Design for Security: Measurement, Analysis and Mitigation Techniques
Chen, Shuo
This item is only available for download by members of the University of Illinois community. Students, faculty, and staff at the U of I may log in with your NetID and password to view the item. If you are trying to access an Illinois-restricted dissertation or thesis, you can request a copy through your library's Inter-Library Loan office or purchase a copy directly from ProQuest.
Permalink
https://hdl.handle.net/2142/81704
Description
Title
Design for Security: Measurement, Analysis and Mitigation Techniques
Author(s)
Chen, Shuo
Issue Date
2005
Doctoral Committee Chair(s)
Iyer, Ravishankar K.
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Keyword(s)
Computer Science
Language
eng
Abstract
This dissertation is focused on measurement and analysis of security vulnerability impact and root causes, as well as the design of several techniques for vulnerability mitigation. The research begins with the analysis of the security vulnerabilities published in the Bugtraq list and CERT advisories. An in-depth analysis of vulnerability reports and the corresponding source code of the applications motivate our development of a finite state machine (FSM) model to reason about security vulnerabilities, which provides a more formal way to depict these attacks. Besides the analysis of security vulnerabilities, this work also shows that although most current attacks compromise system security by overwriting control data, a new type of attack, namely non-control-data attack, can be generally applicable to attack real-world software. The notion of pointer taintedness is introduced as the basis for detecting control-data attacks and non-control-data attacks in a unified manner. A pointer is said to be tainted if the pointer value comes directly or indirectly from user input. Pointer taintedness allows the user to arbitrarily specify the target memory address to read, write or transfer control to, which is usually a pathological program behavior due to memory corruption attacks. Based on the notion of pointer taintedness, we developed a theorem proving technique to identify potential security vulnerabilities via static source code analysis, and implemented a processor architecture mechanism for dynamic pointer taintedness detection. The evaluation shows that the proposed techniques offer a better security coverage than existing methods.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.