Zeus
Software Defender technology can defend against attacks exploiting software
vulnerabilities which are serious threats to software for cyber/IT systems and
applications.
BOSTON,
December 27, 2018 /Press Rease/ -- Zeus SW Defender, LLC (http://www.zeusswdef.com) has announced the
Zeus Software Defender Technology (“Zeus”) for protecting software programs
from potential cyber security attacks by hardening the software programs.
Among
various ways of cyber security, protection of software becomes a key issue in
cyber security as the deployments of embedded software systems such as in IoT
(Internet of Things) Devices, Drones, and Autonomous Vehicles are increasing exponentially.
Software vulnerabilities exist in all types of software. A well known software
vulnerability is the buffer overflow. The buffer overflow occurs when a software
program attempts to write data into a memory buffer beyond its boundary.
Attackers exploit buffer overflow to intercept control-flow of software
programs or disclose information critical to security. In particular, attackers
employ buffer overflow to overwrite a pointer, i.e. a memory location that
contains an address of an instruction which the processor will jump to and
execute during program execution. For information leak, attackers overwrite a
specific memory location checking if crash occurs. If not, the written bits are
what are at the location.
Patent
pending Zeus technology performs the dynamic re-encryption of code pointers to
protect software programs written in C/C++ programming language from buffer
overflow attacks for interception and disclosure of control-flow. As examples,
Zeus can block control-flow hijacking
caused by a stack buffer overflow vulnerability CVE-2018-18409 of an open
source tcpflow (https://github.com/simsong/tcpflow/wiki);
CVE-2018-17439 and CVE-2018-15671of a data management SW HDF5 (https://www.hdfgroup.org/downloads);
and CVE-2013-2028 of Nginx web server
leaking a return address byte-by-byte (https://www.rapid7.com/db/vulnerabilities/nginx-cve-2013-2028).
Zeus injects code fragments into programs at compile time so that the programs
harden themselves by encryption and re-encryption at runtime. Zeus has low
overhead in execution time and does not require any additional security
features outside of the program. Since Zeus can cover zero-day attacks, Zeus
dramatically reduces the risks caused by buffer overflow. Zeus can be
implemented into C/C++ Compliers.
For
more information regarding Zeus, please contact
Alex
G. Lee, PhD, Esq., CLP
Managing
Partner
Zeus
SW Defender, LLC
alexglee@zeussfdef.com
Zeus
SW Defender, LLC is based in Boston, and is operated for Zeus Software Defender
technology and related intellectual property development, commercialization,
and monetization.
SOURCE
Zeus SW Defender, LLC
Related
Links
Zeus
Introduction: https://www.slideshare.net/alexglee/zeus-sw-defender-technology-introduction
Posts
No comments:
Post a Comment