Automated exploit generation method for stack buffer overflow vulnerabilities

In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Trudy Instituta sistemnogo programmirovaniâ Jg. 26; H. 3; S. 127 - 144
Hauptverfasser: Padaryan, V.A., Kaushan, V.V., Fedotov, A.N.
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Russian Academy of Sciences, Ivannikov Institute for System Programming 01.10.2018
Schlagworte:
бинарный код
динамический анализ
классификация ошибок
символьное выполнение
эксплуатация уязвимостей
ISSN:2079-8156, 2220-6426
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis and symbolic execution. We present a tool implementing the method. We used this tool to generate exploits for 8 vulnerabilities in both Linux and Windows programs, 3 of which were undocumented at the time this paper was written.
ISSN:2079-8156
2220-6426
DOI:10.15514/ISPRAS-2014-26(3)-7