DOCSLIB.ORG

Towards Efficient Heap Overflow Discovery

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Towards Efficient Heap Overflow Discovery Towards Efficient Heap Overflow Discovery Xiangkun Jia, TCA/SKLCS, Institute of Software, Chinese Academy of Sciences; Chao Zhang, Institute for Network Science and Cyberspace, Tsinghua University; Purui Su, Yi Yang, Huafeng Huang, and Dengguo Feng, TCA/SKLCS, Institute of Software, Chinese Academy of Sciences https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/jia This paper is included in the Proceedings of the 26th USENIX Security Symposium August 16–18, 2017 • Vancouver, BC, Canada ISBN 978-1-931971-40-9 Open access to the Proceedings of the 26th USENIX Security Symposium is sponsored by USENIX Towards Efficient Heap Overflow Discovery Xiangkun Jia1;3, Chao Zhang2 , Purui Su1;3 , Yi Yang1, Huafeng Huang1, Dengguo Feng1 1TCA/SKLCS, Institute of Software, Chinese Academy of Sciences 2Institute for Network Science and Cyberspace 3University of Chinese Academy of Sciences Tsinghua University {jiaxiangkun, yangyi, huanghuafeng, feng}@tca.iscas.ac.cn [email protected] [email protected] Abstract to attack. As the heap layout is not deterministic, heap Heap overflow is a prevalent memory corruption vulner- overflow vulnerabilities are in general harder to exploit ability, playing an important role in recent attacks. Find- than stack corruption vulnerabilities. But attackers could ing such vulnerabilities in applications is thus critical for utilize techniques like heap spray [16] and heap feng- security. Many state-of-art solutions focus on runtime shui [43] to arrange the heap layout and reliably launch detection, requiring abundant inputs to explore program attacks, making heap overflow a realistic threat. paths in order to reach a high code coverage and luckily Several solutions are proposed to protect heap overflow trigger security violations. It is likely that the inputs being from being exploited, e.g., Diehard [4], Dieharder [34], tested could exercise vulnerable program paths, but fail Heaptherapy [52] and HeapSentry [33]. In addition to to trigger (and thus miss) vulnerabilities in these paths. runtime overheads, they also cause denial of service, be- Moreover, these solutions may also miss heap vulnerabil- cause they will terminate the process when an attack is ities due to incomplete vulnerability models. detected. So it is imperative to discover and fix heap over- In this paper, we propose a new solution HOTracer to flows in advance. discover potential heap vulnerabilities. We model heap In general, both static analysis and dynamic analysis overflows as spatial inconsistencies between heap allo- can be used to detect heap vulnerabilities. But static anal- cation and heap access operations, and perform an in- ysis solutions (e.g., [21, 36]) usually have high false pos- depth offline analysis on representative program execu- itives, and are only fit for small programs. In addition tion traces to identify heap overflows. Combining with to its intrinsic challenge (i.e., alias analysis), static anal- several optimizations, it could efficiently find heap over- ysis may generate false positives because the heap layout flows that are hard to trigger in binary programs. We im- is not deterministic [27]. But for any specific execution, plemented a prototype of HOTracer, evaluated it on 17 the spatial relationships between heap objects are deter- real world applications, and found 47 previously unknown ministic. So, it’s easier and more reliable to use dynamic heap vulnerabilities, showing its effectiveness. analysis to detect heap vulnerabilities. Online dynamic analysis is the mostly used state-of- 1 Introduction art heap vulnerability detection solutions. In general, Memory corruption vulnerabilities are the root cause of they monitor target programs’ runtime execution (e.g., many severe threats, including control flow hijacking and by tracking some metadata), and detect vulnerabilities by information leakage attacks. Among them, stack corrup- checking for security violations or program crashes. For tion vulnerabilities used to be the most popular ones. As example, AddressSanitizer [40] creates redzones around effective defenses [3, 12, 15, 19, 24, 35, 46, 47] against objects and tracks addressable bytes at run time, and de- stack corruption are deployed gradually, nowadays heap tects heap overflows when unaddressable redzone bytes overflow vulnerabilities become more popular. For ex- are accessed. Fuzzers (e.g., AFL [51]) test target pro- ample, it is reported that about 25% of exploits against grams with abundant inputs and report vulnerabilities Windows 7 utilized heap corruption vulnerabilities [28]. when crashes are found during testing. There are a lot of sensitive data stored in the heap, in- These solutions are widely adopted by industry to find cluding heap management metadata associated with heap vulnerabilities in their products. However, they all work objects (e.g., size attributes, and linked list pointers), and in a passive way and could miss vulnerabilities. To re- sensitive pointers within heap objects (e.g., pointers for port a vulnerability, they expect a testcase to exercise a virtual function calls). It makes the heap a valuable target vulnerable path and trigger a security violation. Even if a USENIX Association 26th USENIX Security Symposium 989 passive solution could generate a bunch of inputs to reach of-concept) input for the potential vulnerability. a high code coverage and could catch all security viola- In this way, our solution could discover potential vul- tions, e.g., by combining AFL and AddressSanitizer, it nerabilities that may be missed by existing online and of- could still miss vulnerabilities. For example, it may gen- fline solutions. For online solutions, e.g., AFL and Ad- erate a bunch of inputs to exercise a vulnerable path, but dressSanitizer, they rely on delicate inputs to trigger the fail to trigger the vulnerability in that path due to some vulnerabilities. Our solution could work fine as long as critical vulnerability conditions. the inputs could exercise any heap allocation and heap ac- Moreover, multiple vulnerabilities may exist in one cess operations. program path. Passive solutions (e.g., fuzzers) may only On the other hand, a combination of existing offline so- focus on the first one and miss the others. For example, lutions, e.g., DIODE and Dowser, seems to be able to when analyzing a known vulnerability CVE-2014-1761 achieve the same goal as HOTracer. However, the com- in Microsoft Word with our tool HOTracer, we found bination is incomplete. DIODE only considers heap allo- two new heap overflows, in the exact same program path cation vulnerable to integer overflows, and Dowser only which we believe many researchers have analyzed many focuses on heap accesses via loops. Moreover, to make times. It shows that, even for a vulnerable path in the spot- the combination practical and efficient in the real world, light, online solutions could not guarantee to find out all we have to solve several challenges. potential vulnerabilities in it. First, there could be numerous execution traces to an- On the other hand, offline analysis solutions could ex- alyze. Since recording and analyzing a trace is time- plore each program path thoroughly and discover poten- consuming, we could not aim for a high code cover- tial heap vulnerabilities in a more proactive way, e.g., by age. Instead, we analyze programs with representative use reasoning about the relationship between program inputs cases, and explore significantly different program paths. and candidate vulnerable code locations. For example, Second, we need to identify all heap operations from DIODE [41] focuses on memory allocation sites vulner- the huge execution traces (without source code). Even able to integer overflow which will further lead to heap worse, many programs utilize custom memory allocators overflow, and then infers and reasons about constraints and custom memory accesses. HOTracer utilizes a set of the memory allocation size to discover vulnerabilities. of features to identify potential heap operations. More- Dowser [23] and BORG [31] focus on memory accesses over, we need to group related heap allocation and heap sites that are vulnerable to heap overflow, and guide sym- access operations that operate on same heap objects into bolic execution engine to explore suspicious buffer ac- pairs. But the number of such pairs is extraordinary large. cessing instructions. However, neither of these solutions HOTracer reduces the number of pairs by promoting low- accurately model the root cause of heap overflow, and thus level heap access instructions into high-level heap access will miss many heap overflow vulnerabilities. operations, and prioritizes pairs to explore pairs that are We point out that the root cause of heap overflow vul- more likely to be vulnerable. nerabilities is not the controllability of either memory al- Finally, it is challenging to generate concrete inputs to location or memory access, but the spatial inconsistency trigger the potential vulnerability in a specific heap oper- between heap allocation and heap access operations. For ation pair, especially in large real-world applications, due example, if a program first allocates a buffer of size x+2, to the program trace size and constraint complexity. HO- and then writes x + 1 bytes into it, a heap overflow will Tracer mitigates this issue by collecting only partial traces happen if attackers make x+2 integer overflows but x+1 and concretizes inputs that do not affect the vulnerability not. It is nearly impossible to identify this heap over- conditions.
Load more

Recommended publications
  • Realaudio and Realvideo Content Creation Guide
    RealAudioâ and RealVideoâ Content Creation Guide Version 5.0 RealNetworks, Inc. Contents Contents Introduction......................................................................................................................... 1 Streaming and Real-Time Delivery................................................................................... 1 Performance Range .......................................................................................................... 1 Content Sources ............................................................................................................... 2 Web Page Creation and Publishing................................................................................... 2 Basic Steps to Adding Streaming Media to Your Web Site ............................................... 3 Using this Guide .............................................................................................................. 4 Overview ............................................................................................................................. 6 RealAudio and RealVideo Clips ....................................................................................... 6 Components of RealSystem 5.0 ........................................................................................ 6 RealAudio and RealVideo Files and Metafiles .................................................................. 8 Delivering a RealAudio or RealVideo Clip ......................................................................
    [Show full text]
  • Download Video Player for Pc 10 Best and Free Video Players for Windows 10 PC in 2021
    download video player for pc 10 Best And Free Video Players For Windows 10 PC in 2021. We all love to watch TV shows, Movies on our computers. Since computers are more preferred nowadays, more and more streaming sites are popping out of the web. However, not everyone out there loves to stream videos because video streaming can be expensive. We first need to have a proper internet connection and a subscription to the streaming service to watch videos. In this case, downloading videos seems to be the best option as we have to spend the internet data once rather than streaming it again and again. But, what after downloading the video? Is it enough to get the best media experience? Well, no! To get the best video experience, we need to use the best media player. The media player is the only thing that decides our media consumption experience. So, having a good media player app is the most vital thing for media consumption. In this article, we will share the list of the best free video players for Windows. List of 10 Best And Free Video Players For Windows 10. These video players are free to download, and you can use them to get the most amazing video watching experience. So, let’s explore the ten best free video players for Windows. 1. Media Player Classic. If you are searching for a powerful video player tool for Windows 10 operating system, you need to give Media Player Classic a try. Guess what? The tool provides users with lots of customization options.
    [Show full text]
  • I Feasibility of Streaming Media for Transportation Research And
    Feasibility of Streaming Media For Transportation Research and Implementation Final Report Prepared by: Drew M. Coleman July 2007 Research Project SPR-2231 Report No. 2231-F-05-11 Connecticut Department of Transportation Bureau of Engineering and Highway operations Division of Research Keith R. Lane, P.E. Director of Research and Materials James M. Sime, P.E. Manager of Research i TECHNICAL REPORT DOCUMENTATION PAGE 1. Report No. 2. Government Accession 3. Recipients Catalog No. 2231-F-05-11 No. 4. Title and Subtitle 5. Report Date Feasibility of Streaming Media for July 2007 Transportation Research and 6. Performing Organization Code Implementation SPR-2231 7. Author(s) Drew M. Coleman 8. Performing Organization Report No. 2231-F-05-11 9. Performing Organization Name and 10. Work Unit No. (TRIS) Address 11. Contract or Grant No. Connecticut Department of Transportation CT Study No. SPR-2231 Division of Research 13. Type of Report and Period Covered 280 West Street Final Report Rocky Hill, CT 06067-3502 February 2001-June 2007 12. Sponsoring Agency Name and Address Connecticut Department of Transportation 2800 Berlin Turnpike 14. Sponsoring Agency Code Newington, CT 06131-7546 SPR-2231 15. Supplementary Notes Conducted in cooperation with the U.S. Department of Transportation, Federal Highway Administration 16. Abstract This report is intended to serve as a guide for transportation personnel in the development and dissemination of streaming video-based presentations. These were created using streaming media production tools, then delivered via network and Web-based media servers, and finally, viewed from the end-users’ PC- desktops. The study focuses on three popular streaming media technology platforms: RealNetworks®, Microsoft® and Apple®.
    [Show full text]
  • A Buffer Overflow Study
    A Bu®er Overflow Study Attacks & Defenses Pierre-Alain FAYOLLE, Vincent GLAUME ENSEIRB Networks and Distributed Systems 2002 Contents I Introduction to Bu®er Overflows 5 1 Generalities 6 1.1 Process memory . 6 1.1.1 Global organization . 6 1.1.2 Function calls . 8 1.2 Bu®ers, and how vulnerable they may be . 10 2 Stack overflows 12 2.1 Principle . 12 2.2 Illustration . 12 2.2.1 Basic example . 13 2.2.2 Attack via environment variables . 14 2.2.3 Attack using gets . 16 3 Heap overflows 18 3.1 Terminology . 18 3.1.1 Unix . 18 3.1.2 Windows . 18 3.2 Motivations and Overview . 18 3.3 Overwriting pointers . 19 3.3.1 Di±culties . 20 3.3.2 Interest of the attack . 20 3.3.3 Practical study . 20 3.4 Overwriting function pointers . 24 3.4.1 Pointer to function: short reminder . 24 3.4.2 Principle . 24 3.4.3 Example . 25 3.5 Trespassing the heap with C + + . 28 3.5.1 C++ Background . 28 3.5.2 Overwriting the VPTR . 31 3.5.3 Conclusions . 32 3.6 Exploiting the malloc library . 33 3.6.1 DLMALLOC: structure . 33 3.6.2 Corruption of DLMALLOC: principle . 34 II Protection solutions 37 4 Introduction 38 1 5 How does Libsafe work? 39 5.1 Presentation . 39 5.2 Why are the functions of the libC unsafe ? . 39 5.3 What does libsafe provide ? . 40 6 The Grsecurity Kernel patch 41 6.1 Open Wall: non-executable stack .
    [Show full text]
  • Before You Begin Producing
    Producing with Camtasia Before You Begin Producing Before you begin to produce your video you need to decide how it will be shared; web based, CD, DVD. Once you have decided how you are going to share your video you need to decide which file format would be the best for that particular mode of delivery. The file formats you can save with in Camtasia include: AVI, Macromedia Flash (SWF), Windows Media (WMV), QickTime, Macromedia Flash (FLV), RealMedia (RM), Camtasia for RealPlayer (CAMV), and GIF animation. Click on Show more file formats to view all these options. AVI video file: AVI is recommended for CD delivery requiring the highest video quality. Once you produce your completed AVI files, use Pack and Show to bundle the Camtasia Player and Codec for easy delivery on CD‐ROM. It can also be edited by using Camtasia or other video editing programs. This is the type of format the original video will save as after recording with Camtasia. Macromedia Flash (SWF) movie file: An SWF file format can be used for videos that are 3‐5 minutes. This file format is good for using if you want to put your video on the internet and it is supported by most browsers. You will need the Flash plug‐in to view this video. Windows Media (WMV) streaming media file: A WMV file format creates smaller file sizes and works well for longer videos. It does not have to be downloaded and plays in Microsoft Windows Media Player. It is a streaming video file format. This type of file must be stored on a Windows Media streaming server.
    [Show full text]
  • Chapter 10 Buffer Overflow Buffer Overflow
    Chapter 10 Buffer Overflow Buffer Overflow ● Common attack mechanism ○ first wide use by the Morris Worm in 1988 ● Prevention techniques known ○ NX bit, stack canaries, ASLR ● Still of major concern ○ Recent examples: Shellshock, Hearthbleed Buffer Overflow/Buffer Overrun Definition: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system. Buffer Overflow Basics ● Programming error when a process attempts to store data beyond the limits of a fixed-sized buffer ● Overwrites adjacent memory locations ○ locations may hold other program variables, parameters, or program control flow data ○ buffer could be located on the stack, in the heap, or in the data section of the process ● Consequences: ○ corruption of program data ○ unexpected transfer of control ○ memory access violations Basic Buffer Overflow Example Basic Buffer Overflow Stack Values Buffer Overflow Attacks Attacker needs: ● To identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker’s control ● To understand how that buffer is stored in memory and determine potential for corruption Identifying vulnerable programs can be done by: ● inspection of program source ● tracing the execution of programs as they process oversized input ● using tools such as fuzzing to automatically identify
    [Show full text]
  • Input Formats & Codecs
    Input Formats & Codecs Pivotshare offers upload support to over 99.9% of codecs and container formats. Please note that video container formats are independent codec support. Input Video Container Formats (Independent of codec) 3GP/3GP2 ASF (Windows Media) AVI DNxHD (SMPTE VC-3) DV video Flash Video Matroska MOV (Quicktime) MP4 MPEG-2 TS, MPEG-2 PS, MPEG-1 Ogg PCM VOB (Video Object) WebM Many more... Unsupported Video Codecs Apple Intermediate ProRes 4444 (ProRes 422 Supported) HDV 720p60 Go2Meeting3 (G2M3) Go2Meeting4 (G2M4) ER AAC LD (Error Resiliant, Low-Delay variant of AAC) REDCODE Supported Video Codecs 3ivx 4X Movie Alaris VideoGramPiX Alparysoft lossless codec American Laser Games MM Video AMV Video Apple QuickDraw ASUS V1 ASUS V2 ATI VCR-2 ATI VCR1 Auravision AURA Auravision Aura 2 Autodesk Animator Flic video Autodesk RLE Avid Meridien Uncompressed AVImszh AVIzlib AVS (Audio Video Standard) video Beam Software VB Bethesda VID video Bink video Blackmagic 10-bit Broadway MPEG Capture Codec Brooktree 411 codec Brute Force & Ignorance CamStudio Camtasia Screen Codec Canopus HQ Codec Canopus Lossless Codec CD Graphics video Chinese AVS video (AVS1-P2, JiZhun profile) Cinepak Cirrus Logic AccuPak Creative Labs Video Blaster Webcam Creative YUV (CYUV) Delphine Software International CIN video Deluxe Paint Animation DivX ;-) (MPEG-4) DNxHD (VC3) DV (Digital Video) Feeble Files/ScummVM DXA FFmpeg video codec #1 Flash Screen Video Flash Video (FLV) / Sorenson Spark / Sorenson H.263 Forward Uncompressed Video Codec fox motion video FRAPS:
    [Show full text]
  • Comprehensively and Efficiently Protecting the Heap ∗
    Appears in the Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XII), October 2006. Comprehensively and Efficiently Protecting the Heap ∗ Mazen Kharbutli Xiaowei Jiang Yan Solihin Guru Venkataramani Milos Prvulovic Jordan Univ. of Science and Technology North Carolina State University Georgia Institute of Technology [email protected] {xjiang,solihin}@ece.ncsu.edu {guru,milos}@cc.gatech.edu Abstract of altering the program behavior when it uses V . Attackers may use The goal of this paper is to propose a scheme that provides com- a variety of well-known techniques to overwrite M with V ,suchas prehensive security protection for the heap. Heap vulnerabilities are buffer overflows, integer overflows,andformat strings, typically by increasingly being exploited for attacks on computer programs. In supplying unexpected external input (e.g. network packets) to the most implementations, the heap management library keeps the heap application. The desired program behavior alteration may include meta-data (heap structure information) and the application’s heap direct control flow modifications in which M contains control flow data in an interleaved fashion and does not protect them against information such as function pointers, return addresses, and condi- each other. Such implementations are inherently unsafe: vulnera- tional branch target addresses. Alternatively, attackers may choose bilities in the application can cause the heap library to perform un- to indirectly change program behavior by modifying critical data intended actions to achieve control-flow and non-control attacks. that determines program behavior. Unfortunately, current heap protection techniques are limited Researchers have shown that the stack is vulnerable to over- in that they use too many assumptions on how the attacks will writes, so many protection schemes have been proposed to protect be performed, require new hardware support, or require too many it.
    [Show full text]
  • Semi-Synchronized Non-Blocking Concurrent Kernel Cruising
    This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCC.2020.2970183, IEEE Transactions on Cloud Computing IEEE TRANSACTIONS ON CLOUD COMPUTING 1 Semi-synchronized Non-blocking Concurrent Kernel Cruising Donghai Tian, Qiang Zeng, Dinghao Wu, Member, IEEE,Peng Liu, Member, IEEE, Changzhen Hu Abstract—Kernel heap buffer overflow vulnerabilities have been exposed for decades, but there are few practical countermeasure that can be applied to OS kernels. Previous solutions either suffer from high performance overhead or compatibility problems with mainstream kernels and hardware. In this paper, we present KRUISER, a concurrent kernel heap buffer overflow monitor. Unlike conventional methods, the security enforcement of which is usually inlined into the kernel execution, Kruiser migrates security enforcement from the kernel’s normal execution to a concurrent monitor process, leveraging the increasingly popular multi-core architectures. To reduce the synchronization overhead between the monitor process and the running kernel, we design a novel semi-synchronized non-blocking monitoring algorithm, which enables efficient runtime detection on live memory without incurring false positives. To prevent the monitor process from being tampered and provide guaranteed performance isolation, we utilize the virtualization technology to run the monitor process out of the monitored VM, while heap memory allocation information is collected inside the monitored VM in a secure and efficient way. The hybrid VM monitoring technique combined with the secure canary that cannot be counterfeited by attackers provides guaranteed overflow detection with high efficiency.
    [Show full text]
  • An Examination of the Generic Memory Corruption Exploit Prevention
    AN EXAMINATION OF THE GENERIC MEMORY CORRUPTION EXPLOIT PREVENTION MECHANISMS ON APPLE'S LEOPARD OPERATING SYSTEM Haroon Meer SensePost, Rhodes University [email protected] AN EXAMINATION OF THE GENERIC MEMORY CORRUPTION EXPLOIT PREVENTION MECHANISMS ON APPLE'S LEOPARD OPERATING SYSTEM ABSTRACT The Win32 platform has long been the whipping boy of memory corruption attacks and malware, which has forced Microsoft into implementing aggressive anti-exploitation mechanisms into their newer Operating Systems. Apple's Mac OS X (Leopard) has had a much smoother run, both in the media, and in terms of high profile attacks and the reason for this is less clear. In light of Apple's increased market-share, a comparison between Microsoft's defences and Apple's defences is required as the number of anti-exploitation techniques increases with time. In order to produce a side-by-side comparison, an overview of memory corruption attacks is provided and the common generic anti-exploitation techniques for these attacks are enumerated and described. For each operating system, the quality and effective of each implemented defence is evaluated. The results of the study show that Leopard trails Windows Vista in both the number of defences, as well as the quality and effectiveness of the defences that are implemented. KEY WORDS exploit memory corruption stack heap shellcode overflow ret-2-libc 1 INTRODUCTION This paper will cover the basics of memory corruption exploits, and will then examine how Microsoft Windows Vista and Apple MacOS X Leopard combat these attacks in their default state. The intention is to examine how Apple’s Leopard measures up against the automatic exploit mitigations built into Vista.
    [Show full text]
  • Realplayer 8 Plususer Manual
    REALPLAYER 8 PLUS USER MANUAL Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of RealNetworks, Inc. RealPlayer 8 Plus User Manual, Revision 1.0 ©RealNetworks, Inc. 2000 The RealPlayer, RealNetworks, RealJukebox, RealMedia, Real.com, Real.com Take 5, RealSystem, RealAudio, Sure Stream, RealProducer, RealVideo, RealText, RealPix, RealServer, and the Real logo are trademarks or registered trademarks of RealNetworks, Inc. All other products and companies listed herein are trademarks or registered trademarks of their respective owners. RealPlayer User Education Team: Harold Gross (lead), Alan Bedard, Jacquelin Vanderwood (artist). RealNetworks, Inc. 2601 Elliott Avenue Seattle, WA 98121 USA Corporate Information, Servers, and Tools http://www.realnetworks.com Consumer Software and Content http://www.real.com Technical Support and Customer Service http://service.real.com TABLE OF CONTENTS ABOUT THIS MANUAL 1 Document Conventions.........................................................2 1 INSTALLING REALPLAYER 3 System Requirements............................................................3 PC (Windows based computer).........................................3 Minimal Computer.................................................3 Recommended Computer.......................................3 Macintosh........................................................................4
    [Show full text]
  • A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities
    A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities Shuo Chen, Zbigniew Kalbarczyk, Jun Xu, Ravishankar K. Iyer Center for Reliable and High-Performance Computing Coordinated Science Laboratory University of Illinois at Urbana-Champaign 1308 W. Main Street, Urbana, IL 61801 {shuochen, kalbar, junxu, iyer}@crhc.uiuc.edu constructor [18]. This paper combines the two Abstract approaches: real data is analyzed, in conjunction with a This paper combines an analysis of data on security focused source-code examination, to develop a finite vulnerabilities (published in Bugtraq database) and a state machine (FSM) model to depict and reason about focused source-code examination to develop a finite state security vulnerabilities. machine (FSM) model to depict and reason about Using the Bugtraq list maintained in Securityfocus security vulnerabilities. An in-depth analysis of the [13], the study first identifies leading causes of security vulnerability reports and the corresponding source code vulnerabilities. 1 An in-depth analysis of the reported of the applications leads to three observations: (i) vulnerabilities shows: exploits must pass through multiple elementary activities, • (ii) multiple vulnerable operations on several objects are Exploits must pass through multiple elementary involved in exploiting a vulnerability, and (iii) the activities – at any one of which, one can foil the vulnerability data and corresponding code inspections exploit. • allow us to derive a predicate for each elementary Exploiting a vulnerability involves multiple activity. vulnerable operations on multiple objects. • Each predicate is represented as a primitive FSM Analysis of a given vulnerability along with (pFSM). Multiple pFSMs are then combined to create an examination of the associated source code allows us FSM model of vulnerable operations and possible to specify predicates that need to be met to ensure exploits.
    [Show full text]