A language-based approach for securing actionscript/flashvulnerabilities
Başlık çevirisi mevcut değil.
- Tez No: 718605
- Danışmanlar: DR. MEERA SRIDHAR
- Tez Türü: Doktora
- Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Computer Engineering and Computer Science and Control
- Anahtar Kelimeler: Belirtilmemiş.
- Yıl: 2020
- Dil: İngilizce
- Üniversite: The University of North Caroline, Charlotte
- Enstitü: Yurtdışı Enstitü
- Ana Bilim Dalı: Belirtilmemiş.
- Bilim Dalı: Belirtilmemiş.
- Sayfa Sayısı: 173
Özet
Özet yok.
Özet (Çeviri)
Web technologies enable web users to share files, images, audios, videos with each other worldwide. The accessibility provided by the web lures web pirates to perform unauthorized, malicious activities in victim machines remotely by exploiting design flaws that reside in the implementation of web browsers and their plug-ins, virtual machines (VMs). VMs are one of the popular browser plug-ins that are widely deployed, have become one of the most tempting targets for attackers over the years. The ActionScript Virtual Machine (AVM) that executes Flash binaries is one of the browser plug-ins that lures attackers due to the number of design flaws it contains. Over the last five years, more than 700 vulnerabilities were discovered in the AVM versions. Therefore, ActionScript vulnerabilities became the primary vehicle for web-based ransomware and banking trojans in 2016. Additionally, ActionScript vulnerabilities were part of infamous exploit kits, such as Angler EK, Nuclear, and Neutrino, in the same year 2016. More recently, researchers disclosed four zero-day exploits targeting the AVM versions in the last two years. This dissertation presents a robust, elegant security solution that can mitigate major categories of vulnerabilities that reside in the AVM. The solution allows security personnel to arrive at vulnerability-class-specific solutions that can be applied directly into untrusted executables without requiring technology-owner companies' cooperation. This dissertation is presented in three thrusts: (1) vulnerability classification, (2) in-lined reference monitoring, and (3) automatic exploit generation. The vulnerability classification identifies the attack surface of the AVM by analyzing ActionScript vulnerabilities to classify them. This classification is conducive to building a generic, robust security solution that mitigates vulnerabilities that are part of major vulnerability iv classes. To demonstrate the efficiency of the vulnerability classification, a robust, vulnerability- or vulnerability-class-specific security solution, Inscription, which leverages in-lined reference monitoring, is presented. Inscription modifies untrusted Flash binaries to thwart cyberattacks that exploit known or zero-day vulnerabilities. The automatic exploit generation tool, GuidExp, hardens the developed security solution by allowing security personnel to observe run-time behaviors of exploit scripts that it synthesizes for the target design flaws.
Benzer Tezler
- Secure ANTS: A Keynote implementation for active nocle transfer system
Güvenli ANTS: Active node transfer system için keynote uygulaması
TARIK ÇINAR
Yüksek Lisans
İngilizce
2001
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik ÜniversitesiPROF. DR. MEHMET BÜLENT ÖRENCİK
- Mil-Std 1553 tabanlı sistemler için yeni bir saldırı tespiti yaklaşımı
A new intrusion detection approach for Mil-Std 1553 based systems
YUNUS EMRE ÇİLOĞLU
Yüksek Lisans
Türkçe
2024
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik ÜniversitesiBilgisayar Mühendisliği Ana Bilim Dalı
DOÇ. DR. ŞERİF BAHTİYAR
- Aşırı denizlerdeki gemi hareketlerinin cisim-tam dilim teorisi yaklaşımı ile simülasyona dayalı hesaplanması
Simulation based calculation of ship motions in extreme seas with a body-exact strip theory approach
KIVANÇ ALİ ANIL
Doktora
Türkçe
2017
Gemi Mühendisliğiİstanbul Teknik ÜniversitesiGemi İnşaatı ve Gemi Makineleri Mühendisliği Ana Bilim Dalı
DOÇ. DR. DEVRİM BÜLENT DANIŞMAN
PROF. DR. KADİR SARIÖZ
- Kurdish Rock musicians in the circle of Ziryab Music Magazine
Ziryab Müzik Dergisi çevresi içindeki Kürtçe Rock müzisyenleri
GÜNAY KOÇHAN
- Efficient batch algorithms for the post-quantum Crystals dilithium signature scheme and Crystals Kyber encryption scheme
Crystals dilithium imza şeması ve Crystals Kyber şifreleme şeması için verimli toplu kuantum ertesi algoritmalar
NAZLI DENİZ TÜRE
Doktora
İngilizce
2024
Bilim ve TeknolojiOrta Doğu Teknik ÜniversitesiKriptografi Ana Bilim Dalı
DOÇ. DR. OĞUZ YAYLA
PROF. DR. MURAT CENK