CRAX: Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations

Shih-Kun Huang*, Min Hsiang Huang, Po Yen Huang, Chung Wei Lai, Han Lin Lu, Wai Meng Leong

*Corresponding author for this work

研究成果: Conference contribution同行評審

32 引文 斯高帕斯(Scopus)

摘要

We present a simple framework capable of automatically generating attacks that exploit control flow hijacking vulnerabilities. We analyze given software crashes and perform symbolic execution in concolic mode, using a whole system environment model. The framework uses an end-to-end approach to generate exploits for various applications, including 16 medium scale benchmark programs, and several large scale applications, such as Mplayer (a media player), Unrar (an archiver) and Foxit(a pdf reader), with stack/heap overflow, off-by-one overflow, use of uninitialized variable, format string vulnerabilities. Notably, these applications have been typically regarded as fuzzing preys, but still require a manual process with security knowledge to produce mitigation-hardened exploits. Using our system to produce exploits is a fully automated and straightforward process for crashed software without source. We produce the exploits within six minutes for medium scale of programs, and as long as 80 minutes for mplayer (about 500,000 LOC), after constraint reductions. Our results demonstrate that the link between software bugs and security vulnerabilities can be automatically bridged.

原文English
主出版物標題Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
頁面78-87
頁數10
DOIs
出版狀態Published - 1 十月 2012
事件2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012 - Gaithersburg, MD, United States
持續時間: 20 六月 201222 六月 2012

出版系列

名字Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012

Conference

Conference2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
國家United States
城市Gaithersburg, MD
期間20/06/1222/06/12

指紋 深入研究「CRAX: Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations」主題。共同形成了獨特的指紋。

引用此