• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE Transactions on Reliability >Software Crash Analysis for Automatic Exploit Generation on Binary Programs
【24h】

Software Crash Analysis for Automatic Exploit Generation on Binary Programs

机译:在二进制程序上自动利用漏洞进行软件崩溃分析

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

This paper presents a new method, capable of automatically generating attacks on binary programs from software crashes. We analyze software crashes with a symbolic failure model by performing concolic executions following the failure directed paths, using a whole system environment model and concrete address mapped symbolic memory in ${rm S}^{2} {rm E}$. We propose a new selective symbolic input method and lazy evaluation on pseudo symbolic variables to handle symbolic pointers and speed up the process. This is an end-to-end approach able to create exploits from crash inputs or existing exploits for various applications, including most of the existing benchmark programs, and several large scale applications, such as a word processor (Microsoft office word), a media player (mpalyer), an archiver (unrar), or a pdf reader (foxit). We can deal with vulnerability types including stack and heap overflows, format string, and the use of uninitialized variables. Notably, these applications have become software fuzz testing targets, but still require a manual process with security knowledge to produce mitigation-hardened exploits. Using this method to generate exploits is an automated process for software failures without source code. The proposed method is simpler, more general, faster, and can be scaled to larger programs than existing systems. We produce the exploits within one minute for most of the benchmark programs, including mplayer. We also transform existing exploits of Microsoft office word into new exploits within four minutes. The best speedup is 7,211 times faster than the initial attempt. For heap overflow vulnerability, we can automatically exploit the unlink() macro of glibc, which formerly requires sophisticated hacking efforts.
机译:本文提出了一种新方法,该方法能够从软件崩溃中自动对二进制程序产生攻击。通过使用整个系统环境模型和$ {rm S} ^ {2} {rm E} $中的具体地址映射符号存储器,我们按照故障指示的路径执行概要执行,从而分析了具有符号故障模型的软件崩溃。我们提出了一种新的选择性符号输入方法,并对伪符号变量进行了惰性求值,以处理符号指针并加快处理过程。这是一种端到端方法,能够从崩溃输入或各种应用程序的现有漏洞利用中创建漏洞利用,其中包括大多数现有的基准测试程序以及几个大型应用程序,例如文字处理器(Microsoft Office word),媒体播放器(mpalyer),存档器(unrar)或pdf阅读器(foxit)。我们可以处理漏洞类型,包括堆栈和堆溢出,格式字符串以及未初始化变量的使用。值得注意的是,这些应用程序已成为软件模糊测试的目标,但仍需要具有安全知识的手动过程才能产生经过缓解的漏洞利用。使用此方法生成漏洞利用程序是没有源代码的软件故障的自动化过程。所提出的方法更简单,更通用,更快,并且可以缩放到比现有系统更大的程序。我们会在一分钟内为大多数基准测试程序(包括mplayer)制作漏洞利用程序。我们还将在四分钟之内将Microsoft Office word的现有漏洞转化为新漏洞。最佳加速比初始尝试快7,211倍。对于堆溢出漏洞,我们可以自动利用glibc的unlink()宏,该宏以前需要复杂的黑客工作。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号