Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: David Cerezo Sánc (bitquakeYAHOO.COM)
Date: Thu Jan 25 2001 - 09:43:26 CST
L> I am trying to find papers, articles and books about techniques, methods, and
L> philosophy of researching and finding security vulnerabilities in
L> applications. (not penetrating systems, but singular applications, which build
L> the systems).
L> I know Havlar Flake wrote some interesting material, but I couldn't find any.
I already sent this link to the VULN-DEV forum weeks ago:
"Auditing binaries for security vulnerabilities" by Halvar Flake
"Advanced Windows NT Security" by joey___
There's even future training in Las Vegas (February 12th and
13th) and Singapore (April 25th) on the topic of "Auditing W32 Binaries
On the academia, there's been movement on this topic too: a
paper titled "A First Step Towards Automated Detection of Buffer
Overrun Vulnerabilities" by David Wagner, Jeffrey S. Foster,
Eric A. Brewer, and Alexander Aiken covers this topic developing a
quite _disgusting_ algebra, that can´t catch all bugs in binaries.
You can find it at:
Mr. Wagner's Ph.D. dissertation "Static analysis and computer
security: New techniques for software assurance " covers this topic
in extend (126 pages long, published December 2000, I've been unable
to read it -that's why I can´t comment it-, but it's at my ToDo list ;)
It's avaible at:
IMHO, better results will be obtained taking Halvar Flake's
approach rather than Wagner's academic approach; it seems too difficult to
develop a general way of mathematically modelling important data
to detect security bugs in binaries, so a more technical approach has
to be taken, with a deep knowledge on ELF and PE binary formats.
-- Signed, David Cerezo.
_________________________________________________________ Do You Yahoo!? Get your free yahoo.com address at http://mail.yahoo.com