Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: vulnerabilities researching papers?

From: David Cerezo Sánchez <bitquake () yahoo com>
Date: Thu, 25 Jan 2001 16:43:26 +0100
L> I am trying to find papers, articles and books about techniques, methods, and
L> philosophy of researching and finding security vulnerabilities in
L> applications. (not penetrating systems, but singular applications, which build
L> the systems).
L> I know Havlar Flake wrote some interesting material, but I couldn't find any.

   I already sent this link to the VULN-DEV forum weeks ago:

   "Auditing binaries for security vulnerabilities" by Halvar Flake
      http://www.blackhat.com/presentations/bh-europe-00/HalvarFlake/HalvarFlake.ppt
      http://media.blackhat.com:554/ramgen/blackhat/bh-europe-00/video/bh-europ-00--video.rm
      http://media.blackhat.com:554/ramgen/blackhat/bh-europ-00/audio/bh-europ-00--audio.rm

   "Advanced Windows NT Security" by joey___
      http://www.blackhat.com/presentations/bh-asia-00/joey/joey-asia-00.ppt
      http://www.blackhat.com/presentations/bh-asia-00/joey/joey-asia-00.ppt
      http://media.blackhat.com:554/ramgen/blackhat/bh-asia-00/audio/bh-00-asia-joey-audio.rm

   There's even future training in Las Vegas (February 12th and
13th) and Singapore (April 25th) on the topic of "Auditing W32 Binaries
with IDA".

     On the academia, there's been movement on this topic too: a
paper titled "A First Step Towards Automated Detection of Buffer
Overrun Vulnerabilities" by David Wagner, Jeffrey S. Foster,
Eric A. Brewer, and Alexander Aiken covers this topic developing a
quite _disgusting_ algebra, that can´t catch all bugs in binaries.
You can find it at:

      http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00.ps
      http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00-slides.ps

     Mr. Wagner's Ph.D. dissertation "Static analysis and computer
security: New techniques for software assurance " covers this topic
in extend (126 pages long, published December 2000, I've been unable
to read it -that's why I can´t comment it-, but it's at my ToDo list ;)
It's avaible at:

      http://www.cs.berkeley.edu/~daw/papers/phd-dis.ps

      IMHO, better results will be obtained taking Halvar Flake's
approach rather than Wagner's academic approach; it seems too difficult to
develop a general way of mathematically modelling important data
to detect security bugs in binaries, so a more technical approach has
to be taken, with a deep knowledge on ELF and PE binary formats.

--
Signed,
David Cerezo.



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: