OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: David Cerezo Sánc (bitquakeYAHOO.COM)
Date: Thu Jan 25 2001 - 09:43:26 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    L> I am trying to find papers, articles and books about techniques, methods, and
    L> philosophy of researching and finding security vulnerabilities in
    L> applications. (not penetrating systems, but singular applications, which build
    L> the systems).
    L> I know Havlar Flake wrote some interesting material, but I couldn't find any.

       I already sent this link to the VULN-DEV forum weeks ago:

       "Auditing binaries for security vulnerabilities" by Halvar Flake
          http://www.blackhat.com/presentations/bh-europe-00/HalvarFlake/HalvarFlake.ppt
          http://media.blackhat.com:554/ramgen/blackhat/bh-europe-00/video/bh-europ-00--video.rm
          http://media.blackhat.com:554/ramgen/blackhat/bh-europ-00/audio/bh-europ-00--audio.rm

       "Advanced Windows NT Security" by joey___
          http://www.blackhat.com/presentations/bh-asia-00/joey/joey-asia-00.ppt
          http://www.blackhat.com/presentations/bh-asia-00/joey/joey-asia-00.ppt
          http://media.blackhat.com:554/ramgen/blackhat/bh-asia-00/audio/bh-00-asia-joey-audio.rm

       There's even future training in Las Vegas (February 12th and
    13th) and Singapore (April 25th) on the topic of "Auditing W32 Binaries
    with IDA".

         On the academia, there's been movement on this topic too: a
    paper titled "A First Step Towards Automated Detection of Buffer
    Overrun Vulnerabilities" by David Wagner, Jeffrey S. Foster,
    Eric A. Brewer, and Alexander Aiken covers this topic developing a
    quite _disgusting_ algebra, that can´t catch all bugs in binaries.
    You can find it at:

          http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00.ps
          http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00-slides.ps

         Mr. Wagner's Ph.D. dissertation "Static analysis and computer
    security: New techniques for software assurance " covers this topic
    in extend (126 pages long, published December 2000, I've been unable
    to read it -that's why I can´t comment it-, but it's at my ToDo list ;)
    It's avaible at:

          http://www.cs.berkeley.edu/~daw/papers/phd-dis.ps

          IMHO, better results will be obtained taking Halvar Flake's
    approach rather than Wagner's academic approach; it seems too difficult to
    develop a general way of mathematically modelling important data
    to detect security bugs in binaries, so a more technical approach has
    to be taken, with a deep knowledge on ELF and PE binary formats. 

    --
Signed,
David Cerezo.

    _________________________________________________________
Do You Yahoo!?
Get your free yahoo.com address at http://mail.yahoo.com