|
[1] Anonymous. Bypassing PaX ASLR protection. http://www.ouah.org/p59-0x09.txt, July 2002. [2] E. G. Barrantes, D. H. Ackley, S. Forrest, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 281-289, New York, NY, USA, 2003. ACM. [3] S. Bhatkar, D. C. DuVarney, and R. Sekar. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105-120, 2003. [4] S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient Techniques for Comprehensive Protection from Memory Error Exploits. In Proceedings of the 14th Conference on USENIX Security Symposium, pages 255-270, Berkeley, CA, USA, 2005. USENIX Association. [5] CERT. Multiple Vulnerabilities in Oracle Servers. http://www.cert.org/advisories/CA-2002-08.html, Mar 2002. CERT advisory CA-2002-08. [6] H. Father. Hooking Windows API - Technics of Hooking API Functions on Windows. http://rootkit.host.sk, 2002. [7] S. Forrest, A. Somayaji, and D. H. Ackley. Building Diverse Computer Systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems, page 67-72, Washington, DC, USA, 1997. IEEE Computer Society. [8] M. Howard. Address Space Layout Randomization in Windows Vista. http://blogs.msdn.com/michael_howard/archive/2006/05/26/address-space-layout-randomization-in-windows-vista.aspx, May 2006. [9] G. Hunt and D. Brubacher. Detours: Binary Interception of Win32 Functions. In Proceedings of the 3rd USENIX Windows NT Symposium, pages 135-143, 1998. [10] X. Jiang, H. J. Wang, D. Xu, and Y.-M. Wang. RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization. In Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems, pages 209-218, Washington, DC, USA, 2007. IEEE Computer Society. [11] Y. Kaplan. API Spying Techniques for Windows 9x, NT and 2000. http://www.internals.com/articles/apispy/apispy.htm, 2000. [12] G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering Code-Injection Attacks with Instruction-Set Randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 272-280, New York, NY, USA, 2003. ACM. [13] C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning. Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software. In Proceedings of the 22nd Conference on Annual Computer Security Applications, pages 339-348, Washington, DC, USA, 2006. IEEE Computer Society. [14] Unix System Labs. Executable and Linkable File (ELF). Tool Interface Standard. [15] L. Li, J. E. Just, and R. Sekar. Address-Space Randomization for Windows Systems. In Proceedings of the 22nd Conference on Annual Computer Security Applications, pages 329-338, Dec. 2006. [16] D. Litchfield. Hackproofing Oracle Application Server. http://www.nextgenss.com/papers/hpoas.pdf, Jan. 2002. [17] Microsoft. Microsoft Security Bulletin MS04-040. http://www.microsoft.com/technet/security/Bulletin/MS04-040.mspx, 2004. [18] Microsoft. Microsoft Security Bulletin MS05-020. http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx, 2005. [19] Microsoft. Microsoft Portable Executable and Common Object File Format Specification. http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx, March 2008. [20] M. Milenkovi'c, A. Milenkovi'c, and E. Jovanov. Using Instruction Block Signatures to Counter Code Injection Attacks. SIGARCH Comput. Archit. News, pages 108-117, 2005. [21] Microsoft Developer Network. LIST ENTRY. http://msdn.microsoft.com/en-us/library/aa491571.aspx. [22] Microsoft Developer Network. PEB Structure. http://msdn.microsoft.com/en-us/library/aa813706(VS.85).aspx. [23] M. Pietrek. Under the Hook. http://www.microsoft.com/msj/0997/hood0997.aspx, 1997. [24] J. Richter. Load Your 32-bit DLL into Another Process's Address Space Using INJLIB. Microsoft Systems Journal, 1994. [25] J. Seward, N. Nethercote, J. Weidendorfer, and the Valgrind Development Team. Valgrind 3.3 - Advanced Debugging and Profiling for GNU/Linux Applications. http://valgrind.org/. [26] H. Shacham, M. Page, B. Pfa®, E.-J. Goh, N. Modadugu, and D. Boneh. On the Effectiveness of Address-Space Randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, pages 298-307, New York, NY, USA, 2004. ACM. [27] Skape. Understanding Windows Shellcode. http://www.hick.org/code/skape/papers/win32-shellcode.pdf, December 2003. [28] A. N. Sovarel, D. Evans, and N. Paul. Where's the FEEB? The Effectiveness of Instruction Set Randomization. In Proceedings of the 14th Conference on USENIX Security Symposium, pages 145-160, Berkeley, CA, USA, 2005. USENIX Association. [29] Metasploit Development Team. Metasploit. http://www.metasploit.com/, 2003. [30] PaX Team. The PaX Address Space Layout Randomization project. http://pax.grsecurity.net/, 2002. [31] PaX Team. WehnTrust. http://www.codeplex.com/wehntrust, 2006. [32] E. Tsyrklevich. Ozone HIPS: Unbreakable Windows. http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-tsyrklevich.pdf. [33] D. Wagner and P. Soto. Mimicry Attacks on Host-Based Intrusion Detection Systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security, November 2002. [34] O. Whitehouse. An Analysis of Address Space Layout Randomization on Windows Vista. http://www.symantec.com/avcenter/reference/Address Space Layout Randomization.pdf, Feb. 2007. [35] H. Xu and S. J. Chapin. Improving Address Space Randomization with a Dynamic Offset Randomization Technique. In Proceedings of the 2006 ACM Symposium on Applied Computing, pages 384-391, New York, NY, USA, 2006. ACM. [36] J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent Runtime Randomization for Security. In Proceedings of the 22th IEEE International Symposium on Reliable Distributed Systems, pages 260{269, Oct. 2003.
|