تأثیر مکانیزم‌های امنیتی بر آسیب‌پذیری‌های نرم‌افزاری

[1] MITRE. (2011). 2011 CWE/SANS Top 25 Most Dangerous
Software Errors. Available: http://cwe.mitre.org/
top25/
[2] A. One, "Smashing the Stack for Fun and Profit,"
BugTraq Archives, p. http://immunix.org/StackGuard/
profit.html, 1996.
[3] C. P. C. Cowan, D. Maier, H. Hinton, P. Bakke, S. Beattie,
A. Grier, P. Wagle and Q. Zhang, " Automatic Detection
and Prevention of Buffer-Overflow Attacks," 7th
USENIX Security Symposium, 1998.
[4] A. S. L. R. A. T.P. Team. (2003). ASLR. Available:
http://pax.grsecurity.net/docs/aslr.txt
[5] WIKI. (2012). Stack buffer overflow. Available: http://
en.wikipedia.org/wiki/Stack_buffer_overflow
[6] Z. K. Jun Xu, and K. I. Ravishankar , "Transparent
Runtime Randomization for Security.
[7] C. P. Kyungtae-Kim, "Securing heap memory by datapointer
encoding," Elsevier, 2011.
[8] Z. K. Jun Xu, and Ravishankar K. Iyer, "Transparent
Runtime Randomization for Security," 2002.
[9] J. P.anderson, "Computer Security Technology Planning
Study," EDS-TR-73-51, vol. 2, pp. 61-61, Octobr 1972
1972.
[10] D. Seeley. A Tour of the Worm. Available: http://
web.archive.org/web/20070520233435/http://
world.std.com/~franl/worm.html#p4.5.2
[11] WIKI. (2012). Buffer overflow. Available: http://
en.wikipedia.org/wiki/Buffer_overflow
[12] D. Alhambra "Smashing The Stack For Fun And Profit,"
phrack vol. seven, August 1996.
[13] M. technet, "Microsoft Security Bulletin MS02-039,"
2007-06-03 2003.
[14] Games industry, "Hacker breaks Xbox protection without
mod-chip," 2003.
[15] C. P. C. Cowan, D. Maier, J. Walpole, P. Bakke, S.
Beattie, A. Grier, P. Wagle, and Q. Zhang,,
"StackGuard: Automatic Adaptive Detection and Prevention
of Buffer-Overflow Attacks," 1998.
[16] P. W. C. Cowan, C. Pu, S. Beattie, and Jo. Walpole,
"Buffer Overflows: Attacks and Defenses for the Vulnerability
of the Decade*," 1999.
[17] J. S. F. D. Wagner, E. A. Brewer, Al. Aiken, "A First
Step Towards Automated Detection of Buffer Overrun
Vulnerabilities," 2000.
[18] D. E. D. Larochelle, "Statically Detecting Likely Buffer
Overflow Vulnerabilities," 2001.
[19] S. B. C. Cowan, J. Johansen, P. Wagle, "Point
GuardTM: Protecting Pointers From Buffer Overflow
Vulnerabilities," ed Washington, D.C., USA, 2003.
[20] M. B. E. Haugh "Testing C programs for buffer overflow
vulnerabilities," 2003.
[21] M. L. O. Ruwase, "A Practical Dynamic Buffer
Overflow Detector," 2004.
[22] P. K. R. Jones "Backwards-compatible bounds checking
for arrays and pointers in C programs," pp. 13-26, 1997.
[23] F. P. Y. Younan, W. Joosen, "Protecting global and
static variables from buer overflow attacks without
overhead," 2006.
[24] Y. F. Y. Fen, S. Xiaobing, Y. Xinchun, M. Bing "A
New Data Randomization Method to Defend Buffer
Overflow Attacks," Elsevie, 2011.
[25] D. Lea. (2009). A Memory Allocator. Available: http://
g.oswego.edu/dl/html/malloc.html
[26] C. K. Th. Toth, "Accurate Buffer Overflow Detection
via Abstract Payload Execution," 2002.
[27] A. D. K. Gaurav S. Kc, Vassilis Prevelakis, "Countering
Code-Injection Attacks With Instruction-Set Randomization,"
Copyright 2003 ACM, 2003.
[28] M. S. L. Olatunji Ruwase, "A Practical Dynamic Buffer
Overflow Detector," 2003.
[29] J. J. Ch. Kil, Ch. Bookholt, J. Xu, P. Ning, "Address
Space Layout Permutation (ASLP): Towards Fine-
Grained Randomization of Commodity Software,"
2005.
[30] P. N. Jun Xu, Ch. Kil, Y. Zhai, Ch. Bookholt,
"Automatic Diagnosis and Response to Memory Corruption
Vulnerabilities," ACM, 2005.
[31] X. J. M. Kharbutli, Y. Solihin, G. Venkataramani, M.
Prvulovic, "Comprehensively and Efficiently Protecting
the Heap," Intl. Symp. on Architecture Support for Programming
Languages and Operating Systems, 2006.
[32] B. G. Z. Emery D. Berger, "DieHard: Probabilistic
Memory Safety for Unsafe Languages," ACM, 2006.
[33] M. R. C. M. Linn, S. Baker, C. Collberg, S. K. Debray,
J. H. Hartman, "Protecting Against Unexpected System
Calls," 2005.
[34] W. J. Y. Younan, and F. Piessens, "Efficient protection
against heap-based buffer overflows without resorting
to magic," 2005.
[35] J. C. Z. Shao , K. C.C. Chan, C. Xue, E. H.-M. Sha,
"Hardware/software optimization for array & pointer
boundary checking against buffer overflow attacks,"
ScienceDirect, 2006.
[36] A. G. Del Grosso C, Di Penta M, "An evolutionary
testing approach to detect buffer overflow," 2004.
[37] D. P. M. Del Grosso C, Antoniol G, Merlo E, Galinier
P, "Improving network applications security: a new
heuristic to generate stress testing data," 2005.
[38] G. A. C. Del Grosso, E. Merlo, P. Galinier, "Detecting
buffer overflow via automatic test input data generation,"
www.elsevier.com, 2007.
[39] B. L. P. Ratanaworabhan, B. Zorn, "Nozzle: A Defense
Against Heap-spraying Code Injection Attacks," Microsoft
Research Technical Report MSR-TR-2008-176,
2008.
[40] C. H. H. Fu-Hau Hsu, Chi-Hsien Hsu, Chih-Wen Ou, Li
-Han Chen, Ping-Cheng Chiu, "HSP: A solution against
heap sprays," http://www.elsevier.com/locate/jss, 2010.
[41] Symantec, "Analysis of GS protections in Microsoft®
Windows Vista™," 2007.
[42] Symantec, "An Analysis of Address Space Layout Randomization
on Windows Vista™," 2010.
[43] Secunia, "DEP/ASLR Implementation Progress in Popular
Third-party Windows Applications," 2010.
[44] nvd.nist.gov/, "National Vulnerability Database," 2012.
[45] Wiki. (2012). Usage_share_of_web_browsers. Available:
http://en.wikipedia.org/
wikiUsage_share_of_web_browsers
[46] Wiki.(2012).Usage_share_of_operating_systems. Available
:http://en.wikipedia.org/wikiUsage share of operating
systems.