Detect use-after-free vulnerabilities in binaries

被引：0

作者：

Han X. ^{[1
]}

Wei S. ^{[1
]}

Ye J. ^{[1
]}

Zhang C. ^{[2
]}

Ye Z. ^{[1
]}

机构：

[1] Institute of Computer Science and Technology, Peking University, Beijing

[2] Institute for Network Science and Cyberspace, Tsinghua University, Beijing

来源：

Qinghua Daxue Xuebao/Journal of Tsinghua University | 2017年 / 57卷 / 10期

关键词：

Dynamic symbolic execution; Static analysis; Use-after-free;

D O I：

10.16511/j.cnki.qhdxxb.2017.25.040

中图分类号：

学科分类号：

摘要：

Use-after-free (UaF) vulnerabilities are one of the most common and risky memory corruption vulnerabilities. However, UaF vulnerabilities are difficult to detect. A UaF vulnerability is triggered if and only if three operations occur on the same memory region, in an order of allocating memory, freeing memory, and using the freed memory. These three operations may be conducted anywhere in the program in any order, so the analysis must track a long execution sequence and search for potential vulnerable event sequences to detect UaF vulnerabilities. This study analyzes the root causes of UaF vulnerabilities, ways to exploit them, the severity of the threat and the challenges in detecting them. A solution is then given based on a static analysis and dynamic symbolic execution to detect UaF vulnerabilities in binaries. Tests show that this solution can detect known vulnerabilities in a benchmark. Thus, this detection system can be used to identify and fix bugs to improve application security. © 2017, Tsinghua University Press. All right reserved.

引用

下载

页码：1022 / 1029

页数：7

共 17 条

[1] Li Z., Zhang J., Liao X., Et al., Survey of software vulnerability detection techniques, Journal of Computers, 38, 4, pp. 717-732, (2015)
[2] Afek J., Sharabani A., Dangling pointer-smashing the pointer for fun and profit, A Whitepaper from Watchfire Citado na, 41, 1, pp. 1-21, (2007)
[3] Corporation M., Common vulnerabilities and exposures (CVE)
[4] Daniel M., Honoroff J., Miller C., Engineering heap overflow exploits with JavaScript, USENIX Workshop on Offensive Technologies, pp. 1-6, (2008)
[5] Sotirov A., Heap feng shui in JavaScript, Black Hat Europe 2013, pp. 1-20, (2013)
[6] Chess B., McGraw G., Static analysis for security, IEEE Security & Privacy, 2, 6, pp. 76-79, (2004)
[7] Pistoia M., Chandra S., Fink S.J., Et al., A survey of static analysis methods for identifying security vulnerabilities in software systems, Ibm Systems Journal, 46, 2, pp. 265-288, (2007)
[8] Bugalyze C.S., com-detecting bugs using decompilation and data flow analysis, Black Hat USA 2013, pp. 1-9, (2013)
[9] Feist J., Mounier L., Potet M.L., Statically detecting use after free on binary code, Journal of Computer Virology and Hacking Techniques, 10, 3, pp. 211-217, (2014)
[10] Dewey D., Reaves B., Traynor P., Uncovering use-after-free conditions in compiled code, 2015 10th International Conference on Availability, Reliability and Security, pp. 90-99, (2015)

← 1 2 →