forked from llsoftsec/llsoftsecbook
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbook.bib
427 lines (383 loc) · 16 KB
/
book.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
@Electronic{Pornin2018,
author = {Thomas Pornin},
title = {Why Constant-Time Crypto?},
url = {https://www.bearssl.org/constanttime.html},
year = {2018},
}
@Electronic{Hicks2014,
author = {Michael Hicks},
title = {What is memory safety?},
url = {http://www.pl-enthusiast.net/2014/07/21/memory-safety/},
year = {2014},
}
@inproceedings{Shacham2007,
author = {Shacham, Hovav},
title = {The Geometry of Innocent Flesh on the Bone: Return-into-Libc without Function Calls (on the X86)},
year = {2007},
isbn = {9781595937032},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/1315245.1315313},
doi = {10.1145/1315245.1315313},
booktitle = {Proceedings of the 14th ACM Conference on Computer and Communications Security},
pages = {552–561},
numpages = {10},
keywords = {instruction set, turing completeness, return-into-libc},
location = {Alexandria, Virginia, USA},
series = {CCS '07}
}
@inproceedings{Bletsch2011,
author = {Bletsch, Tyler and Jiang, Xuxian and Freeh, Vince W. and Liang, Zhenkai},
title = {Jump-Oriented Programming: A New Class of Code-Reuse Attack},
year = {2011},
isbn = {9781450305648},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/1966913.1966919},
doi = {10.1145/1966913.1966919},
booktitle = {Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security},
pages = {30–40},
numpages = {11},
location = {Hong Kong, China},
series = {ASIACCS '11}
}
@inproceedings{Schuster2015,
author = {F. Schuster and T. Tendyck and C. Liebchen and L. Davi and A. Sadeghi and T. Holz},
booktitle = {2015 IEEE Symposium on Security and Privacy (SP)},
title = {Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications},
year = {2015},
volume = {},
issn = {1081-6011},
pages = {745-762},
keywords = {semantics;runtime;layout;aerospace electronics;object oriented programming;arrays},
doi = {10.1109/SP.2015.51},
url = {https://doi.ieeecomputersociety.org/10.1109/SP.2015.51},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
month = {may}
}
@inproceedings{Bosman2014,
author = {Bosman, Erik and Bos, Herbert},
booktitle = {2014 IEEE Symposium on Security and Privacy},
title = {Framing Signals - A Return to Portable Shellcode},
year = {2014},
volume = {},
number = {},
pages = {243-258},
doi = {10.1109/SP.2014.23}
}
Please keep the comma after the author's name
@Electronic{AlephOne1996,
author = {Aleph One,},
title = {Smashing The Stack For Fun And Profit},
url = {http://www.phrack.org/issues/49/14.html#article},
year = {1996},
}
Please keep the comma after the author's name
@Electronic{Solar1997,
author = {Solar Designer,},
title = {Getting around non-executable stack (and fix)},
url = {https://seclists.org/bugtraq/1997/Aug/63},
year = {1997},
}
@article{Karger1974,
author = {Paul A., Karger and Roger R., Schell},
title = {MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS},
url = {https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/karg74.pdf},
pages = {52},
year = {1974},
}
@article{Thompson1984,
author = {Ken Thompson},
title = {Reflections on Trusting Trust},
url = {https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf},
year = {1984},
}
@Electronic{Gostev2009,
author = {Alexander Gostev},
title = {A short history of Induc},
url = {https://securelist.com/a-short-history-of-induc/30555/},
year = {2009},
}
@article{Cox2015,
author = {Joseph Cox},
title = {Hack Brief: Malware Sneaks Into the Chinese iOS App Store},
url = {https://www.wired.com/2015/09/hack-brief-malware-sneaks-chinese-ios-app-store/},
year = {2015},
journal = {WIRED},
}
@article{Greenberg2019,
author = {Andy Greenberg},
title = {Supply Chain Hackers Snuck Malware Into Videogames},
url = {https://www.wired.com/story/supply-chain-hackers-videogames-asus-ccleaner/},
year = {2019},
journal = {WIRED},
}
@Electronic{Miller2012,
author = {Matt Miller},
title = {Modeling the exploitation and mitigation of memory safety vulnerabilities},
url = {https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2012_10_Breakpoint/BreakPoint2012_Miller_Modeling_the_exploitation_and_mitigation_of_memory_safety_vulnerabilities.pdf},
howpublished = {\href{https://2012.ruxconbreakpoint.com/}{Breakpoint 2012}},
}
@inproceedings{Hu2016,
author = {Hu, Hong and Shinde, Shweta and Adrian, Sendroiu and Chua, Zheng Leong and Saxena, Prateek and Liang, Zhenkai},
booktitle = {2016 IEEE Symposium on Security and Privacy (SP)},
title = {Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks},
year = {2016},
volume = {},
number = {},
pages = {969-986},
doi = {10.1109/SP.2016.62}
}
@article{Dullien2020,
author = {Dullien, Thomas},
journal = {IEEE Transactions on Emerging Topics in Computing},
title = {Weird Machines, Exploitability, and Provable Unexploitability},
year = {2020},
volume = {8},
number = {2},
pages = {391-403},
doi = {10.1109/TETC.2017.2785300}
}
@Electronic{Beer2020,
author = {Ian Beer},
title = {An iOS zero-click radio proximity exploit odyssey},
url = {https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html},
year = {2020},
}
@Electronic{Groß2020,
author = {Samuel Groß},
title = {JITSploitation I: A JIT Bug},
url = {https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html},
year = {2020},
}
@Electronic{Beer2021,
author = {Ian Beer and Samuel Groß},
title = {A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution},
url = {https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html},
year = {2021},
}
@Electronic{Sharma2014,
author = {Siddharth Sharma},
title = {Enhance application security with FORTIFY_SOURCE},
url = {https://www.redhat.com/en/blog/enhance-application-security-fortifysource},
year = {2014},
}
@book{Seacord2013,
author = {Seacord, Robert C.},
title = {Secure Coding in C and C++},
year = {2013},
isbn = {0321822137},
publisher = {Addison-Wesley Professional},
edition = {2nd},
}
@book{Dowd2006,
author = {Dowd, Mark and McDonald, John and Schuh, Justin},
title = {The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities},
year = {2006},
isbn = {0321444426},
publisher = {Addison-Wesley Professional},
}
@InProceedings{Yarom2014,
author = {Yuval Yarom and Katrina Falkner},
booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
title = {{FLUSH+RELOAD}: A High Resolution, Low Noise, L3 Cache {Side-Channel} Attack},
year = {2014},
address = {San Diego, CA},
month = aug,
pages = {719--732},
publisher = {USENIX Association},
file = {:184415 - FLUSH+RELOAD_ a High Resolution, Low Noise, L3 Cache Side Channel Attack.pdf:PDF},
groups = {codegen security},
isbn = {978-1-931971-15-7},
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom},
}
@InProceedings{Weber2021,
author = {Daniel Weber and Ahmad Ibrahim and Hamed Nemati and Michael Schwarz and Christian Rossow},
booktitle = {USENIX Security'21},
title = {Osiris: Automated Discovery of Microarchitectural Side Channels},
year = {2021},
url = {https://arxiv.org/abs/2106.03470},
}
@InProceedings{Osvik2005,
author = {Osvik, Dag Arne and Shamir, Adi and Tromer, Eran},
title = {Cache Attacks and Countermeasures: The Case of AES},
year = {2005},
doi = {10.1007/11605805_1},
journal = {IACR Cryptology ePrint Archive},
}
@InProceedings{Gruss2016a,
author = {Gruss, Daniel and Maurice, Cl\'{e}mentine and Wagner, Klaus and Mangard, Stefan},
booktitle = {Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9721},
title = {Flush+Flush: A Fast and Stealthy Cache Attack},
year = {2016},
pages = {279–299},
series = {DIMVA 2016},
doi = {10.1007/978-3-319-40667-1_14},
url = {https://doi.org/10.1007/978-3-319-40667-1_14},
}
@InProceedings{Gruss2016,
author = {Gruss, Daniel and Maurice, Cl\'{e}mentine and Fogh, Anders and Lipp, Moritz and Mangard, Stefan},
booktitle = {Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security},
title = {Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR},
year = {2016},
series = {CCS '16},
doi = {10.1145/2976749.2978356},
url = {https://doi.org/10.1145/2976749.2978356},
}
@Misc{Percival2005,
author = {Percival, Colin},
howpublished = {BSDCan},
title = {Cache missing for fun and profit},
year = {2005},
url = {https://eprint.iacr.org/2005/271},
}
@InProceedings{Briongos2020,
author = {Samira Briongos and Pedro Malagon and Jose M. Moya and Thomas Eisenbarth},
booktitle = {29th USENIX Security Symposium (USENIX Security 20)},
title = {{RELOAD+REFRESH}: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks},
year = {2020},
url = {https://www.usenix.org/conference/usenixsecurity20/presentation/briongos},
}
@InProceedings{Lipp2020,
author = {Moritz Lipp and Vedad Hadzic and Michael Schwarz and Arthur Perais and Maurice, {Clementine Lucie Noemie} and Daniel Gru{\ss}},
booktitle = {Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020},
title = {Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors},
doi = {10.1145/3320269.3384746},
year = {2020},
}
@article{Burow2017,
author = {Burow, Nathan and Carr, Scott A. and Nash, Joseph and Larsen, Per and Franz, Michael and Brunthaler, Stefan and Payer, Mathias},
title = {Control-Flow Integrity: Precision, Security, and Performance},
year = {2017},
issue_date = {January 2018},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {50},
number = {1},
issn = {0360-0300},
url = {https://doi.org/10.1145/3054924},
doi = {10.1145/3054924},
journal = {ACM Comput. Surv.},
month = {apr},
articleno = {16},
numpages = {33},
keywords = {control-flow hijacking, shadow stack, Control-flow integrity, return-oriented programming}
}
@inproceedings{Conti2015,
author = {Conti, Mauro and Crane, Stephen and Davi, Lucas and Franz, Michael and Larsen, Per and Negro, Marco and Liebchen, Christopher and Qunaibit, Mohaned and Sadeghi, Ahmad-Reza},
title = {Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks},
year = {2015},
isbn = {9781450338325},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/2810103.2813671},
doi = {10.1145/2810103.2813671},
booktitle = {Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security},
pages = {952–963},
numpages = {12},
keywords = {code-reuse attacks, control-flow integrity, stack corruption},
location = {Denver, Colorado, USA},
series = {CCS '15}
}
@Electronic{Serna2012,
author = {Fermin J. Serna},
title = {The Info Leak Era on Software Exploitation},
url = {https://www.youtube.com/watch?v=VgWoPa8Whmc},
note = {Black Hat USA 2012},
year = {2012}
}
@Electronic{McCall2019,
author = {John McCall and Ahmed Bougacha},
title = {arm64e: An ABI for Pointer Authentication},
url = {https://llvm.org/devmtg/2019-10/slides/McCall-Bougacha-arm64e.pdf},
note = {2019 LLVM Developers' Meeting},
year = {2019}
}
@Electronic{Rutland2017,
title = {ARMv8.3 Pointer Authentication},
author = {Mark Rutland},
url = {https://events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf},
note = {Linux Security Summit 2017},
year = {2017}
}
@inproceedings{Liljestrand2021,
title = {$\{$PACStack$\}$: an Authenticated Call Stack},
author = {Liljestrand, Hans and Nyman, Thomas and Gunn, Lachlan J and Ekberg, Jan-Erik and Asokan, N},
booktitle = {30th USENIX Security Symposium (USENIX Security 21)},
pages = {357--374},
year = {2021}
}
@inproceedings{Chen2005,
title = {Non-Control-Data Attacks Are Realistic Threats.},
author = {Chen, Shuo and Xu, Jun and Sezer, Emre Can and Gauriar, Prachi and Iyer, Ravishankar K},
booktitle = {USENIX security symposium},
volume = {5},
pages = {146},
year = {2005}
}
@Electronic{Dullien2018,
author = {Thomas Dullien/Halvar Flake},
title = {Turing completeness, weird machines, Twitter, and muddled terminology},
url = {http://addxorrol.blogspot.com/2018/10/turing-completeness-weird-machines.html},
year = {2018},
}
@inproceedings{Ispoglou2018,
author = {Ispoglou, Kyriakos K. and AlBassam, Bader and Jaeger, Trent and Payer, Mathias},
title = {Block Oriented Programming: Automating Data-Only Attacks},
year = {2018},
isbn = {9781450356930},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3243734.3243739},
doi = {10.1145/3243734.3243739},
booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
pages = {1868–1882},
numpages = {15},
keywords = {block oriented programming, program synthesis, binary analysis, data only attacks, exploitation},
location = {Toronto, Canada},
series = {CCS '18}
}
@Article{Su2021,
author = {Chao Su and Qingkai Zeng},
journal = {Security and Communication Networks},
title = {Survey of {CPU} Cache-Based Side-Channel Attacks: Systematic Analysis, Security Models, and Countermeasures},
year = {2021},
month = {jun},
doi = {10.1155/2021/5559552},
publisher = {Hindawi Limited},
}
@Article{Mushtaq2020,
author = {Maria Mushtaq and Muhammad Asim Mukhtar and Vianney Lapotre and Muhammad Khurram Bhatti and Guy Gogniat},
journal = {Information Systems},
title = {Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for {RSA}},
year = {2020},
month = {sep},
doi = {10.1016/j.is.2020.101524},
publisher = {Elsevier {BV}},
}
@InProceedings{Schwarz2019,
author = {Michael Schwarz and Martin Schwarzl and Moritz Lipp and Jon Masters and Daniel Gruss},
booktitle = {Computer Security - {ESORICS} 2019 - 24th European Symposium on Research in Computer Security, Luxembourg, September 23-27, 2019, Proceedings, Part {I}},
title = {NetSpectre: Read Arbitrary Memory over Network},
year = {2019},
pages = {279--299},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = {11735},
}
@InCollection{Schwarz2017,
author = {Michael Schwarz and Cl{\'{e}}mentine Maurice and Daniel Gruss and Stefan Mangard},
booktitle = {Financial Cryptography and Data Security},
publisher = {Springer International Publishing},
title = {Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in {JavaScript}},
year = {2017},
pages = {247--267},
}
@inproceedings{Serebryany2012,
author = {Serebryany, Konstantin and Bruening, Derek and Potapenko, Alexander and Vyukov, Dmitriy},
title = {$\{$AddressSanitizer$\}$: A Fast Address Sanity Checker},
booktitle = {2012 USENIX Annual Technical Conference (USENIX ATC 12)},
pages = {309--318},
year = {2012}
}