參考文獻 |
[1] K. Teeraruangchaisri, “Code Red and Code Red II: Double dragons,” http://www.sans.org/reading_room/whitepapers/malicious/code-red-code-red-ii-double-dragons_88, Sep. 2001, accessed: 2013-05-20.
[2] S. Krishnan and Y. Kim, “Passive identification of conficker nodes on the internet,” University of Minnesota, Tech. Rep., 2009.
[3] Symantec, “The Downadup Codex: A comprehensive guide to
the threat’s mechanics edition 2.0,” http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_downadup_codex_ed2.pdf, Jun. 2009, accessed: 2013-05-20.
[4] Z. Chen and C. Ji, “Intelligent worms: Searching for preys,” http://www.ams.org/samplings/math-awareness-month/06-Chen-Ji.pdf, 2006, accessed: 2013-05-20.
[5] E. J. Aronne, “The Nimda worm: An overview,”
http://www.sans.org/reading_room/whitepapers/malicious/nimda-worm-overview_95, Oct. 2001, accessed: 2013-05-20.
[6] Y. Namestnikov, “Kaspersky security bulletin. statistics 2011 - securelist,” http://www.securelist.com/en/analysis/204792216/Kaspersky_Security_Bulletin_Statistics_2011, 2011, accessed: 06/07/2012.
[7] C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and
D. R. Engler, “EXE: automatically generating inputs of death,” in Proceedings of the 13th ACM conference on Computer and communications security, ser. CCS ’06. New York, NY, USA: ACM, 2006, pp. 322–335. [Online]. Available:
http://doi.acm.org/10.1145/1455518.1455522
[8] R.-G. Xu, P. Godefroid, and R. Majumdar, “Testing for buffer overflows with length abstraction,” in Proceedings of the 2008 international symposium on Software testing and analysis, ser. ISSTA ’08. New York, NY, USA: ACM, 2008, pp. 27–38. [Online]. Available: http://doi.acm.org/10.1145/1390630.1390636
[9] S. Waterman, “Analysis: Who cyber smacked estonia?” http://www.upi.com/Business_News/Security-Industry/2007/06/11/Analysis-Who-cyber-smacked-Estonia/UPI-26831181580439/,
Jun. 2007, accessed: 2013-05-20.
[10] M. Landler, “Digital fears emerge after data siege in estonia,” http://www.nytimes.com/2007/05/29/technology/29estonia.html?pagewanted=all, May 2007, accessed: 2013-04-22.
[11] L. J. Janczewski and A. M. Colarik, Cyber Warfare and Cyber Terrorism, 1st ed. Hershey, PA, USA: IGI Publishing, 2007.
[12] “Georgia DDoS attacks - a quick summary of observations,” https://en.wikipedia.org/wiki/Cyberattacks_during_the_Russia%E2%80%93Georgia_war, Aug. 2008, accessed: 2013-04-22.
[13] Kaspersky Lab, “Kaspersky lab provides its insights on stuxnet worm,” http://www.kaspersky.com/about/news/virus/2010/ Kaspersky_Lab_provides_its_insights_on_Stuxnet_worm, Sep. 2010, accessed: 2012-03-28.
[14] Kaspersky Lab, “Analyses new version of kido (conficker),” http://www.kaspersky.com/news?id=207575791, Apr. 2009, accessed: 2013-05-20.
[15] J.Gibish, Warfare in the 21st century: a selected bibliography. U.S. Army War College Library, 2001.
[16] P. Cornish, D. Livingstone, D. Clemente, and C. York, “On cyber warfare,” http://www.chathamhouse.org/sites/default/files/public/Research/International%20Security/r1110_cyberwarfare.pdf, Sep. 2010, accessed: 2013-05-20.
[17] “OS statistics,” http://www.w3schools.com/browsers/browsers_os.asp, Feb. 2012, accessed: 2012-03-10.
[18] AppBrain, “Number of available Android applications -App-Brain,” http://www.appbrain.com/stats/number-of-android-apps, accessed: 2014-07-04.
[19] “Chart of the day: Android activations hit 1 billion-business insider,” http://www.businessinsider.com/chart-of-the-day-android-activations-hit-1-billion-2013-9, accessed: 2014-07-04.
[20] “Mobile threat report Q4 2012 -F-Secure,” http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q4%202012.pdf, accessed: 2013-05-29.
[21] “Android and security-offical Google mobile blog,” http://googlemobile.blogspot.tw/2012/02/android-and-security.html, accessed: 2013-05-28.
[22] “Black Hat USA 2012 | briefings,” http://www.blackhat.com/usa/bh-us-12-briefings.html, accessed: 2013-05-28.
[23] “Dalviktechnicalinformation,” http://source.android.com/devices/tech/dalvik/index.html, accessed: 2014-06-20.
[24] “The GNU C library,” http://www.gnu.org/software/libc/libc.html, accessed: 2014-06-20.
[25] “Bionic (software),” http://en.wikipedia.org/wiki/Bionic_%28software%29, accessed: 2014-06-20.
[26] “JDK 6 Java native interface-related APIs & developer guides,” http://docs.oracle.com/javase/6/docs/technotes/guides/jni/, accessed: 2014-06-20.
[27] M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti, “Controlflow integrity,” in Proceedings of the 12th ACM conference on Computer and communications security, ser. CCS ’05. New York, NY, USA: ACM, 2005, pp. 340–353. [Online]. Available: http://doi.acm.org/10.1145/1102120.1102165
[28] P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro, “Preventing memory error exploits with WIT,” in Proceedings of the 2008 IEEE Symposium on Security and Privacy, ser. SP ’08. Washington, DC, USA: IEEE Computer Society, 2008, pp. 263–277. [Online]. Available: http://dx.doi.org/10.1109/SP.2008.30
[29] S. Bhatkar, D. C. DuVarney, and R. Sekar, “Address obfuscation: an efficient approach to combat a board range of memory error exploits,” in Proceedings of the 12th conference on USENIX Security Symposium -Volume 12, ser. SSYM’03. Berkeley, CA, USA: USENIX Association, 2003, pp. 105–120. [Online]. Available: https://www.usenix.org/legacy/events/sec03/tech/full_papers/bhatkar/bhatkar.pdf
[30] C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, “StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks,” in Proceedings of the 7th conference on USENIX Security Symposium, vol. 7. USENIX Association, Jan. 1998, pp. 63–78. [Online]. Available: http://static.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf
[31] J. Newsome and D. X. Song, “Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software,” in Proceedings of the Network and Distributed System Security Symposium, 2005. [Online]. Available: http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/taintcheck.pdf
[32] “ASLR - of PaX,” https://pax.grsecurity.net/docs/aslr.txt, accessed: 2014-07-39.
[33] X. Wang, C.-C. Pan, P. Liu, and S. Zhu, “SigFree: a signature-free buffer overflow attack blocker,” in Proceedings of the 15th conference on USENIX Security Symposium -Volume 15, ser. USENIX-SS’06. Berkeley, CA, USA: USENIX Association, 2006, pp. 225–240. [Online]. Available: http://static.usenix.org/event/sec06/tech/full_papers/wang/wang_html/
[34] M. Castro, M. Costa, and T. Harris, “Securing software by enforcing data-flow integrity,” in Proceedings of the 7th symposium on Operating systems design and implementation, ser. OSDI ’06. Berkeley, CA, USA: USENIX Association, 2006, pp. 147–160. [Online]. Available: https://www.usenix.org/legacy/event/osdi06/tech/full_papers/castro/castro.pdf
[35] L.-H. Chen, F.-H. Hsu, C.-H. Huang, C.-W. Ou, C.-J. Lin, and S.-C. Liu, “A robust kernel-based solution to control-hijacking buffer overflow attacks,” Journal of Information Science and Engineering, vol. 27, no. 3, pp. 869–890, 2011. [Online]. Available: http://www.iis.sinica.edu.tw/page/jise/2011/201105_05.pdf
[36] F.-H. Hsu, C.-H. Huang, C.-H. Hsu, C.-W. Ou, L.-H. Chen, and P.-C. Chiu, “HSP: A solution against heap sprays,” Journal of Systems and Software, vol. 83, no. 11, pp. 2227–2236, 2010. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0164121210001767
[37] R. Rugina and M. C. Rinard, “Symbolic bounds analysis of pointers, array indices, and accessed memory regions,” ACM Transactions on Programming Language and Systems, vol. 27, no. 2, pp. 185–235, Mar. 2005. [Online]. Available: http://doi.acm.org/10.1145/1057387.1057388
[38] B. Chess, “Improving computer security using extended static checking,” in Proceedings of the 2002 IEEE Symposium on Security and Privacy, ser. SP ’02. Washington, DC, USA: IEEE Computer Society, 2002, pp. 160–173. [Online]. Available: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1004369&tag=1
[39] D. Larochelle and D. Evans, “Statically detecting likely buffer overflow vulnerabilities,” in Proceedings of the 10th conference on USENIX Security Symposium -Volume 10, ser. SSYM’01. Berkeley, CA, USA: USENIX Association, 2001, pp. 177–190. [Online]. Available: https://www.usenix.org/legacy/events/sec01/full_papers/larochelle/larochelle.pdf
[40] E. C. Sezer, P. Ning, C. Kil, and J. Xu, “MemSherlock: an automated debugger for unknown memory corruption vulnerabilities,” in Proceedings of the 14th ACM conference on Computer and communications security, ser. CCS ’07. New York, NY, USA: ACM, 2007, pp. 562–572. [Online]. Available: http://doi.acm.org/10.1145/1315245.1315314
[41] M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao, “The Daikon system for dynamic detection of likely invariants,” Science of Computer Programming, vol. 69, no. 1-3, pp. 35–45, Dec. 2007.
[42] S. Hangal and M. S. Lam, “Tracking down software bugs using automatic anomaly detection,” in Proceedings of the 24th International Conference on Software Engineering, ser. ICSE ’02. New York, NY, USA: ACM, 2002, pp. 291–301.
[43] P. Zhou, W. Liu, L. Fei, S. Lu, F. Qin, Y. Zhou, S. Midkiff, and J. Torrellas, “AccMon: Automatically detecting memory-related bugs via program counter-based invariants,” in Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, ser. MICRO 37. Washington, DC, USA: IEEE Computer Society, 2004, pp. 269–280.
[44] C.Kil, E.Sezer, P. Ning, and X.Zhang, “Automatedsecuritydebugging using program structural constraints,” in Proceedings of 23rd Annual Computer Security Applications Conference, 2007. ACSAC 2007., ser. ACSAC ’07, dec. 2007, pp. 453–462.
[45] P. Godefroid, M.Y.Levin, andD.A.Molnar, “Automated whitebox fuzz testing,” in Proceedings of the Network and Distributed System Security Symposium. The Internet Society, 2008.
[46] C. Del Grosso, G. Antoniol, E. Merlo, and P. Galinier, “Detecting buffer overflow via automatic test input data generation,” Computers & Opertions Research, vol. 35, no. 10, pp. 3125–3143, Oct. 2008. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0305054807000305
[47] K. Sen, D. Marinov, and G. Agha, “CUTE: A concolic unit testing engine for C,” in Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ser.ESEC/FSE-13. NewYork,NY,USA:ACM,2005,pp.263–272. [Online]. Available: http://doi.acm.org/10.1145/1081706.1081750
[48] H. Shahriar and M. Zulkernine, “Mutation-based testing of buffer overflow vulnerabilities,” in Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference, ser. COMPSAC ’08. Washington, DC, USA: IEEE Computer Society, 2008, pp. 979–984.
[49] K. J. Kratkiewicz, “Evaluating static analysis tools for detecting buffer overflows in C code,” Master’s thesis, Harvard University, March 2005.
[50] H. W. Hethcote, “The mathematics of infectious diseases,” SIAM Reiew, vol. 42, no. 4, pp. 599–653, Dec. 2000. [Online]. Available: http://epubs.siam.org/doi/pdf/10.1137/S0036144500371907
[51] C. C. Zou, W. Gong, and D. Towsley, “Code red worm propagation modeling and analysis,” in Proceedings of the 9th ACM conference on Computer and communications security, ser. CCS ’02. New York, NY, USA: ACM, 2002, pp. 138–147. [Online]. Available: http://doi.acm.org/10.1145/586110.586130
[52] Z. Chen, L. Gao, and K. Kwiat, “Modeling the spread of active worms,” in INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, vol. 3, march-3 april 2003, pp. 1890–1900. [Online]. Available: http://infocom2003.ieee-infocom.org/papers/46_03.pdf
[53] G. Gu, M. Sharif, X. Qin, D. Dagon, W. Lee, and G. Riley, “Worm detection, early warning and response based on local victim information,” in Proceedings of the 20th Annual Computer Security Applications Conference, ser. ACSAC ’04. Washington, DC, USA: IEEE Computer Society, 2004, pp. 136–145. [Online]. Available: http://www.acsac.org/2004/papers/145.pdf
[54] M. A. Rajab, F. Monrose, and A. Terzis, “On the effectiveness of distributed worm monitoring,” in Proceedings of the 14th conference on USENIX Security Symposium -Volume 14, ser. SSYM’05. Berkeley, CA, USA: USENIX Association, 2005, pp. 225–237. [Online]. Available: https://www.usenix.org/legacy/publications/library/proceedings/sec05/tech/full_papers/rajab/rajab.pdf
[55] C. C. Zou, W. Gong, and D. Towsley, “Worm propagation modeling and analysis under dynamic quarantine defense,” in Proceedings of the 2003 ACM workshop on Rapid malcode, ser. WORM ’03. New York, NY, USA: ACM, 2003, pp. 51–60. [Online]. Available: http://doi.acm.org/10.1145/948187.948197
[56] M. Williamson, “Throttling viruses: Restricting propagation to defeat malicious mobile code,” in Proceedings of the 18th Annual Computer Security Applications Conference, ser. ACSAC ’02, Washington, DC, USA, 2002, pp. 61–68. [Online]. Available: https://www.acsac.org/2002/papers/97.pdf
[57] N. Weaver, S. Staniford, and V. Paxson, “Very fast containment of scanning worms,” in Proceedings of the 13th conference on USENIX Security Symposium -Volume 13, ser. SSYM’04. Berkeley, CA, USA: USENIX Association, 2004, pp. 29–44. [Online]. Available: http://static.usenix.org/event/sec04/tech/full_papers/home/staff/alex/export/weaver/weaver_html/containment.pdf
[58] M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham, “Vigilante: End-to-end containment of internet worms,” in Proceedings of the twentieth ACM symposium on Operating systems principles, ser. SOSP ’05. New York, NY, USA: ACM, 2005, pp. 133–147. [Online]. Available: http://doi.acm.org/10.1145/1095810.1095824
[59] D. Moore, C. Shannon, G. Voelker, and S. Savage, “Internet quarantine: Requirements for containing self-propagating code,” in INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, vol. 3, Apr 2003, pp. 1901–1910. [Online]. Available: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1209212
[60] S. Sidiroglou and A. D. Keromytis, “Countering network worms through automatic patch generation,” IEEE Security and Privacy, vol. 3, no. 6, pp. 41–49, Nov. 2005.
[61] A. Smirnov and T.-C. Chiueh, “Automatic patch generation for buffer overflow attacks,” in Proceedings of the Third International Symposium on Information Assurance and Security. Los Alamitos, CA, USA: IEEE Computer Society, Aug 2007, pp. 165–170.
[62] K. Kleiner, “Viral cure could ‘immunise‘ the internet,” http://www.newscientist.com/article/dn8403-viral-cure-could-immunise-the-internet.html, Dec. 2005, accessed: 2013-05-20.
[63] B. Schneier, “Benevolent worms,” http://www.schneier.com/blog/archives/2005/12/benevolent_worm.html, May 2005, accessed: 2013-05-20.
[64] F. Castaneda, E. C. Sezer, and J. Xu, “Worm vs. worm: preliminary study of an active counter-attack mechanism,” in Proceedings of the 2004 ACM workshop on Rapid malcode, ser. WORM ’04. New York, NY, USA: ACM, 2004, pp. 83–93.
[65] L.-H. Chen, F.-H. Hsu, C.-H. Huang, C.-W. Ou, C.-J. Lin, and S.C. Liu, “A robust kernel-based solution to control-hijacking buffer overflow attacks,” Journal of Information Science and Engineering, vol. 27, no. 3, pp. 869–890, 2011.
[66] P. Akritidis, E. P. Markatos, M. Polychronakis, and K. Anagnostakis, “STRIDE: Polymorphic Sled Detection through Instruction Sequence Analysis,” in Proceedings of the 20th IFIP International Information Security Conference (IFIP/SEC), June 2005.
[67] McAfee, “W32/conficker.worm,” http://vil.nai.com/vil/content/v_153464.htm, Nov. 2008, accessed: 2013-05-20.
[68] Militan, “linux/x86 connect back, download a file and execute 149 bytes,” http://www.exploit-db.com/exploits/13337/, Aug. 2008, accessed: 2013-05-20.
[69] Google, “Manifest.permission | Android developers,” http://developer.android.com/reference/android/Manifest.permission.html, accessed: 2013-06-24.
[70] E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in Android,” in Proceedings of the 9th international conference on Mobile
systems, applications, and services, ser. MobiSys ’11. New York, NY, USA: ACM, 2011, pp. 239–252. [Online]. Available: http://doi.acm.org/10.1145/1999995.2000018
[71] “National vulnerability database (CVE-2011-3975),” http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3975, accessed: 2013-10-1.
[72] W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” in Proceedings of the 16th ACM conference on Computer and communications security, ser. CCS ’09. New York, NY, USA: ACM, 2009, pp. 235–245. [Online]. Available: http://doi.acm.org/10.1145/1653662.1653691
[73] M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, “Semantically rich application-centric security in Android,” in Proceedings of the 25th Annual Computer Security Applications Conference, ser. ACSAC ’09. Washington, DC, USA: IEEE Computer Society, 2009, pp. 340–349. [Online]. Available: http://dx.doi.org/10.1109/ACSAC.2009.39
[74] S. Smalley and R. Craig, “Security enhanced (SE) Android: Bringing flexible MAC to Android,” in Proceedings of Annual Network & Distributed System Security Symposium, Apr. 2013.
[75] G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, “Paranoid Android: versatile protection for smartphones,” in Proceedings of the 26th Annual Computer Security Applications Conference, ser. ACSAC ’10. New York, NY, USA: ACM, 2010, pp. 347–356. [Online]. Available: http://doi.acm.org/10.1145/1920261.1920313
[76] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones,” in Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, ser. OSDI’10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924943.1924971
[77] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of Android application security,” in Proceedings of the 20th USENIX Conference on Security, ser. SEC’11. Berkeley, CA, USA: USENIX Association, 2011, pp. 21–21. [Online]. Available: http://dl.acm.org/citation.cfm?id=2028067.2028088
[78] M. Grace, Y. Zhou, Z. Wang, and X. Jiang, “Systematic detection of capability leaks in stock Android smartphones,” in Proceedings of the 19th Network and Distributed System Security Symposium (NDSS), Feb. 2012. [Online]. Available: http://www.csc.ncsu.edu/faculty/jiang/pubs/NDSS12_WOODPECKER.pdf
[79] A. Maji, F. Arshad, S. Bagchi, and J. Rellermeyer, “An empirical study of the robustness of inter-component communication in Android,” in 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2012, pp. 1–12.
|