Locating vulnerabilities in binaries via memory layout recovering

Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is...

Full description

Saved in:
Bibliographic Details
Main Authors: WANG, Haijun, XIE, Xiaofei, LIN, Shang-Wei, LIN, Yun, LI, Yuekang, QIN, Shengchao, LIU, Yang, LIU, Ting
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/7066
https://ink.library.smu.edu.sg/context/sis_research/article/8069/viewcontent/3338906.3338966.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8069
record_format dspace
spelling sg-smu-ink.sis_research-80692022-04-07T08:18:08Z Locating vulnerabilities in binaries via memory layout recovering WANG, Haijun XIE, Xiaofei LIN, Shang-Wei LIN, Yun LI, Yuekang QIN, Shengchao LIU, Yang LIU, Ting Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes. 2019-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7066 info:doi/10.1145/3338906.3338966 https://ink.library.smu.edu.sg/context/sis_research/article/8069/viewcontent/3338906.3338966.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Reverse Engineering Software Vulnerability Program Analysis Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Reverse Engineering
Software Vulnerability
Program Analysis
Software Engineering
spellingShingle Reverse Engineering
Software Vulnerability
Program Analysis
Software Engineering
WANG, Haijun
XIE, Xiaofei
LIN, Shang-Wei
LIN, Yun
LI, Yuekang
QIN, Shengchao
LIU, Yang
LIU, Ting
Locating vulnerabilities in binaries via memory layout recovering
description Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes.
format text
author WANG, Haijun
XIE, Xiaofei
LIN, Shang-Wei
LIN, Yun
LI, Yuekang
QIN, Shengchao
LIU, Yang
LIU, Ting
author_facet WANG, Haijun
XIE, Xiaofei
LIN, Shang-Wei
LIN, Yun
LI, Yuekang
QIN, Shengchao
LIU, Yang
LIU, Ting
author_sort WANG, Haijun
title Locating vulnerabilities in binaries via memory layout recovering
title_short Locating vulnerabilities in binaries via memory layout recovering
title_full Locating vulnerabilities in binaries via memory layout recovering
title_fullStr Locating vulnerabilities in binaries via memory layout recovering
title_full_unstemmed Locating vulnerabilities in binaries via memory layout recovering
title_sort locating vulnerabilities in binaries via memory layout recovering
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/7066
https://ink.library.smu.edu.sg/context/sis_research/article/8069/viewcontent/3338906.3338966.pdf
_version_ 1770576198085115904