PL
 |
EN

PL EN

Preferencje help
Polish version English version Język
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

Cryptographic software: vulnerabilities in implementations

Autorzy
Łuczaj M.
Treść / Zawartość
Pełne teksty:
Annales_4_2011_Luczaj.pdf
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
Security and cryptographic applications or libraries, just as any other generic software products may be affected by flaws introduced during the implementation process. No matter how much scrutiny security protocols have undergone, it is — as always — the weakest link that holds everything together to makes products secure. In this paper I take a closer look at problems usually resulting from a simple human made mistakes, misunderstanding of algorithm details or a plain lack of experience with tools and environment. In other words: everything that can and will happen during software development but in the fragile context of cryptography.
Słowa kluczowe
EN
Wydawca
Wydawnictwo UMCS
Czasopismo
Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica
Rocznik
2011
Tom
Vol. 11, no. 4
Strony
1--10
Opis fizyczny
Bibliogr. 19 poz.
Twórcy
autor
Łuczaj M.
m.luczaj@elka.pw.edu.pl
  • Institute of Telecommunications, Warsaw University of Technology, Poland
Bibliografia
  • [1] Kernighan B., Ritchie D., The C Programming Language, Prentice Hall (1988).
  • [2] Intel 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A: System Programming Guide; http://developer.intel.com/products/processor/manuals/index.htm
  • [3] Bovet D. P., Cesati M., Understanding the Linux Kernel, O’Reilly (2005).
  • [4] Gorman M., Understanding the Linux Virtual Memory Manager, Prentice Hall (2004).
  • [5] Aleph One, Smashing The Stack For Fun And Profit, Phrack #49; http://www.phrack.org/issues.html?issue=49&id=14
  • [6] GNU C Library, heap manager implementation source code; http://sourceware.org/git/?p=glibc.git;a=tree;f=malloc
  • [7] Solar Designer, JPEG COM Marker Processing Vulnerability; http://www.openwall.com/articles/JPEG-COM-Marker-Vulnerability
  • [8] Dowd M., McDonald J., Schuh J., The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Addison-Wesley Professional (2006).
  • [9] Nominations for Pwnie Awards (2008); http://pwnies.com/archive/2008/nominations/
  • [10] Project Valgrind web site; http://valgrind.org/
  • [11] Debian Security Advisory: DSA-1571-1, openssl – predictable random number generator; http://www.debian.org/security/2008/dsa-1571
  • [12] tmbinc blog post: Thank you, Datel; http://debugmo.de/2008/03/thank-you-datel/
  • [13] NIST.gov, Cryptographic hash algorithm competition; http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
  • [14] Fortify Software Inc., NIST SHA-3 Competition Security Audit Results; http://blog.fortify.com/repo/Fortify-SHA-3-Report.pdf
  • [15] The Matrix Reloaded (2003); http://www.imdb.com/title/tt0234215/
  • [16] BindView advisory: sshd remote root (bug in deattack.c); http://www.mail-archive.com/bugtraq@securityfocus.com/msg04399.html
  • [17] Common Weakness Enumeration, CWE-190: Integer Overflow or Wraparound; http://cwe.mitre.org/data/definitions/190.html
  • [18] OpenSSH Security Advisory (adv.channelalloc); http://www.openbsd.org/advisories/ssh_channelalloc.txt
  • [19] Mozilla Foundation Security Advisory 2007-06, Mozilla Network Security Services (NSS) SSLv2 buffer overflows; http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-d2c893d4-30f6-4781-bd51-f793d7dcee63
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.