Locating vulnerabilities in binaries via memory layout recovering
Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is...
Saved in:
Main Authors: | , , , , , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2019
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/7066 https://ink.library.smu.edu.sg/context/sis_research/article/8069/viewcontent/3338906.3338966.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-8069 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-80692022-04-07T08:18:08Z Locating vulnerabilities in binaries via memory layout recovering WANG, Haijun XIE, Xiaofei LIN, Shang-Wei LIN, Yun LI, Yuekang QIN, Shengchao LIU, Yang LIU, Ting Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes. 2019-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7066 info:doi/10.1145/3338906.3338966 https://ink.library.smu.edu.sg/context/sis_research/article/8069/viewcontent/3338906.3338966.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Reverse Engineering Software Vulnerability Program Analysis Software Engineering |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Reverse Engineering Software Vulnerability Program Analysis Software Engineering |
spellingShingle |
Reverse Engineering Software Vulnerability Program Analysis Software Engineering WANG, Haijun XIE, Xiaofei LIN, Shang-Wei LIN, Yun LI, Yuekang QIN, Shengchao LIU, Yang LIU, Ting Locating vulnerabilities in binaries via memory layout recovering |
description |
Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes. |
format |
text |
author |
WANG, Haijun XIE, Xiaofei LIN, Shang-Wei LIN, Yun LI, Yuekang QIN, Shengchao LIU, Yang LIU, Ting |
author_facet |
WANG, Haijun XIE, Xiaofei LIN, Shang-Wei LIN, Yun LI, Yuekang QIN, Shengchao LIU, Yang LIU, Ting |
author_sort |
WANG, Haijun |
title |
Locating vulnerabilities in binaries via memory layout recovering |
title_short |
Locating vulnerabilities in binaries via memory layout recovering |
title_full |
Locating vulnerabilities in binaries via memory layout recovering |
title_fullStr |
Locating vulnerabilities in binaries via memory layout recovering |
title_full_unstemmed |
Locating vulnerabilities in binaries via memory layout recovering |
title_sort |
locating vulnerabilities in binaries via memory layout recovering |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2019 |
url |
https://ink.library.smu.edu.sg/sis_research/7066 https://ink.library.smu.edu.sg/context/sis_research/article/8069/viewcontent/3338906.3338966.pdf |
_version_ |
1770576198085115904 |