Title :
Protecting Your Software Updates
Author :
Coppens, B. ; De Sutter, Bjorn ; De Bosschere, Koen
Author_Institution :
Comput. Syst. Lab., Ghent Univ., Ghent, Belgium
Abstract :
As described in many blog posts and the scientific literature, exploits for software vulnerabilities are often engineered on the basis of patches, which often involves the manual or automated identification of vulnerable code. The authors evaluate how this identification can be automated with the most frequently referenced diffing tools, demonstrating that for certain types of patches, these tools are indeed effective attacker tools. But they also demonstrate that by using binary code diversification, the effectiveness of the tools can be diminished severely, thus severely closing the attacker´s window of opportunity.
Keywords :
computer crime; industrial property; program compilers; program testing; attacker tools; automatic vulnerable code identification; binary code diversification; blog posts; diffing tools; scientific literature; software updates protection; software vulnerabilities; Computer security; Privacy; Semantics; Software development; Software reliability; Syntactics; binary code diversity; diffing tools; patch-based attacks; software protection;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2012.113
