Software System Exploration Using Library Call Analysis

  title={Software System Exploration Using Library Call Analysis},
  author={Marinos Tsantekidis and Vassilis Prevelakis},
1 Citations

Model-driven Simulation and Training Environments for Cybersecurity: Second International Workshop, MSTEC 2020, Guildford, UK, September 14–18, 2020, Revised Selected Papers

A taxonomy for interactive cyber training and education is presented that includes different factors of the technical setup, audience, training environment, and training setup that can help trainings to improve and to be established successfully.



Efficient Monitoring of Library Call Invocation

The technique is presented by analyzing the interception of a known exploit of the NGINX server and it is shown that the mechanism can detect and contain the attack and discuss the performance overheads.

Library-Level Policy Enforcement

A system that allows policy to be implemented at the library call level, which screens calls to protected functions, while allowing the implementation of a high level form of control flow integrity based on library calls is described.

Data Execution Prevention

Prediction of abnormal temporal behavior in real-time systems

Ensuring security in real-time and safety-critical systems is becoming extremely challenging, in particular due to the increasingly connectivity of these systems, such as in emerging autonomous

HeapTherapy: An Efficient End-to-End Solution against Heap Buffer Overflows

This work proposes an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named Heap Therapy, which is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms.

Timing-based anomaly detection in embedded systems

An overview of a novel method for non-intrusively detecting malware in embedded system that utilizes timing requirements to improve detection performance and provide increased resilience to mimicry attacks is presented.

Cloning Your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution

The combination of DCL with Multi-Variant Execution is transparent to both the user and the programmer and incurs much less overhead than other ROP defense tools, both in terms of run time and memory footprint.

Control-flow integrity

Control-Flow Integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions.