Zeus Software Security Technology Introduction
TTS
Zeus Details: Patent pending Zeus technology performs the dynamic re-encryption of code pointers to protect software programs written in the C and C++ programming languages from buffer overflow attacks for interception and disclosure of control-flow. Zeus can successfully mitigate real world cyber attacks reported in real world attacks described in CVEs.
As examples, Zeus can block control-flow hijacking caused by a stack buffer overflow vulnerability CVE-2018-18409 in the open source TCPFLOW project t(https://github.com/simsong/tcpflow/wiki); CVE-2018-17439 and CVE-2018-15671 of the HDF5 library (https://www.hdfgroup.org/downloads); and CVE-2013-2028 of Nginx web server leaking a return address byte-by-byte (https://www.rapid7.com/db/vulnerabilities/nginx-cve-2013-2028). Zeus injects instructions into programs at compile time programs to harden them against buffer overflows by encrypting and decrypting pointers at runtime. Zeus has low execution time overhead and does not require any additional security features outside of the program. Because Zeus can cover zero-day attacks, Zeus dramatically reduces the risks caused by buffer overflow. Zeus can be implemented in C and C++ Compliers.
2019-09-22 11:29:59
source
Gloss