing binaries for security vulnerabilities" by Halvar Flake http://www.blackhat.com/presentations/bh-europe-00/HalvarFlake/HalvarFlake.ppt http://media.blackhat.com:554/ramgen/blackhat/bh-europe-00/video/bh-europ-00--video.rm http://media.blackhat.com:554/ramgen/blackhat/bh-europ-00/audio/bh-europ-00--audio.rm "Advanced Windows NT Security" by joey___ http://www.blackhat.com/presentations/bh-asia-00/joey/joey-asia-00.ppt http://www.blackhat.com/presentations/bh-asia-00/joey/joey-asia-00.ppt http://media.blackhat.com:554/ramgen/blackhat/bh-asia-00/audio/bh-00-asia-joey-audio.rm There's even future training in Las Vegas (February 12th and 13th) and Singapore (April 25th) on the topic of "Auditing W32 Binaries with IDA". On the academia, there's been movement on this topic too: a paper titled "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities" by David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken covers this topic developing a quite _disgusting_ algebra, that can´t catch all bugs in binaries. You can find it at: http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00.ps http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00-slides.ps Mr. Wagner's Ph.D. dissertation "Static analysis and computer security: New techniques for software assurance " covers this topic in extend (126 pages long, published December 2000, I've been unable to read it -that's why I can´t comment it-, but it's at my ToDo list ;) It's avaible at: http://www.cs.berkeley.edu/~daw/papers/phd-dis.ps IMHO, better results will be obtained taking Halvar Flake's approach rather than Wagner's academic approach; it seems too difficult to develop a general way of mathematically modelling important data to detect security bugs in binaries, so a more technical approach has to be taken, with a deep knowledge on ELF and PE binary formats. -- Signed, David Cerezo. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- vulnerabilities researching papers? Latrin! (Jan 24)
- Re: vulnerabilities researching papers? David Cerezo Sánchez (Jan 25)