Security

is always excessive until it’s not enough

Author: Mustakim

SVF: Interprocedural Static Value-Flow Analysis in LLVM

SVF is a static analysis framework implemented in LLVM that allows value-flow construction and pointer analysis to be performed in an iterative manner (sparse analysis – analysis conducted into stages, from overapproximate analysis to precise, expensive analysis). It uses (default) points-to information from Andersen’s analysis and constructs an interprocedural memory SSA (Static-Single Assignment) form where […]

Read More

My Reading: Software Attack

k-hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces Link: http://web.cse.ohio-state.edu/~lin.3021/file/CCS18.pdfSource Code: https://github.com/GoSSIP-SJTU/k-hunt Summary: It would be useful for attackers if they can identify the memory location where an application store its cryptographic keys. It will be more useful to do taint analysis for various purpose (e.g. identify if a key is insecure). This research uses […]

Read More

My Reading: Control Flow Integrity

Due to memory vulnerability in popular programming (C, C++), the hacker can use them to overwrite other memories and take control of the vulnerable system. To the attacker, control flow hijack is one of the first priority to check on if they can find a vulnerability. Control flow hijack stands for turning regular program execution […]

Read More

My Reading: Kernel Fuzzer

Linux kernel is a complicated code base written in c programming language. As for this, they are vulnerable to memory corruption. Generally, it is believed to be the kernel is trusted. The only way kernel can be acted according to the user is through system calls from user programme. So, the researchers are focusing on […]

Read More

How I’ve Learned Intel Pin Tool

The most difficult part of doing research is prototyping. Especially when it’s about security, its a must one. A researcher has to prove the proposed system is legitimate. It’s true for both attack and defense. Researchers greatly depend on existing technology and software to implement their prototype. It cuts the development time to start from […]

Read More
Positive SSL