Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.

Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.

Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.

Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.

Abstract: A method for protecting a computer includes identifying a first pointer in a data structure used by a computer program indicating a first memory address to be accessed, using the pointer, in order to invoke a functionality of the computer. The identified first pointer is replaced with a second pointer indicating a second memory address, different from the first memory address. A security program module traps attempts to access the second memory address during execution of the computer program so as to foil unauthorized access to the functionality of the computer.

Abstract: A method for protecting a computer includes identifying potential NOP-sled target addresses in a heap within the memory of the computer. Using a security program module running on the computer, blocks of the memory containing the identified target addresses are preallocated so as to prevent exploitation of the identified target addresses by a heap-spray attack.

Abstract: A method for protecting a computer includes identifying a first pointer in a data structure used by a computer program indicating a first memory address to be accessed, using the pointer, in order to invoke a functionality of the computer. The identified first pointer is replaced with a second pointer indicating a second memory address, different from the first memory address. A security program module traps attempts to access the second memory address during execution of the computer program so as to foil unauthorized access to the functionality of the computer.