利用
计算机科学
可执行文件
撞车
控制流程
脆弱性(计算)
象征性执行
软件
计算机安全
操作系统
程序设计语言
作者
Zhao‐Jia Ge,Chao Zhang,Zhongyuan Qin,Xingming Sun,Wu Wei
摘要
In this paper, CAEG (Crash-based Automatic Exploit Generation) is proposed to automatically generate binary program exploits based on known crash inputs. In CAEG we analyze the input causing a program crash and address two main challenges: how to reproduce the crash state and how to automatically generate control flow hijacking exploits. Firstly, a path-oriented algorithm is proposed to find the crash path using symbolic execution techniques by treating the crash input as a symbolic value. Secondly, we summarize the principle of multiple control flow hijacking vulnerability exploits. In addition, consider bypassing the vulnerability mitigation mechanism by using springboard instructions to bypass Address Space Layout Randomization (ASLR) and return-to-libc to bypass Non-executable bit (NX). We tested 11 open source software with vulnerabilities (8 from the test sets of AEG and MAYHEM, and 3 from the CVE and EDB vulnerability repositories). The experimental results show that our scheme is more efficient than AEG and MAYHEM.
科研通智能强力驱动
Strongly Powered by AbleSci AI