- 1、本文档共45页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
11162004.ppt
11/16/2004 CS851 Malware Proof-Carrying Code: A Language-Based Security Approach Thao Doan Wei Hu Liqian Luo Jinlin Yang CS851 Malware 11/16/2004 Outline Introduction To Language-based Security Proof-carrying Code (PCC) Example 1: Network Packet Filters Example 2: A Certifying Compiler For Java Issues With PCC Discussion Part 1 Introduction to Language-Based Security Malicious code - A growing problem What is malicious code? “any code added, changed, removed from a software system in order to intentionally cause harm or subvert the intended function of the system.” What makes it a growing problem? Growing connectivity (the Internet) Growing complexity of systems Support for extensibility Two well-known security design principles Principle of Least Privilege a component should be given the minimum privilege necessary to accomplish its task Ex: file access Principle of Minimum Trusted Computing Base keep the TCB as small and simple as possible (~ the KISS principle) Ex: JVM, Proof Checker of PCC Approaches against malicious code Analyze the code : before execution [reject] Ex: scanning, compiler’s dataflow analysis Rewrite the code : before execution [modify] Ex: BEQZ R4, BadCode ? BEQZ R4, GoodCode Monitor the code : during execution [stop before harm] Ex: OS’ page translation hardware Audit the code : during execution [police on harm] Ex: audit trail to assess and address the problem Disadvantages of traditional approaches Miss unseen cases Trust entities required Performance Burden on consumers Motivation of language based security Is it possible to enforce security on the semantics or behavior of the code? Types, logics, proofs come into play Examples Type-Safe Languages Proof-Carrying Code Part 2 Proof-Carrying Code: Concept and Implementation Type-safe languages Type gives semantic meaning to ultimately mere bits associated either with values in memory or with objects Type-safe languages: have complete type systems e.g., Java, C#, ML Code produc
您可能关注的文档
- ©Ming-chi Chen.ppt
- §3 permeability in soil土的渗透性.ppt
- (1945年-----80年代末)总体特征;两极格局的形成及其演变.ppt
- - Chapter 13.ppt
- - Chapter 16.PPT
- - Chapter 18.ppt
- 01月08日上课资料-.ppt
- 09月18日上课资料-.ppt
- 1.4 科学测量.ppt
- 1.直线的倾斜角.ppt
- 中国行业标准 GM/T 0126-2023HTML密码应用置标语法.pdf
- 《JJF 2121-2024恒转速源校准规范》.pdf
- 餐饮服务中20条处理要点.docx
- 《GM/T 0011-2023可信计算 可信密码支撑平台功能与接口规范》.pdf
- 《JJF 2134-2024旋转流变仪校准规范》.pdf
- JJF 2121-2024恒转速源校准规范.pdf
- 计量规程规范 JJF 2121-2024恒转速源校准规范.pdf
- 《JJF 2118-2024压力式六氟化硫气体密度控制器校验仪校准规范》.pdf
- JJF 2134-2024旋转流变仪校准规范.pdf
- 计量规程规范 JJF 2134-2024旋转流变仪校准规范.pdf
文档评论(0)