Zobrazeno 1 - 10
of 78
pro vyhledávání: '"Qian, Zhiyun"'
Filesystem vulnerabilities persist as a significant threat to Android systems, despite various proposed defenses and testing techniques. The complexity of program behaviors and access control mechanisms in Android systems makes it challenging to effe
Externí odkaz:
http://arxiv.org/abs/2407.11279
Open-source software is increasingly reused, complicating the process of patching to repair bugs. In the case of Linux, a distinct ecosystem has formed, with Linux mainline serving as the upstream, stable or long-term-support (LTS) systems forked fro
Externí odkaz:
http://arxiv.org/abs/2402.05212
The widespread deployment of control-flow integrity has propelled non-control data attacks into the mainstream. In the domain of OS kernel exploits, by corrupting critical non-control data, local attackers can directly gain root access or privilege e
Externí odkaz:
http://arxiv.org/abs/2401.17618
Over the past 6 years, Syzbot has fuzzed the Linux kernel day and night to report over 5570 bugs, of which 4604 have been patched [11]. While this is impressive, we have found the average time to find a bug is over 405 days. Moreover, we have found t
Externí odkaz:
http://arxiv.org/abs/2401.11642
Heap memory errors remain a major source of software vulnerabilities. Existing memory safety defenses aim at protecting all objects, resulting in high performance cost and incomplete protection. Instead, we propose an approach that accurately identif
Externí odkaz:
http://arxiv.org/abs/2310.06397
Static analysis is a widely used technique in software engineering for identifying and mitigating bugs. However, a significant hurdle lies in achieving a delicate balance between precision and scalability. Large Language Models (LLMs) offer a promisi
Externí odkaz:
http://arxiv.org/abs/2308.00245
Autor:
Lee, Yu-Tsung, Chen, Haining, Enck, William, Vijayakumar, Hayawardh, Li, Ninghui, Qian, Zhiyun, Petracca, Giuseppe, Jaeger, Trent
Android's filesystem access control is a crucial aspect of its system integrity. It utilizes a combination of mandatory access controls, such as SELinux, and discretionary access controls, like Unix permissions, along with specialized access controls
Externí odkaz:
http://arxiv.org/abs/2302.13506
File name confusion attacks, such as malicious symbolic links and file squatting, have long been studied as sources of security vulnerabilities. However, a recently emerged type, i.e., case-sensitivity-induced name collisions, has not been scrutinize
Externí odkaz:
http://arxiv.org/abs/2211.16735
Publikováno v:
31st USENIX Security Symposium (USENIX Security 2022)
Fuzzing has become one of the most effective bug finding approach for software. In recent years, 24*7 continuous fuzzing platforms have emerged to test critical pieces of software, e.g., Linux kernel. Though capable of discovering many bugs and provi
Externí odkaz:
http://arxiv.org/abs/2111.06002
Autor:
Zhu, Shitong, Li, Shasha, Wang, Zhongjie, Chen, Xun, Qian, Zhiyun, Krishnamurthy, Srikanth V., Chan, Kevin S., Swami, Ananthram
As Deep Packet Inspection (DPI) middleboxes become increasingly popular, a spectrum of adversarial attacks have emerged with the goal of evading such middleboxes. Many of these attacks exploit discrepancies between the middlebox network protocol impl
Externí odkaz:
http://arxiv.org/abs/2011.01514