完整後設資料紀錄
DC 欄位語言
dc.contributor.authorHuang, Shih-Kunen_US
dc.contributor.authorHuang, Min-Hsiangen_US
dc.contributor.authorHuang, Po-Yenen_US
dc.contributor.authorLu, Han-Linen_US
dc.contributor.authorLai, Chung-Weien_US
dc.date.accessioned2014-12-08T15:35:28Z-
dc.date.available2014-12-08T15:35:28Z-
dc.date.issued2014-03-01en_US
dc.identifier.issn0018-9529en_US
dc.identifier.urihttp://dx.doi.org/10.1109/TR.2014.2299198en_US
dc.identifier.urihttp://hdl.handle.net/11536/24012-
dc.description.abstractThis paper presents a new method, capable of automatically generating attacks on binary programs from software crashes. We analyze software crashes with a symbolic failure model by performing concolic executions following the failure directed paths, using a whole system environment model and concrete address mapped symbolic memory in (SE)-E-2 We propose a new selective symbolic input method and lazy evaluation on pseudo symbolic variables to handle symbolic pointers and speed up the process. This is an end-to-end approach able to create exploits from crash inputs or existing exploits for various applications, including most of the existing benchmark programs, and several large scale applications, such as a word processor (Microsoft office word), a media player (mpalyer), an archiver (unrar), or a pdf reader (foxit). We can deal with vulnerability types including stack and heap overflows, format string, and the use of uninitialized variables. Notably, these applications have become software fuzz testing targets, but still require a manual process with security knowledge to produce mitigation-hardened exploits. Using this method to generate exploits is an automated process for software failures without source code. The proposed method is simpler, more general, faster, and can be scaled to larger programs than existing systems. We produce the exploits within one minute for most of the benchmark programs, including mplayer. We also transform existing exploits of Microsoft office word into new exploits within four minutes. The best speedup is 7,211 times faster than the initial attempt. For heap overflow vulnerability, we can automatically exploit the unlink() macro of glibc, which formerly requires sophisticated hacking efforts.en_US
dc.language.isoen_USen_US
dc.subjectAutomatic exploit generationen_US
dc.subjectbug forensicsen_US
dc.subjectsoftware crash analysisen_US
dc.subjectsymbolic executionen_US
dc.subjecttaint analysisen_US
dc.titleSoftware Crash Analysis for Automatic Exploit Generation on Binary Programsen_US
dc.typeArticleen_US
dc.identifier.doi10.1109/TR.2014.2299198en_US
dc.identifier.journalIEEE TRANSACTIONS ON RELIABILITYen_US
dc.citation.volume63en_US
dc.citation.issue1en_US
dc.citation.spage270en_US
dc.citation.epage289en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.department資訊技術服務中心zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.contributor.departmentInformation Technology Services Centeren_US
dc.identifier.wosnumberWOS:000332520700022-
dc.citation.woscount0-
顯示於類別:期刊論文


文件中的檔案:

  1. 000332520700022.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。