BofAEG: Automated Stack Buffer Overflow Vulnerability Detection and Exploit Generation Based on Symbolic Execution and Dynamic Analysis
Stack buffer overflow vulnerability is a common software vulnerability that can overwrite function return addresses and hijack program control flow, causing serious system problems. Existing automated exploit generation (AEG) solutions cannot bypass position-independent executable (PIE) exploit miti...
Gespeichert in:
| Veröffentlicht in: | Security and communication networks Jg. 2022; S. 1 - 9 |
|---|---|
| Hauptverfasser: | , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
London
Hindawi
22.06.2022
John Wiley & Sons, Inc |
| Schlagworte: | |
| ISSN: | 1939-0114, 1939-0122 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Stack buffer overflow vulnerability is a common software vulnerability that can overwrite function return addresses and hijack program control flow, causing serious system problems. Existing automated exploit generation (AEG) solutions cannot bypass position-independent executable (PIE) exploit mitigation and cannot cope with the situation where the standard output function is not introduced into the program. In this paper, we propose a solution to alleviate the above difficulties: BofAEG, which is based on symbolic execution and dynamic analysis to automatically detect stack buffer overflow vulnerability and generate exploit. We used to capture the flag (CTF) and common vulnerabilities and exposures (CVE) programs for experiments. Results show that BofAEG can not only detect and generate exploits effectively but also implement more exploit techniques and is faster than existing AEG solutions. |
|---|---|
| Bibliographie: | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ISSN: | 1939-0114 1939-0122 |
| DOI: | 10.1155/2022/1251987 |