Computer Science ›› 2022, Vol. 49 ›› Issue (11): 326-334.doi: 10.11896/jsjkx.211200039
• Information Security • Previous Articles Next Articles
LIU Pei-wen1, SHU Hui2, LYU Xiao-shao2, ZHAO Yun-tian2
CLC Number:
[1]Vulnerability and technical analysis of Windows local rights rai-sing in APT activities [EB/OL].https://paper.seebug.org/1753/#apt. [2]ZHANG K,LIU J J.Network Attack Path Analysis MethodBased on Vulnerability Dynamic Availability[J].Netinfo Security,2021,21(4):62-72. [3]MA M Y,CHEN L W,MENG N.A Survey of Memory Corruption Attack and Defense [J].Journal of Cyber Security,2017,2(4):82-98. [4]Data-Oriented Programming:On the Expressiveness of Non-control Data Attacks[C]//Symposium on Security and Privacy(SP).2016:969-986. [5]JANG H,PARK M C,LEE D H.IBV-CFI:Efficient fine-grained control-flow integrity preserving CFG precision[J/OL].Computers & Security.https://www.researchgate.net/publication/340442234_IBV-CFI_Efficient_fine-grained_control-flow_integrity_preserving_CFG_precision. [6]LU S B,LIN Z C,ZHANG M.Kernel Vulnerability Analysis:A Survey[C]//2019 IEEEFourth International Conference on Data Science in Cyberspace(DSC).Hangzhou,China,2019:549-554. [7]PAN J F,YAN G L,FAN X C.Digtool:A virtualization-based framework for detecting kernel vulnerabilities[C]//26th USENIX Security Symposium(USENIX Security 17).Vancouver,BC:USENIX Association,2017:149-165. [8]JURCZYK M,COLDWIND G.Bochspwn:Exploiting KernelRace Conditions Found via Memory Access Patterns[C]//The Syscan’12 Conference.2013. [9]BRENDAN D G,JOSH H,PATRICK H,et al.Repeatable Reverse Engineering with PANDA[C]//5th Program Protection and Reverse Engineering Workshop(PPREW-5).Association for Computing Machinery,New York,NY,USA,2015:1-11. [10]MING J,WU D H,WANG J,et al.StraightTaint:decoupled offline symbolic taint analysis[C]//the 31st IEEE/ACM International Conference on Automated Software Engineering(ASE’16).2016:308-319. [11]WANG X J,MA R,DOU B W,et al.OFFDTAN:A New Approach of Offline Dynamic Taint Analysis for Binaries[C]//Security and Communication Networks.2018:1-13. [12]XU J,MU D L,CHEN P,et al.CREDAL:Towards Locating a Memory Corruption Vulnerability with Your Core Dump[C]//the 2016 ACM SIGSAC Conference on Computer and Communications Security(CCS ’16).Association for Computing Machinery,New York,NY,USA,2016:529-540. [13]XU J,MU D L,CHEN P,et al.POMP:Postmortem programanalysis with hardware-enhanced post-crash artifacts[C]//the 26th USENIX Security Symposium.USENIX Association,2017:17-32. [14]CUI W D,PEINADO M,CHA S K,et al.RETracer:Triaging Crashes by Reverse Execution from Partial Memory Dumps[C]//the 38th International Conference on Software Enginee-ring(ICSE).2016:820-831. [15]ZHENG Y,WANG Z,FAN X Y,et al.Localizing multiple software faults based on evolution algorithm[J].The Journal of Systems & Software,2018,139:107-123. [16]JIANG S J,ZHANG X,WANG R C,et al.Fault Localization Approach Based on Path Analysis and Information Entrop[J].Journal of Software,2021,32(7):2166-2182. [17]GUO W B,MU D L,XING X Y,et al.DEEPVSA:Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis[C]//Proceedings of the 28th USENIX Security Symposium.Santa Clara:USENIX Association,2019:1787-1804. [18]YAGEMANN C,PRUETT M,CHUNG S P,et al.ARCUS:Symbolic Root Cause Analysis of Exploits in Production Systems[C]//the 30th USENIX Security Symposium.2021. [19]BLAZYTKO T,SCHLOGEL M,ASCHERMANN C,et al.AURORA:Statistical Crash Analysis for Automated Root Cause Explanation[C]// the 29th USENIX Security Symposium.2020. [20]NI T,YE X.Privilege Escalation Technology of Kernel Vulnerabilities in Write What Where Mode[J].Journal of Information Engineering University,2014,15(2):232-236. |
[1] | ZHANG Xiong and LI Zhou-jun. Survey of Fuzz Testing Technology [J]. Computer Science, 2016, 43(5): 1-8. |
[2] | XU Qian and TAN Cheng-xiang. Mandatory Access Control Model for Android Based on Dynamic Privilege Set [J]. Computer Science, 2015, 42(11): 191-196. |
[3] | . Firm-code Disassembly Technology Based on IVT Reconstruction [J]. Computer Science, 2012, 39(7): 302-204. |
[4] | MENG Chen. Web Browser Vulnerability Exploitation Attack Test Technology Based on Code Overriding [J]. Computer Science, 2011, 38(Z10): 41-43. |
[5] | TANG He-ping HUANG Shu-guang ZHANG Liang. Dynamic Information Flow Analysis for Vulnerability Exploits Detection [J]. Computer Science, 2010, 37(7): 148-151. |
|