###
计算机系统应用英文版:2017,26(10):44-52
本文二维码信息
码上扫一扫!
基于符号执行的自动利用生成系统
(1.中国科学院大学, 北京 100049;2.中国科学院 软件研究所, 北京 100190;3.深圳大学 深圳南特商学院, 深圳 518060)
Automatic Exploit Generation System Based on Symbolic Execution
(1.University of Chinese Academy of Sciences, Beijing 100049, China;2.Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;3.Shenzhen Audencia Business School, Shenzhen University, Shenzhen 518060, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 1518次   下载 2325
Received:January 22, 2017    
中文摘要: 在本文中,我们提出BAEG,一个自动寻找二进制程序漏洞利用的系统.BAEG为发现的每一个漏洞产生一个控制流劫持的利用,因此保证了它所发现的漏洞都是安全相关并且可利用的.BAEG针对输入造成程序崩溃的情况进行分析,面临的挑战主要有两点:1)如何重现崩溃路径,获取崩溃状态;2)如何自动生成控制流劫持利用.对于第一点,本论文提出路径导向算法,将崩溃输入作为符号值,重现崩溃路径.对于第二点,我们总结多种控制流劫持的利用原理,建立对应的利用产生模型.此外,对于非法符号读、写操作,BAEG还可以让程序从崩溃点继续执行,探索程序深层次代码,检测崩溃路径逻辑深处是否还有利用点.
Abstract:In this paper we present BAEG, a system to automatically look for exploitable bugs in the binary program. Every bug reported by BAEG is accompanied by the control flow hijacking exploit. The working exploits ensure robustness that each bug report is security-critical and exploitable. Giving BAEG a vulnerable program and an input crash, the challenges are:1) how to replay crash and get the state of crash; 2) how to automatically generate exploit. For the first challenge, we present a path-guided algorithm, take crash input as symbolic data, and replay crash path. For the second challenge, we summarize the principles of multiple control-flow hijack and establish the corresponding exploit generation model. Besides, BAEG can explore deep code especially for invalid symbolic read and symbolic write, which can help us decide whether there still are exploits at deeper code.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61471344);国家242信息安全计划(2016A086)
引用文本:
万云鹏,邓艺,石东辉,程亮,张阳.基于符号执行的自动利用生成系统.计算机系统应用,2017,26(10):44-52
WAN Yun-Peng,DENG Yi,SHI Dong-Hui,CHENG Liang,ZHANG Yang.Automatic Exploit Generation System Based on Symbolic Execution.COMPUTER SYSTEMS APPLICATIONS,2017,26(10):44-52