{"title":"自动为交互式程序确定利用原语","authors":"Jie Liu, Hang An, Jin Li, Hongliang Liang","doi":"10.1145/3573428.3573550","DOIUrl":null,"url":null,"abstract":"Automated Exploit Generation (AEG) is a well-known difficult task, especially for heap vulnerabilities. The premise of this task is the determination of exploit primitives, and prior research efforts for exploit primitive determination are usually based on vulnerability identification. However, it is not always easy to discovery bugs using fuzzing or symbolic technologies for some programs. In this paper, we present a solution DEPA to determine exploit primitives based on primitive-crucial-behavior model for heap vulnerabilities. The core of DEPA contains two novel techniques, 1) primitive-crucial-behavior identification through pointer dependence analysis, and 2) exploit primitive determination method which includes triggering both vulnerabilities and exploit primitives. We evaluate DEPA on real-world CTF (capture the flag) programs with heap vulnerabilities and DEPA can discovery arbitrary write and arbitrary jump exploit primitives for some programs except for program multi-heap. Results showed that primitive-crucial-behavior identification and determining exploit primitives are accurate and effective by using our approach. In addition, DEPA is superior to the state-of-the-art tools in determining exploit primitives for the heap internal overflow vulnerability.","PeriodicalId":314698,"journal":{"name":"Proceedings of the 2022 6th International Conference on Electronic Information Technology and Computer Engineering","volume":"32 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"DEPA: Determining Exploit Primitives Automatically for Interactive Programs\",\"authors\":\"Jie Liu, Hang An, Jin Li, Hongliang Liang\",\"doi\":\"10.1145/3573428.3573550\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automated Exploit Generation (AEG) is a well-known difficult task, especially for heap vulnerabilities. The premise of this task is the determination of exploit primitives, and prior research efforts for exploit primitive determination are usually based on vulnerability identification. However, it is not always easy to discovery bugs using fuzzing or symbolic technologies for some programs. In this paper, we present a solution DEPA to determine exploit primitives based on primitive-crucial-behavior model for heap vulnerabilities. The core of DEPA contains two novel techniques, 1) primitive-crucial-behavior identification through pointer dependence analysis, and 2) exploit primitive determination method which includes triggering both vulnerabilities and exploit primitives. We evaluate DEPA on real-world CTF (capture the flag) programs with heap vulnerabilities and DEPA can discovery arbitrary write and arbitrary jump exploit primitives for some programs except for program multi-heap. Results showed that primitive-crucial-behavior identification and determining exploit primitives are accurate and effective by using our approach. In addition, DEPA is superior to the state-of-the-art tools in determining exploit primitives for the heap internal overflow vulnerability.\",\"PeriodicalId\":314698,\"journal\":{\"name\":\"Proceedings of the 2022 6th International Conference on Electronic Information Technology and Computer Engineering\",\"volume\":\"32 2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2022 6th International Conference on Electronic Information Technology and Computer Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3573428.3573550\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 6th International Conference on Electronic Information Technology and Computer Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3573428.3573550","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
DEPA: Determining Exploit Primitives Automatically for Interactive Programs
Automated Exploit Generation (AEG) is a well-known difficult task, especially for heap vulnerabilities. The premise of this task is the determination of exploit primitives, and prior research efforts for exploit primitive determination are usually based on vulnerability identification. However, it is not always easy to discovery bugs using fuzzing or symbolic technologies for some programs. In this paper, we present a solution DEPA to determine exploit primitives based on primitive-crucial-behavior model for heap vulnerabilities. The core of DEPA contains two novel techniques, 1) primitive-crucial-behavior identification through pointer dependence analysis, and 2) exploit primitive determination method which includes triggering both vulnerabilities and exploit primitives. We evaluate DEPA on real-world CTF (capture the flag) programs with heap vulnerabilities and DEPA can discovery arbitrary write and arbitrary jump exploit primitives for some programs except for program multi-heap. Results showed that primitive-crucial-behavior identification and determining exploit primitives are accurate and effective by using our approach. In addition, DEPA is superior to the state-of-the-art tools in determining exploit primitives for the heap internal overflow vulnerability.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
