2012 IEEE Symposium on Security and Privacy, 2012, p.380-394
2012
Volltextzugriff (PDF)
Details
- Autor(en) / Beteiligte
- Titel
- Unleashing Mayhem on Binary Code
- Ist Teil von
- 2012 IEEE Symposium on Security and Privacy, 2012, p.380-394
- Ort / Verlag
- IEEE
- Erscheinungsjahr
- 2012
- Quelle
- IEEE/IET Electronic Library (IEL)
- Beschreibungen/Notizen
- In this paper we present Mayhem, a new system for automatically finding exploitable bugs in binary (i.e., executable) programs. Every bug reported by Mayhem is accompanied by a working shell-spawning exploit. The working exploits ensure soundness and that each bug report is security-critical and actionable. Mayhem works on raw binary code without debugging information. To make exploit generation possible at the binary-level, Mayhem addresses two major technical challenges: actively managing execution paths without exhausting memory, and reasoning about symbolic memory indices, where a load or a store address depends on user input. To this end, we propose two novel techniques: 1) hybrid symbolic execution for combining online and offline (concolic) execution to maximize the benefits of both techniques, and 2) index-based memory modeling, a technique that allows Mayhem to efficiently reason about symbolic memory at the binary level. We used Mayhem to find and demonstrate 29 exploitable vulnerabilities in both Linux and Windows programs, 2 of which were previously undocumented.
- Sprache
- Englisch
- Identifikatoren
- ISBN: 9781467312448, 1467312444ISSN: 1081-6011eISSN: 2375-1207DOI: 10.1109/SP.2012.31Titel-ID: cdi_ieee_primary_6234425
- Format
- –
- Schlagworte
- Binary codes, Computer bugs, Concrete, Engines, exploit generation, hybrid execution, index-based memory modeling, Memory management, Servers, Switches, symbolic memory