This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Protecting Your Software Updates
March-April 2013 (vol. 11 no. 2)
pp. 47-54
Bart Coppens, Ghent University
Bjorn De Sutter, Ghent University
Koen De Bosschere, Ghent University
As described in many blog posts and the scientific literature, exploits for software vulnerabilities are often engineered on the basis of patches, which often involves the manual or automated identification of vulnerable code. The authors evaluate how this identification can be automated with the most frequently referenced diffing tools, demonstrating that for certain types of patches, these tools are indeed effective attacker tools. But they also demonstrate that by using binary code diversification, the effectiveness of the tools can be diminished severely, thus severely closing the attacker's window of opportunity.
Index Terms:
Computer security,Software development,Software reliability,Privacy,Semantics,Syntactics,patch-based attacks,software protection,binary code diversity,diffing tools
Citation:
Bart Coppens, Bjorn De Sutter, Koen De Bosschere, "Protecting Your Software Updates," IEEE Security & Privacy, vol. 11, no. 2, pp. 47-54, March-April 2013, doi:10.1109/MSP.2012.113
Usage of this product signifies your acceptance of the Terms of Use.