Reference:
PORTIA: Of a strange nature is the suit you follow; Yet in such rule that the Venetian law Cannot impugn you as you do proceed. [To Antonio.] You stand within his danger, do you not? – The Merchant of Venice, IV, i, 177–180 Book: Computer Security, Art and Science, By Matt Bishop, 2nd edition. A security policy defines “secure” for a system or a set of systems. A security policy is a statement that partitions the states of the system into a set of authorized, or secure, states and a set of unauthorized, or nonsecure, states.
Reference: Sgx Reference 1 2010-03-10 unfixable flaw reference ↩ Rop Reference 1 Return Oriented Programming Attacks reference ↩ Container Privilege Escalation Reference: DOP Data Oriented Programming Attacks Side Channel References: reference More Spectre Attacks References: Survey of Transient Execution Atacks. Wenjie Xiong, Jakub Szefer. Arxiv, 2020. More
Reference: Control Flow References: reference More uCFI References: Enforcing Unique Code Target Property for Control-Flow Integrity, CCS’18 UCT: Unique Code Target ICT: Indirect Control-flow Transfer Key: collecting the necessary runtime information and using it to augment the points-to analysis on control data. Contraining data: the data helps to determine the target of indirect calls. How to identify the constraining data? How to collect this data efficiently? How to perform the points-to analysis efficiently and accurately?
Reference: Hw Monitor Reference 1 Hardware-based monitoring technique that can detect if the system calls of sophisticated embedded operating systems (e.g. Linux) deviate from the originally programmed behavior due to an attack. By Verifying operation at the level of an individual processor instruction, we can detect any deviation almost instantaneously. By limiting the monitoring to a fraction of the operating system code (i.e. system calls) and not the entire code base, we can achieve low overhead compared to other hardware monitoring approaches.
Reference 1 Hwvmi Reference 1 Introspection in hardware. To match network connections to the application-layer while being isolated and undetected from the operating system or the hypervisor. Motivation Firewalls: external firewall: external device only connected to network cannot see the content of the target computer’s physical memory, thus cannot make decision based on what code is accessing the traffic; software-based firewall: installed on a target computer. can be the target of attacks themselves.
References: reference More On the State of Internet of Things Security: Vulnerabilities,Attacks, and Recent Countermeasures References: SISODIA, DEVKISHEN. “On the State of Internet of Things Security: Vulnerabilities, Attacks, and Recent Countermeasures.” University of Oregon, Tech. Rep (2020). More
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?