Article

Article title SCHEME FOR HARMFUL NETWORK DATA DETECTION WITH EXECUTABLE CODE DYNAMIC ANALYSIS
Authors A.V. Blagodarenko
Section SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS
Month, Year 11, 2009 @en
Index UDC 004.056.52 - 004.056.57
DOI
Abstract The article offers the approach for researching data from the network impact to software without sources code research. The method of tracking the spread of external data and identify their use in order to compromise the software shown. An approach of collecting data for the scheme offered. Data files in an application-defined format can be obtained from the open satellite channel and represent, in some way, the typical Internet traffic.

Download PDF

Keywords Software vulnerabilities; testing; verification; fuzzing; satellite Internet; dataflow.
References 1. Корпорация «Майкрософт» и обеспечение безопасности: результаты изменения подхода к разработке продуктов. [Интернет] – режим доступа
http://www.microsoft.com/rus/midsizebusiness/security/sdl.mspx, свободный.
2. WASC Web Application Security Statistics 2008. [Интернет] – режим доступа
http://www.scribd.com/doc/21324267/WASC-Web-Application-Security-Statistics-2008-Russian, свободный.
3. Благодаренко, А.В. Инструментальное средство для проведения
сертификационных испытаний программного обеспечения без исходных кодов // Известия ЮФУ. Технические науки. – 2007. – №1 (76). – С. 212 – 215.
4. C. Cowan, S. Beattie, J. Johansen, and P. Wagle. Point-Guard: Protecting pointers from buffer overflow vulnerabilities. In 12th USENIX Security Symposium, 2003.
5. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle,
Q. Zhang, and H. Hinton. Stack-Guard: automatic adaptive detection and prevention of bufferoverflow attacks. In Proceedings of the 7th USENIX Security Symposium, January 1998.
6. C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: automatic protection from printf format string vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, August 2001.
7. James Newsome, Dawn Song. Dynamic Taint Analysis for Automatic Detection,
Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium, 2005
8. Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
http://www.microsoft.com/technet/security/Bulletin/ms09-050.mspx
9. Michael Sutton, Adam Greene, Pedram Amini. Fuzzing: Brute Force Vulnerability
Discovery. Addison-Wesley Professional; 1 edition (July 9, 2007)
10. Благодаренко, А.В. Широковещательное распространение обновлений
безопасности для ОС Linux через спутниковый канал // Сборник ЮФУ. Тематический выпуск. Информационная безопасность. Перспектива-2009. – 2009. – С. 210–214.

Comments are closed.