Geri Dön

A language-based approach for securing actionscript/flashvulnerabilities

Başlık çevirisi mevcut değil.

  1. Tez No: 718605
  2. Yazar: FADİ YILMAZ
  3. Danışmanlar: DR. MEERA SRIDHAR
  4. Tez Türü: Doktora
  5. Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Computer Engineering and Computer Science and Control
  6. Anahtar Kelimeler: Belirtilmemiş.
  7. Yıl: 2020
  8. Dil: İngilizce
  9. Üniversite: The University of North Caroline, Charlotte
  10. Enstitü: Yurtdışı Enstitü
  11. Ana Bilim Dalı: Belirtilmemiş.
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 173

Özet

Özet yok.

Özet (Çeviri)

Web technologies enable web users to share files, images, audios, videos with each other worldwide. The accessibility provided by the web lures web pirates to perform unauthorized, malicious activities in victim machines remotely by exploiting design flaws that reside in the implementation of web browsers and their plug-ins, virtual machines (VMs). VMs are one of the popular browser plug-ins that are widely deployed, have become one of the most tempting targets for attackers over the years. The ActionScript Virtual Machine (AVM) that executes Flash binaries is one of the browser plug-ins that lures attackers due to the number of design flaws it contains. Over the last five years, more than 700 vulnerabilities were discovered in the AVM versions. Therefore, ActionScript vulnerabilities became the primary vehicle for web-based ransomware and banking trojans in 2016. Additionally, ActionScript vulnerabilities were part of infamous exploit kits, such as Angler EK, Nuclear, and Neutrino, in the same year 2016. More recently, researchers disclosed four zero-day exploits targeting the AVM versions in the last two years. This dissertation presents a robust, elegant security solution that can mitigate major categories of vulnerabilities that reside in the AVM. The solution allows security personnel to arrive at vulnerability-class-specific solutions that can be applied directly into untrusted executables without requiring technology-owner companies' cooperation. This dissertation is presented in three thrusts: (1) vulnerability classification, (2) in-lined reference monitoring, and (3) automatic exploit generation. The vulnerability classification identifies the attack surface of the AVM by analyzing ActionScript vulnerabilities to classify them. This classification is conducive to building a generic, robust security solution that mitigates vulnerabilities that are part of major vulnerability iv classes. To demonstrate the efficiency of the vulnerability classification, a robust, vulnerability- or vulnerability-class-specific security solution, Inscription, which leverages in-lined reference monitoring, is presented. Inscription modifies untrusted Flash binaries to thwart cyberattacks that exploit known or zero-day vulnerabilities. The automatic exploit generation tool, GuidExp, hardens the developed security solution by allowing security personnel to observe run-time behaviors of exploit scripts that it synthesizes for the target design flaws.

Benzer Tezler

  1. Secure ANTS: A Keynote implementation for active nocle transfer system

    Güvenli ANTS: Active node transfer system için keynote uygulaması

    TARIK ÇINAR

    Yüksek Lisans

    İngilizce

    İngilizce

    2001

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    PROF. DR. MEHMET BÜLENT ÖRENCİK

  2. Mil-Std 1553 tabanlı sistemler için yeni bir saldırı tespiti yaklaşımı

    A new intrusion detection approach for Mil-Std 1553 based systems

    YUNUS EMRE ÇİLOĞLU

    Yüksek Lisans

    Türkçe

    Türkçe

    2024

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilgisayar Mühendisliği Ana Bilim Dalı

    DOÇ. DR. ŞERİF BAHTİYAR

  3. Aşırı denizlerdeki gemi hareketlerinin cisim-tam dilim teorisi yaklaşımı ile simülasyona dayalı hesaplanması

    Simulation based calculation of ship motions in extreme seas with a body-exact strip theory approach

    KIVANÇ ALİ ANIL

    Doktora

    Türkçe

    Türkçe

    2017

    Gemi Mühendisliğiİstanbul Teknik Üniversitesi

    Gemi İnşaatı ve Gemi Makineleri Mühendisliği Ana Bilim Dalı

    DOÇ. DR. DEVRİM BÜLENT DANIŞMAN

    PROF. DR. KADİR SARIÖZ

  4. Kurdish Rock musicians in the circle of Ziryab Music Magazine

    Ziryab Müzik Dergisi çevresi içindeki Kürtçe Rock müzisyenleri

    GÜNAY KOÇHAN

    Doktora

    İngilizce

    İngilizce

    2024

    Müzikİstanbul Teknik Üniversitesi

    Müzik Ana Bilim Dalı

    PROF. DR. FATMA BELMA OĞUL

  5. Efficient batch algorithms for the post-quantum Crystals dilithium signature scheme and Crystals Kyber encryption scheme

    Crystals dilithium imza şeması ve Crystals Kyber şifreleme şeması için verimli toplu kuantum ertesi algoritmalar

    NAZLI DENİZ TÜRE

    Doktora

    İngilizce

    İngilizce

    2024

    Bilim ve TeknolojiOrta Doğu Teknik Üniversitesi

    Kriptografi Ana Bilim Dalı

    DOÇ. DR. OĞUZ YAYLA

    PROF. DR. MURAT CENK