Automated exploit generation method for stack buffer overflow vulnerabilities
In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis...
Uloženo v:
| Vydáno v: | Trudy Instituta sistemnogo programmirovaniâ Ročník 26; číslo 3; s. 127 - 144 |
|---|---|
| Hlavní autoři: | , , |
| Médium: | Journal Article |
| Jazyk: | angličtina |
| Vydáno: |
Russian Academy of Sciences, Ivannikov Institute for System Programming
01.10.2018
|
| Témata: | |
| ISSN: | 2079-8156, 2220-6426 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Shrnutí: | In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis and symbolic execution. We present a tool implementing the method. We used this tool to generate exploits for 8 vulnerabilities in both Linux and Windows programs, 3 of which were undocumented at the time this paper was written. |
|---|---|
| ISSN: | 2079-8156 2220-6426 |
| DOI: | 10.15514/ISPRAS-2014-26(3)-7 |