使用位流段图描述数据格式漏洞

2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008) Pub Date : 2008-07-27 DOI:10.1109/ICCGI.2008.21

M. Hartle, Daniel Schumann, Arsene Botchak, Erik Tews, M. Mühlhäuser

{"title":"使用位流段图描述数据格式漏洞","authors":"M. Hartle, Daniel Schumann, Arsene Botchak, Erik Tews, M. Mühlhäuser","doi":"10.1109/ICCGI.2008.21","DOIUrl":null,"url":null,"abstract":"Exploits based on data processing bugs are delivered through crafted data that seems to follow a data format, yet is altered in some way to trigger a specific bug during processing, eg. in order to execute contained malicious code. Decomposing crafted data according to the purported data format and the function of its components that are not format-compliant is a step towards understanding the delivery mechanism of an exploit and fixing the vulnerable application. This paper demonstrates the use of bitstream segment graphs for describing the structure of exploits on the example of the TIFF Jailbreak exploit for the Apple iPhone and iPod Touch with firmware 1.1.1.","PeriodicalId":367280,"journal":{"name":"2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Describing Data Format Exploits Using Bitstream Segment Graphs\",\"authors\":\"M. Hartle, Daniel Schumann, Arsene Botchak, Erik Tews, M. Mühlhäuser\",\"doi\":\"10.1109/ICCGI.2008.21\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Exploits based on data processing bugs are delivered through crafted data that seems to follow a data format, yet is altered in some way to trigger a specific bug during processing, eg. in order to execute contained malicious code. Decomposing crafted data according to the purported data format and the function of its components that are not format-compliant is a step towards understanding the delivery mechanism of an exploit and fixing the vulnerable application. This paper demonstrates the use of bitstream segment graphs for describing the structure of exploits on the example of the TIFF Jailbreak exploit for the Apple iPhone and iPod Touch with firmware 1.1.1.\",\"PeriodicalId\":367280,\"journal\":{\"name\":\"2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-07-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCGI.2008.21\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCGI.2008.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

基于数据处理漏洞的漏洞是通过精心制作的数据来实现的，这些数据似乎遵循某种数据格式，但在处理过程中以某种方式改变以触发特定的漏洞，例如。以执行所包含的恶意代码。根据声称的数据格式及其不兼容格式的组件的功能分解精心制作的数据，是了解漏洞利用的交付机制和修复易受攻击的应用程序的一个步骤。本文以苹果iPhone和iPod Touch固件1.1.1的TIFF越狱漏洞为例，演示了使用比特流段图来描述漏洞的结构。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Describing Data Format Exploits Using Bitstream Segment Graphs

Exploits based on data processing bugs are delivered through crafted data that seems to follow a data format, yet is altered in some way to trigger a specific bug during processing, eg. in order to execute contained malicious code. Decomposing crafted data according to the purported data format and the function of its components that are not format-compliant is a step towards understanding the delivery mechanism of an exploit and fixing the vulnerable application. This paper demonstrates the use of bitstream segment graphs for describing the structure of exploits on the example of the TIFF Jailbreak exploit for the Apple iPhone and iPod Touch with firmware 1.1.1.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008)

自引率

0.00%

发文量