• DocumentCode
    1754399
  • Title

    Protecting Your Software Updates

  • Author

    Coppens, B. ; De Sutter, Bjorn ; De Bosschere, Koen

  • Author_Institution
    Comput. Syst. Lab., Ghent Univ., Ghent, Belgium
  • Volume
    11
  • Issue
    2
  • fYear
    2013
  • fDate
    March-April 2013
  • Firstpage
    47
  • Lastpage
    54
  • Abstract
    As described in many blog posts and the scientific literature, exploits for software vulnerabilities are often engineered on the basis of patches, which often involves the manual or automated identification of vulnerable code. The authors evaluate how this identification can be automated with the most frequently referenced diffing tools, demonstrating that for certain types of patches, these tools are indeed effective attacker tools. But they also demonstrate that by using binary code diversification, the effectiveness of the tools can be diminished severely, thus severely closing the attacker´s window of opportunity.
  • Keywords
    computer crime; industrial property; program compilers; program testing; attacker tools; automatic vulnerable code identification; binary code diversification; blog posts; diffing tools; scientific literature; software updates protection; software vulnerabilities; Computer security; Privacy; Semantics; Software development; Software reliability; Syntactics; binary code diversity; diffing tools; patch-based attacks; software protection;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2012.113
  • Filename
    6307797
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1754399