%PDF-1.4
%
1 0 obj
<< /Type /Metadata /Subtype /XML /Length 1910 >>
stream
dvips + ps2pdf
Mazen Mahmoud Kharbutli
Improving the Security of the Heap through Inter-Process Protection and Intra-Process Temporal Protection
Ph.D. Dissertation
TeX
Kharbutli, Mazen Kharbutli, Ph.D. Dissertation, NCSU
2005-12-07T09:28:00Z
2005-12-07T09:34:54-05:00
Mazen Mahmoud Kharbutli
Improving the Security of the Heap through Inter-Process Protection and Intra-Process Temporal Protection
Ph.D. Dissertation
2005-12-07T09:28:00Z
2005-12-07T09:34:54-05:00
2005-12-07T09:34:54-05:00
Mazen Mahmoud Kharbutli
Improving the Security of the Heap through Inter-Process Protection and Intra-Process Temporal Protection
Ph.D. Dissertation
endstream
endobj
5 0 obj
<<
/S /GoTo
/D (section*.2)
>>
endobj
6 0 obj
<<
/D [ 224 0 R /XYZ 108 702 null ]
>>
endobj
7 0 obj
<<
/Title 8 0 R
/A 5 0 R
/Parent 1865 0 R
/Next 11 0 R
>>
endobj
8 0 obj
(List of Figures)
endobj
9 0 obj
<<
/S /GoTo
/D (section*.4)
>>
endobj
10 0 obj
<<
/D [ 294 0 R /XYZ 108 702 null ]
>>
endobj
11 0 obj
<<
/Title 12 0 R
/A 9 0 R
/Parent 1865 0 R
/Prev 7 0 R
/Next 15 0 R
>>
endobj
12 0 obj
(List of Tables)
endobj
13 0 obj
<<
/S /GoTo
/D (chapter.1)
>>
endobj
14 0 obj
<<
/D [ 322 0 R /XYZ 108 702 null ]
>>
endobj
15 0 obj
<<
/Title 16 0 R
/A 13 0 R
/Parent 1865 0 R
/Prev 11 0 R
/Next 19 0 R
>>
endobj
16 0 obj
(Introduction)
endobj
17 0 obj
<<
/S /GoTo
/D (chapter.2)
>>
endobj
18 0 obj
<<
/D [ 396 0 R /XYZ 108 702 null ]
>>
endobj
19 0 obj
<<
/Title 20 0 R
/A 17 0 R
/Parent 1865 0 R
/Prev 15 0 R
/Next 23 0 R
>>
endobj
20 0 obj
(Related Work)
endobj
21 0 obj
<<
/S /GoTo
/D (chapter.3)
>>
endobj
22 0 obj
<<
/D [ 428 0 R /XYZ 108 702 null ]
>>
endobj
23 0 obj
<<
/Title 24 0 R
/A 21 0 R
/Parent 1865 0 R
/Prev 19 0 R
/Next 55 0 R
/First 27 0 R
/Last 51 0 R
/Count -3
>>
endobj
24 0 obj
(Heap Attacks and Scope of Protection)
endobj
25 0 obj
<<
/S /GoTo
/D (section.3.1)
>>
endobj
26 0 obj
<<
/D [ 428 0 R /XYZ 108 292.3 null ]
>>
endobj
27 0 obj
<<
/Title 28 0 R
/A 25 0 R
/Parent 23 0 R
/Next 31 0 R
>>
endobj
28 0 obj
(Heap Overview)
endobj
29 0 obj
<<
/S /GoTo
/D (section.3.2)
>>
endobj
30 0 obj
<<
/D [ 469 0 R /XYZ 108 556.379 null ]
>>
endobj
31 0 obj
<<
/Title 32 0 R
/A 29 0 R
/Parent 23 0 R
/Prev 27 0 R
/Next 51 0 R
/First 35 0 R
/Last 47 0 R
/Count -4
>>
endobj
32 0 obj
(Heap Attacks)
endobj
33 0 obj
<<
/S /GoTo
/D (section*.6)
>>
endobj
34 0 obj
<<
/D [ 476 0 R /XYZ 108 384.645 null ]
>>
endobj
35 0 obj
<<
/Title 36 0 R
/A 33 0 R
/Parent 31 0 R
/Next 39 0 R
>>
endobj
36 0 obj
(Denial of Service Attack)
endobj
37 0 obj
<<
/S /GoTo
/D (section*.7)
>>
endobj
38 0 obj
<<
/D [ 492 0 R /XYZ 108 390.013 null ]
>>
endobj
39 0 obj
<<
/Title 40 0 R
/A 37 0 R
/Parent 31 0 R
/Prev 35 0 R
/Next 43 0 R
>>
endobj
40 0 obj
(Forward Consolidation Attack)
endobj
41 0 obj
<<
/S /GoTo
/D (section*.8)
>>
endobj
42 0 obj
<<
/D [ 510 0 R /XYZ 108 471.575 null ]
>>
endobj
43 0 obj
<<
/Title 44 0 R
/A 41 0 R
/Parent 31 0 R
/Prev 39 0 R
/Next 47 0 R
>>
endobj
44 0 obj
(Backward Consolidation Attack)
endobj
45 0 obj
<<
/S /GoTo
/D (section*.9)
>>
endobj
46 0 obj
<<
/D [ 521 0 R /XYZ 108 217.32899 null ]
>>
endobj
47 0 obj
<<
/Title 48 0 R
/A 45 0 R
/Parent 31 0 R
/Prev 43 0 R
>>
endobj
48 0 obj
(Function Pointer Overwrite Attack)
endobj
49 0 obj
<<
/S /GoTo
/D (section.3.3)
>>
endobj
50 0 obj
<<
/D [ 529 0 R /XYZ 108 670.783 null ]
>>
endobj
51 0 obj
<<
/Title 52 0 R
/A 49 0 R
/Parent 23 0 R
/Prev 31 0 R
>>
endobj
52 0 obj
(Scope of Protection)
endobj
53 0 obj
<<
/S /GoTo
/D (chapter.4)
>>
endobj
54 0 obj
<<
/D [ 545 0 R /XYZ 108 702 null ]
>>
endobj
55 0 obj
<<
/Title 56 0 R
/A 53 0 R
/Parent 1865 0 R
/Prev 23 0 R
/Next 75 0 R
/First 59 0 R
/Last 71 0 R
/Count -4
>>
endobj
56 0 obj
(Heap Server Design)
endobj
57 0 obj
<<
/S /GoTo
/D (section.4.1)
>>
endobj
58 0 obj
<<
/D [ 545 0 R /XYZ 108 418.311 null ]
>>
endobj
59 0 obj
<<
/Title 60 0 R
/A 57 0 R
/Parent 55 0 R
/Next 63 0 R
>>
endobj
60 0 obj
(Modes of Operation and Optimizations)
endobj
61 0 obj
<<
/S /GoTo
/D (section.4.2)
>>
endobj
62 0 obj
<<
/D [ 589 0 R /XYZ 108 702 null ]
>>
endobj
63 0 obj
<<
/Title 64 0 R
/A 61 0 R
/Parent 55 0 R
/Prev 59 0 R
/Next 67 0 R
>>
endobj
64 0 obj
(Communication)
endobj
65 0 obj
<<
/S /GoTo
/D (section.4.3)
>>
endobj
66 0 obj
<<
/D [ 638 0 R /XYZ 108 433.498 null ]
>>
endobj
67 0 obj
<<
/Title 68 0 R
/A 65 0 R
/Parent 55 0 R
/Prev 63 0 R
/Next 71 0 R
>>
endobj
68 0 obj
(Meta-Data Structures)
endobj
69 0 obj
<<
/S /GoTo
/D (section.4.4)
>>
endobj
70 0 obj
<<
/D [ 667 0 R /XYZ 108 483.27901 null ]
>>
endobj
71 0 obj
<<
/Title 72 0 R
/A 69 0 R
/Parent 55 0 R
/Prev 67 0 R
>>
endobj
72 0 obj
(Heap Server's Security)
endobj
73 0 obj
<<
/S /GoTo
/D (chapter.5)
>>
endobj
74 0 obj
<<
/D [ 685 0 R /XYZ 108 702 null ]
>>
endobj
75 0 obj
<<
/Title 76 0 R
/A 73 0 R
/Parent 1865 0 R
/Prev 55 0 R
/Next 87 0 R
/First 79 0 R
/Last 83 0 R
/Count -2
>>
endobj
76 0 obj
(User-Level Temporal Intra-Process Protection \(UTIPP\))
endobj
77 0 obj
<<
/S /GoTo
/D (section.5.1)
>>
endobj
78 0 obj
<<
/D [ 708 0 R /XYZ 108 607.222 null ]
>>
endobj
79 0 obj
<<
/Title 80 0 R
/A 77 0 R
/Parent 75 0 R
/Next 83 0 R
>>
endobj
80 0 obj
(Implementation)
endobj
81 0 obj
<<
/S /GoTo
/D (section.5.2)
>>
endobj
82 0 obj
<<
/D [ 714 0 R /XYZ 108 702 null ]
>>
endobj
83 0 obj
<<
/Title 84 0 R
/A 81 0 R
/Parent 75 0 R
/Prev 79 0 R
>>
endobj
84 0 obj
(UTIPP Security)
endobj
85 0 obj
<<
/S /GoTo
/D (chapter.6)
>>
endobj
86 0 obj
<<
/D [ 722 0 R /XYZ 108 702 null ]
>>
endobj
87 0 obj
<<
/Title 88 0 R
/A 85 0 R
/Parent 1865 0 R
/Prev 75 0 R
/Next 91 0 R
>>
endobj
88 0 obj
(Heap Layout Obfuscation)
endobj
89 0 obj
<<
/S /GoTo
/D (chapter.7)
>>
endobj
90 0 obj
<<
/D [ 731 0 R /XYZ 108 702 null ]
>>
endobj
91 0 obj
<<
/Title 92 0 R
/A 89 0 R
/Parent 1865 0 R
/Prev 87 0 R
/Next 95 0 R
>>
endobj
92 0 obj
(Evaluation Methodology)
endobj
93 0 obj
<<
/S /GoTo
/D (chapter.8)
>>
endobj
94 0 obj
<<
/D [ 822 0 R /XYZ 108 702 null ]
>>
endobj
95 0 obj
<<
/Title 96 0 R
/A 93 0 R
/Parent 1865 0 R
/Prev 91 0 R
/Next 107 0 R
/First 99 0 R
/Last 103 0 R
/Count -2
>>
endobj
96 0 obj
(Heap Server Evaluation)
endobj
97 0 obj
<<
/S /GoTo
/D (section.8.1)
>>
endobj
98 0 obj
<<
/D [ 822 0 R /XYZ 108 324.08099 null ]
>>
endobj
99 0 obj
<<
/Title 100 0 R
/A 97 0 R
/Parent 95 0 R
/Next 103 0 R
>>
endobj
100 0 obj
(Benchmark Characteristics)
endobj
101 0 obj
<<
/S /GoTo
/D (section.8.2)
>>
endobj
102 0 obj
<<
/D [ 1426 0 R /XYZ 108 702 null ]
>>
endobj
103 0 obj
<<
/Title 104 0 R
/A 101 0 R
/Parent 95 0 R
/Prev 99 0 R
>>
endobj
104 0 obj
(Heap Server Performance)
endobj
105 0 obj
<<
/S /GoTo
/D (chapter.9)
>>
endobj
106 0 obj
<<
/D [ 1586 0 R /XYZ 108 702 null ]
>>
endobj
107 0 obj
<<
/Title 108 0 R
/A 105 0 R
/Parent 1865 0 R
/Prev 95 0 R
/Next 111 0 R
>>
endobj
108 0 obj
(UTIPP Evaluation)
endobj
109 0 obj
<<
/S /GoTo
/D (chapter.10)
>>
endobj
110 0 obj
<<
/D [ 1649 0 R /XYZ 108 702 null ]
>>
endobj
111 0 obj
<<
/Title 112 0 R
/A 109 0 R
/Parent 1865 0 R
/Prev 107 0 R
/Next 115 0 R
>>
endobj
112 0 obj
(Attack Avoidance)
endobj
113 0 obj
<<
/S /GoTo
/D (chapter.11)
>>
endobj
114 0 obj
<<
/D [ 1667 0 R /XYZ 108 702 null ]
>>
endobj
115 0 obj
<<
/Title 116 0 R
/A 113 0 R
/Parent 1865 0 R
/Prev 111 0 R
/Next 119 0 R
>>
endobj
116 0 obj
(Conclusions)
endobj
117 0 obj
<<
/S /GoTo
/D (section*.10)
>>
endobj
118 0 obj
<<
/D [ 1676 0 R /XYZ 108 702 null ]
>>
endobj
119 0 obj
<<
/Title 120 0 R
/A 117 0 R
/Parent 1865 0 R
/Prev 115 0 R
/Next 123 0 R
>>
endobj
120 0 obj
(Bibliography)
endobj
121 0 obj
<<
/S /GoTo
/D (section*.12)
>>
endobj
122 0 obj
<<
/D [ 1702 0 R /XYZ 108 702 null ]
>>
endobj
123 0 obj
<<
/Title 124 0 R
/A 121 0 R
/Parent 1865 0 R
/Prev 119 0 R
/Next 127 0 R
>>
endobj
124 0 obj
(Appendix A: malloc.Base.c)
endobj
125 0 obj
<<
/S /GoTo
/D (section*.13)
>>
endobj
126 0 obj
<<
/D [ 1747 0 R /XYZ 108 702 null ]
>>
endobj
127 0 obj
<<
/Title 128 0 R
/A 125 0 R
/Parent 1865 0 R
/Prev 123 0 R
>>
endobj
128 0 obj
(Appendix B: malloc.heapServer.c)
endobj
129 0 obj
<<
/S /GoTo
/D [ 130 0 R /Fit ]
>>
endobj
130 0 obj
<<
/Type /Page
/Contents 132 0 R
/Resources 131 0 R
/MediaBox [ 0 0 612 792 ]
/Parent 138 0 R
>>
endobj
131 0 obj
<<
/Font << /F22 137 0 R >>
/ProcSet [ /PDF /Text ]
>>
endobj
132 0 obj
<< /Length 1156 /Filter /FlateDecode >>
stream
xڍVKs6WVyfԻmvsh=qWEN}r:t2xy1EGܫ{7̉ iqean}O{, $[o_o\Yy&%4
~{Za#_~__>)yCRQs2!:zi
ةF(yRNL|/Ÿ،(̲`CoU
JjM֎adeO5ݝ'!sWt^ܗ8L8|ygPY^EɬoQ=5${zZYoI.8WA"OLC8ǡU'Ib@AòAwՍ(0̓8;
i*:w
yyANxX3VdKVm&1ѡjIFU
1_5kLۈF s_iUse#MP-k'-.Vѭk'K
(Hi3P grm-
[
RǔEguMQlhIGf[.L,H\Z}#b+ gQQ_IO#9aQ`/ (vsIlT/~>X`#-78uԕEQCGpjd))[0f
D,N{[tK7ΝCWxFP5z F)+a|om0lx2;E0>sFi48e7a*5C"a8#h~YѓBxDsG?83T:-G1 #c<7}=3Oױ,h(JPb<8TdՈ^N_j)y<7a#F_.I'I 4 5ٹsviF6^]&9w#g$) &۶v6iLC2 ݏ)O1%i78
7xyvv̱}IF,$ حws=bY4O%
@F:.dXU_3Ŕ' @9o/RIlqͧoGaJ/,`z
endstream
endobj
133 0 obj
<<
/D [ 130 0 R /XYZ 108 702 null ]
>>
endobj
134 0 obj
<<
/D [ 130 0 R /XYZ 108 702 null ]
>>
endobj
135 0 obj
<<
/Ascent 716
/CapHeight 681
/Descent -282
/FontName /NSUDWM+URWPalladioL-Roma
/ItalicAngle 0
/StemV 84
/XHeight 469
/FontBBox [ -166 -283 1021 943 ]
/Flags 4
/CharSet (/fi/fl/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphe\
n/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/s\
emicolon/equal/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/brack\
etleft/bracketright/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/\
quotedblleft/quotedblright/endash)
/FontFile 136 0 R
>>
endobj
136 0 obj
<< /Length1 1638 /Length2 23976 /Length3 532 /Length 24886 /Filter /FlateDecode >>
stream
xڬcx]-;[+tlƊm6;Îmtl>gk|Ǻ{V5Ɯ"'VT27۹330 Ԕ5llL-em p"N@#K{;Q# @h
XX p {O'Ks _jZZ+`3- /܀6@;U@`fi( J ajiwUt54Z 휁 3{'Ϳ {;SK`pv X &@ @'[Kg Kg,Ll\MEBN#l);88Y: fU7O#v؛47qWIY9\.eZ:;yΖvŀ47r2:;Wz#f8X8mY4q_KEo܀N4_k/ #S{;O)QoJ s"H?"o~66F&uF67+VٙFKgqKoٙl, zf&S4Wڙw%9yW{UO9{5@w˱0X}/b@oL71;{#;ӿ@)ѿ03;_9 ?l hlobR7<)3>P֤Z\Pk]e^