BofAEG: Automated Stack Buffer Overflow Vulnerability Detection and Exploit Generation Based on Symbolic Execution and Dynamic Analysis
Stack buffer overflow vulnerability is a common software vulnerability that can overwrite function return addresses and hijack program control flow, causing serious system problems. Existing automated exploit generation (AEG) solutions cannot bypass position-independent executable (PIE) exploit miti...
Uložené v:
| Vydané v: | Security and communication networks Ročník 2022; s. 1 - 9 |
|---|---|
| Hlavní autori: | , |
| Médium: | Journal Article |
| Jazyk: | English |
| Vydavateľské údaje: |
London
Hindawi
22.06.2022
John Wiley & Sons, Inc |
| Predmet: | |
| ISSN: | 1939-0114, 1939-0122 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | Stack buffer overflow vulnerability is a common software vulnerability that can overwrite function return addresses and hijack program control flow, causing serious system problems. Existing automated exploit generation (AEG) solutions cannot bypass position-independent executable (PIE) exploit mitigation and cannot cope with the situation where the standard output function is not introduced into the program. In this paper, we propose a solution to alleviate the above difficulties: BofAEG, which is based on symbolic execution and dynamic analysis to automatically detect stack buffer overflow vulnerability and generate exploit. We used to capture the flag (CTF) and common vulnerabilities and exposures (CVE) programs for experiments. Results show that BofAEG can not only detect and generate exploits effectively but also implement more exploit techniques and is faster than existing AEG solutions. |
|---|---|
| AbstractList | Stack buffer overflow vulnerability is a common software vulnerability that can overwrite function return addresses and hijack program control flow, causing serious system problems. Existing automated exploit generation (AEG) solutions cannot bypass position-independent executable (PIE) exploit mitigation and cannot cope with the situation where the standard output function is not introduced into the program. In this paper, we propose a solution to alleviate the above difficulties: BofAEG, which is based on symbolic execution and dynamic analysis to automatically detect stack buffer overflow vulnerability and generate exploit. We used to capture the flag (CTF) and common vulnerabilities and exposures (CVE) programs for experiments. Results show that BofAEG can not only detect and generate exploits effectively but also implement more exploit techniques and is faster than existing AEG solutions. |
| Author | Xu, Shenglin Wang, Yongjun |
| Author_xml | – sequence: 1 givenname: Shenglin orcidid: 0000-0001-9533-4086 surname: Xu fullname: Xu, Shenglin organization: School of ComputerNational University of Defense TechnologyChangshaChinanudt.edu.cn – sequence: 2 givenname: Yongjun surname: Wang fullname: Wang, Yongjun organization: School of ComputerNational University of Defense TechnologyChangshaChinanudt.edu.cn |
| BookMark | eNp9kMtOwzAQRS0EEm1hxwdYYgmlfrR5sEsfFKRKXRTYRhPHFi5pXGyHki_gt0kf6gIJVnM1Ovdq5rbRaWlKidAVJXeUDgY9RhjrUTagcRSeoBaNedwllLHTo6b9c9R2bklIQPthv4W-h0Ylk-k9TipvVuBljhcexDseVkpJi-ef0qrCbPBrVZTSQqYL7Ws8ll4Kr02Joczx5GtdGO3xVG6R3XoIrolqxKJeZabQooGkqI6WcV3CqtkmJRS10-4CnSkonLw8zA56eZg8jx67s_n0aZTMuoLz0HcD1ocAeE4F5BlEPIpVRIHwGMJASckjGRJFMpGHA8nDmDIeK5VljOZhzoOmhA663ueurfmopPPp0lS2OcKlLGjyCOFkS7E9JaxxzkqVCu13j3kLukgpSbeFp9vC00Phjen2l2lt9Qps_Rd-s8ffdJnDRv9P_wCpNZEA |
| CitedBy_id | crossref_primary_10_1109_TIFS_2023_3322319 crossref_primary_10_3390_sym15122197 crossref_primary_10_1186_s42400_024_00322_9 crossref_primary_10_3390_electronics12234741 |
| Cites_doi | 10.1109/tmc.2019.2936561 10.1109/sp.2016.17 10.1109/tdsc.2019.2956035 10.1109/qrs-c.2018.00085 10.1109/trustcom/bigdatase.2018.00103 10.1109/icstw.2019.00068 10.1145/360248.360252 10.1145/3372297.3423353 10.1145/3319535.3363212 10.1134/s0361768815060055 10.3390/app11209727 10.1145/2560217.2560219 10.1145/3139337.3139346 10.1007/978-3-030-52683-2_5 10.1145/2133375.2133377 10.1109/sp.2018.00046 10.1109/sp.2012.31 10.1145/3081333.3081361 |
| ContentType | Journal Article |
| Copyright | Copyright © 2022 Shenglin Xu and Yongjun Wang. Copyright © 2022 Shenglin Xu and Yongjun Wang. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0 |
| Copyright_xml | – notice: Copyright © 2022 Shenglin Xu and Yongjun Wang. – notice: Copyright © 2022 Shenglin Xu and Yongjun Wang. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0 |
| DBID | RHU RHW RHX AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| DOI | 10.1155/2022/1251987 |
| DatabaseName | Hindawi Publishing Complete Hindawi Publishing Subscription Journals Hindawi Publishing Open Access CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | CrossRef Technology Research Database |
| Database_xml | – sequence: 1 dbid: RHX name: Hindawi Publishing Open Access url: http://www.hindawi.com/journals/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 1939-0122 |
| Editor | Coppolino, Luigi |
| Editor_xml | – sequence: 1 givenname: Luigi surname: Coppolino fullname: Coppolino, Luigi |
| EndPage | 9 |
| ExternalDocumentID | 10_1155_2022_1251987 |
| GrantInformation_xml | – fundername: National Basic Research Program of China (973 Program) grantid: 2018YFB0204301 – fundername: National Natural Science Foundation of China grantid: 61472439 |
| GroupedDBID | .4S .DC 05W 0R~ 123 1OC 3SF 4.4 52U 5DZ 66C 8-1 8UM AAESR AAFWJ AAJEY AAONW ACGFO ADBBV ADIZJ AENEX AFBPY AFKRA AJXKR ALMA_UNASSIGNED_HOLDINGS ARAPS ARCSS ATUGU AZVAB BCNDV BENPR BGLVJ BHBCM BNHUX BOGZA BRXPI CCPQU CS3 DR2 DU5 EBS EIS F1Z G-S GROUPED_DOAJ HCIFZ HZ~ IAO ICD ITC IX1 K7- LITHE MY. MY~ NNB O9- OIG OK1 P2P PIMPY RHU RHW RHX TH9 TUS W99 WBKPD XV2 24P AAMMB AAYXX ACCMX ADMLS AEFGJ AGXDD AIDQK AIDYY ALUQN CITATION H13 7SC 7SP 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c337t-624a6a3d1cadba8389f81a039a76fee38e70f0bcd75e3791239ffbb21d7d36193 |
| IEDL.DBID | RHX |
| ISICitedReferencesCount | 7 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000853224800001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1939-0114 |
| IngestDate | Sun Jul 13 05:21:10 EDT 2025 Tue Nov 18 22:33:49 EST 2025 Sat Nov 29 02:59:40 EST 2025 Sun Jun 02 18:53:16 EDT 2024 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| License | This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. https://creativecommons.org/licenses/by/4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c337t-624a6a3d1cadba8389f81a039a76fee38e70f0bcd75e3791239ffbb21d7d36193 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-9533-4086 |
| OpenAccessLink | https://dx.doi.org/10.1155/2022/1251987 |
| PQID | 2683800309 |
| PQPubID | 1046363 |
| PageCount | 9 |
| ParticipantIDs | proquest_journals_2683800309 crossref_citationtrail_10_1155_2022_1251987 crossref_primary_10_1155_2022_1251987 hindawi_primary_10_1155_2022_1251987 |
| PublicationCentury | 2000 |
| PublicationDate | 2022-06-22 |
| PublicationDateYYYYMMDD | 2022-06-22 |
| PublicationDate_xml | – month: 06 year: 2022 text: 2022-06-22 day: 22 |
| PublicationDecade | 2020 |
| PublicationPlace | London |
| PublicationPlace_xml | – name: London |
| PublicationTitle | Security and communication networks |
| PublicationYear | 2022 |
| Publisher | Hindawi John Wiley & Sons, Inc |
| Publisher_xml | – name: Hindawi – name: John Wiley & Sons, Inc |
| References | Y. Gao (4) 2013 H. Zhao (19) 2019 22 CVEs (2) 2022 24 26 27 S. Rawat (8) 2017 28 29 one_gadget (41) A. One (1) 1996; 7 W. Chen (25) C. Cowan (3) 1998 M. Zalewski (7) 2017 Y. Wan (18) 2017; 26 M. Eckert (16) pwntools (38) I. Yun (9) 31 10 32 E. L. F. # File_Structure (37) 12 34 13 35 14 S. Heelan (30) 2009 R. Wang (21) 2021 17 39 Zeratool (36) Y. Wang (15) Y. Chen (11) 2019 S. K. Huang (33) 5 bof_aeg (43) radare2 (40) W. Wu (23) P. Team (6) 2003 CTFTIME (42) 20 |
| References_xml | – ident: 28 doi: 10.1109/tmc.2019.2936561 – start-page: 1187 ident: 23 article-title: {KEPLER}: facilitating control-flow hijacking primitive evaluation for linux kernel vulnerabilities – ident: 38 article-title: Github repository – ident: 39 doi: 10.1109/sp.2016.17 – ident: 29 doi: 10.1109/tdsc.2019.2956035 – start-page: 745 ident: 9 article-title: {QSYM}: a practical concolic execution engine tailored for hybrid fuzzing – ident: 35 doi: 10.1109/qrs-c.2018.00085 – volume-title: Journal Of Air Force Engineering University (Natural Science Edition) year: 2021 ident: 21 article-title: Research on automatic exploit generation method of format string vulnerability based on symbolic execution – volume-title: Application Research of Computers year: 2019 ident: 19 article-title: Automatic detection and test cases generation of format string vulnerability based on symbol execution – ident: 36 article-title: Github Repository – ident: 14 doi: 10.1109/trustcom/bigdatase.2018.00103 – volume: 7 start-page: 14 year: 1996 ident: 1 article-title: Smashing the stack for fun and profit publication-title: Phrack magazine – start-page: 1 volume-title: Vuzzer: Application-Aware Evolutionary Fuzzing year: 2017 ident: 8 – start-page: 99 ident: 16 article-title: {HeapHopper}: bringing bounded model checking to heap implementation security – ident: 27 doi: 10.1109/icstw.2019.00068 – ident: 40 article-title: Github repository – ident: 41 article-title: Github Repository – start-page: 63 volume-title: USENIX Security Symposium year: 1998 ident: 3 article-title: Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks – ident: 12 doi: 10.1145/360248.360252 – ident: 24 doi: 10.1145/3372297.3423353 – ident: 37 article-title: Wiki – year: 2022 ident: 2 article-title: Related to Stack Buffer Overflow Vulnerabilities – volume: 26 start-page: 44 year: 2017 ident: 18 article-title: Automatic exploit generation system based on symbolic execution publication-title: Computer Systems & Applications – ident: 22 doi: 10.1145/3319535.3363212 – ident: 34 doi: 10.1134/s0361768815060055 – ident: 42 – ident: 20 doi: 10.3390/app11209727 – ident: 31 doi: 10.1145/2560217.2560219 – start-page: 1914 ident: 15 article-title: Revery: from proof-of-concept to exploitable – year: 2003 ident: 6 article-title: Pax Address Space Layout Randomization (Aslr) – start-page: 1093 ident: 25 article-title: {KOOBE}: towards facilitating exploit generation of kernel {Out-Of-Bounds} write vulnerabilities – ident: 13 doi: 10.1145/3139337.3139346 – volume-title: Data-execution Prevention Tech-Nology in Windows System year: 2013 ident: 4 – ident: 17 doi: 10.1007/978-3-030-52683-2_5 – ident: 5 doi: 10.1145/2133375.2133377 – year: 2017 ident: 7 article-title: American Fuzzy Lop – ident: 10 doi: 10.1109/sp.2018.00046 – ident: 32 doi: 10.1109/sp.2012.31 – ident: 26 doi: 10.1145/3081333.3081361 – volume-title: Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities year: 2009 ident: 30 – start-page: 78 ident: 33 article-title: Crax: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations – start-page: 1967 volume-title: 28th USENIX Security Symposium year: 2019 ident: 11 article-title: {EnFuzz}: ensemble fuzzing with seed synchronization among diverse fuzzers – ident: 43 article-title: Github repository |
| SSID | ssj0061474 |
| Score | 2.3140676 |
| Snippet | Stack buffer overflow vulnerability is a common software vulnerability that can overwrite function return addresses and hijack program control flow, causing... |
| SourceID | proquest crossref hindawi |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 1 |
| SubjectTerms | Automation Buffers Code reuse Experiments Exploitation Linux Operating systems Overflow Software reliability |
| Title | BofAEG: Automated Stack Buffer Overflow Vulnerability Detection and Exploit Generation Based on Symbolic Execution and Dynamic Analysis |
| URI | https://dx.doi.org/10.1155/2022/1251987 https://www.proquest.com/docview/2683800309 |
| Volume | 2022 |
| WOSCitedRecordID | wos000853224800001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVWIB databaseName: Wiley Online Library Open Access customDbUrl: eissn: 1939-0122 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0061474 issn: 1939-0114 databaseCode: 24P dateStart: 20170101 isFulltext: true titleUrlDefault: https://authorservices.wiley.com/open-science/open-access/browse-journals.html providerName: Wiley-Blackwell |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEF5sUdCD-MRqLXuoJwkm2SSbeGut2lMVX_QWNvvAYk2lTSz9Bf5tZ7dJUYvoLQmzgWRm95thPr5BqBl5IZEAZJYtvcQCxIc9BzWbBcm6AkSXNBKeGTZBe72w349uC5GkyXILH9BOl-fumcZhKI8rqBL6Onjvuv3ywAWAoUXzWFN_HK_kt_9Y-w151p51yTsdLB3BBleuttBmkRDi1tyD22hFpjto44tM4C76aI9U6_L6HLfybAQZphQYckT-gtu5nm6CbyAc1XA0xU_5UItIG77rDHdkZnhWKWapwIZsN8jwXGfaPG4DggkMF_ez10TrA4OR5PliSWc-rR6XwiV76PHq8uGiaxUDFCxOCM2swPVYwIhwOBMJCyE3UaHDbBIxGigpSSipreyEC-pLQiMAsUipJHEdQQWByorso2o6SuUBwj71WBJKh3BwqhckEWBrGDBuC1cRFdk1dFr-3JgX6uJ6yMUwNlWG78faFXHhiho6WVi_zVU1frFrFn76w6xeOjEutuAkdgP4YNPpPfzfW47Qur7VPDDXraNqNs7lMVrl79lgMm6giuvdNkzgfQJckc_b |
| linkProvider | Hindawi Publishing |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=BofAEG%3A+Automated+Stack+Buffer+Overflow+Vulnerability+Detection+and+Exploit+Generation+Based+on+Symbolic+Execution+and+Dynamic+Analysis&rft.jtitle=Security+and+communication+networks&rft.au=Xu%2C+Shenglin&rft.au=Wang%2C+Yongjun&rft.date=2022-06-22&rft.pub=Hindawi&rft.issn=1939-0114&rft.eissn=1939-0122&rft.volume=2022&rft_id=info:doi/10.1155%2F2022%2F1251987&rft.externalDocID=10_1155_2022_1251987 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1939-0114&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1939-0114&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1939-0114&client=summon |