Automated exploit generation method for stack buffer overflow vulnerabilities
In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis...
Saved in:
| Published in: | Trudy Instituta sistemnogo programmirovaniâ Vol. 26; no. 3; pp. 127 - 144 |
|---|---|
| Main Authors: | , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
Russian Academy of Sciences, Ivannikov Institute for System Programming
01.10.2018
|
| Subjects: | |
| ISSN: | 2079-8156, 2220-6426 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis and symbolic execution. We present a tool implementing the method. We used this tool to generate exploits for 8 vulnerabilities in both Linux and Windows programs, 3 of which were undocumented at the time this paper was written. |
|---|---|
| AbstractList | In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis and symbolic execution. We present a tool implementing the method. We used this tool to generate exploits for 8 vulnerabilities in both Linux and Windows programs, 3 of which were undocumented at the time this paper was written. |
| Author | Fedotov, A.N. Padaryan, V.A. Kaushan, V.V. |
| Author_xml | – sequence: 1 givenname: V.A. surname: Padaryan fullname: Padaryan, V.A. – sequence: 2 givenname: V.V. surname: Kaushan fullname: Kaushan, V.V. – sequence: 3 givenname: A.N. surname: Fedotov fullname: Fedotov, A.N. |
| BookMark | eNo9kE1PAjEQQBuDiYj8Aw971MPqtNuvPRLiBwlGI3puSjvFxYWS7oL6713AeJrJy-Rl8s5Jbx3XSMglhRsqBOW3k9nL62iWM6A8Z_KquM7VCekzxiCXnMlet4Mqc02FPCPDplkCABOgCqB98jTatnFlW_QZfm_qWLXZAteYbFvFdbbC9iP6LMSUNa11n9l8GwKmLO4whTp-ZbttvT-eV3XVVthckNNg6waHf3NA3u_v3saP-fT5YTIeTXPXPaFy5tQcUWuvSxcYurKDzjJOHfiOoxJWS9SccbBgCyics0IJDMp6CT4UAzI5en20S7NJ1cqmHxNtZQ4gpoWxqa1cjQa4dswG4AXjXAC3JdWilFqVInjpXefiR5dLsWkShn8fBXMobI6Fzb6wYdIUxqjiFxdFcjg |
| ContentType | Journal Article |
| DBID | AAYXX CITATION DOA |
| DOI | 10.15514/ISPRAS-2014-26(3)-7 |
| DatabaseName | CrossRef Directory of Open Access Journals (DOAJ) |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 2220-6426 |
| EndPage | 144 |
| ExternalDocumentID | oai_doaj_org_article_048c2af043244504a9185968795fd6dc 10_15514_ISPRAS_2014_26_3__7 |
| GroupedDBID | 642 AAYXX ALMA_UNASSIGNED_HOLDINGS CITATION GROUPED_DOAJ OK1 |
| ID | FETCH-LOGICAL-c1567-2c7bee88d89cf2ec9567ca241c0dee8e75a86e84240a0a303cca575ef7ad60df3 |
| IEDL.DBID | DOA |
| ISSN | 2079-8156 |
| IngestDate | Mon Nov 03 22:08:28 EST 2025 Sat Nov 29 05:34:00 EST 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 3 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c1567-2c7bee88d89cf2ec9567ca241c0dee8e75a86e84240a0a303cca575ef7ad60df3 |
| OpenAccessLink | https://doaj.org/article/048c2af043244504a9185968795fd6dc |
| PageCount | 18 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_048c2af043244504a9185968795fd6dc crossref_primary_10_15514_ISPRAS_2014_26_3__7 |
| PublicationCentury | 2000 |
| PublicationDate | 2018-10-01 |
| PublicationDateYYYYMMDD | 2018-10-01 |
| PublicationDate_xml | – month: 10 year: 2018 text: 2018-10-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationTitle | Trudy Instituta sistemnogo programmirovaniâ |
| PublicationYear | 2018 |
| Publisher | Russian Academy of Sciences, Ivannikov Institute for System Programming |
| Publisher_xml | – name: Russian Academy of Sciences, Ivannikov Institute for System Programming |
| SSID | ssj0002507301 |
| Score | 2.0414488 |
| Snippet | In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also... |
| SourceID | doaj crossref |
| SourceType | Open Website Index Database |
| StartPage | 127 |
| SubjectTerms | бинарный код динамический анализ классификация ошибок символьное выполнение эксплуатация уязвимостей |
| Title | Automated exploit generation method for stack buffer overflow vulnerabilities |
| URI | https://doaj.org/article/048c2af043244504a9185968795fd6dc |
| Volume | 26 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVAON databaseName: DOAJ Directory of Open Access Journals customDbUrl: eissn: 2220-6426 dateEnd: 20201231 omitProxy: false ssIdentifier: ssj0002507301 issn: 2079-8156 databaseCode: DOA dateStart: 20100101 isFulltext: true titleUrlDefault: https://www.doaj.org/ providerName: Directory of Open Access Journals |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV09T8MwELVQxcDCN6J8yQMDDFbz4djxWBAVSFBVFKRulmM7qKJqUEnK3-cuSVGZWFgtJ3LuHL930eU9Qi7RItpnJmChS2LGbSCZ8Qn2O6RcxSrzYVar6z_K4TCdTNRozeoLe8IaeeAmcD24yEYmr5XjeBJwowBhlECP7NwJZ_H0BdazVkzhGQzAjlsXneUCid-5EtH-N4cMofcwHj33x7BDQs4icRVfM_kLl9bk-2ucGeyS7ZYg0n6zsD2y4ef7ZGdlvkDbd_GAPPWrsgC66R312Ec3LelbLSGNkaaNMTQFRkqB_tl3mlVohEKxYTOfFV90Wc1wct0aC8XyIXkd3L3c3rPWG4FZeBbJIisz79PUpcrmkbdQ5khrAI5t4GDcy8SkwqccANsEBnAKMgXMzOfSOBG4PD4inXkx98eEcsWtijPA6TDnWeyA8hkgRWiYDsVIEnUJW0VGfzQSGBpLB4ykbiKpMZI6EjrWWnbJDYbvZy4KWNcDkFbdplX_ldaT_7jJKdmChTXyteEZ6ZSLyp-TTbssp5-Li3rHfANmn8DS |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Automated+exploit+generation+method+for+stack+buffer+overflow+vulnerabilities&rft.jtitle=Trudy+Instituta+sistemnogo+programmirovani%C3%A2&rft.au=V.+A.+Padaryan&rft.au=V.+V.+Kaushan&rft.au=A.+N.+Fedotov&rft.date=2018-10-01&rft.pub=Russian+Academy+of+Sciences%2C+Ivannikov+Institute+for+System+Programming&rft.issn=2079-8156&rft.eissn=2220-6426&rft.volume=26&rft.issue=3&rft.spage=127&rft.epage=144&rft_id=info:doi/10.15514%2FISPRAS-2014-26%283%29-7&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_048c2af043244504a9185968795fd6dc |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2079-8156&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2079-8156&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2079-8156&client=summon |