It appears you don't have support to open PDFs in this web browser. To view this file, Open with your PDF reader
Abstract
Exploitability assessment of vulnerabilities is important for both defenders and attackers. The ultimate way to assess the exploitability is crafting a working exploit. However, it usually takes tremendous hours and significant manual efforts. To address this issue, automated techniques can be adopted. Existing solutions usually explore in depth the crashing paths, i.e., paths taken by proof-of-concept (PoC) inputs triggering vulnerabilities, and assess exploitability by finding exploitable states along the paths. However, exploitable states do not always exist in crashing paths. Moreover, existing solutions heavily rely on symbolic execution and are not scalable in path exploration and exploit generation.
In this paper, we propose a novel solution to generate exploit for userspace programs or facilitate the process of crafting a kernel UAF exploit. Technically, we utilize oriented fuzzing to explore diverging paths from vulnerability point. For userspace programs, we adopt a control-flow stitching solution to stitch crashing paths and diverging paths together to generate exploit. For kernel UAF, we leverage a lightweight symbolic execution to identify, analyze and evaluate the system calls valuable and useful for exploiting vulnerabilities.
We have developed a prototype system and evaluated it on a set of 19 CTF (capture the flag) programs and 15 realworld Linux kernel UAF vulnerabilities. Experiment results showed it could generate exploit for most of the userspace test set, and it could also facilitate security mitigation bypassing and exploitability evaluation for kernel test set.
You have requested "on-the-fly" machine translation of selected content from our databases. This functionality is provided solely for your convenience and is in no way intended to replace human translation. Show full disclaimer
Neither ProQuest nor its licensors make any representations or warranties with respect to the translations. The translations are automatically generated "AS IS" and "AS AVAILABLE" and are not retained in our systems. PROQUEST AND ITS LICENSORS SPECIFICALLY DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES FOR AVAILABILITY, ACCURACY, TIMELINESS, COMPLETENESS, NON-INFRINGMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Your use of the translations is subject to all use restrictions contained in your Electronic Products License Agreement and by using the translation functionality you agree to forgo any and all claims against ProQuest or its licensors for your use of the translation functionality and any output derived there from. Hide full disclaimer
Details
1 School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China (GRID:grid.410726.6) (ISNI:0000 0004 1797 8419); Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China (GRID:grid.458480.5) (ISNI:0000 0004 0559 5648); Key Laboratory of Network Assessment Technology, CAS, Beijing, China (GRID:grid.9227.e) (ISNI:0000000119573309); Beijing Key Laboratory of Network Security and Protection Technology, Beijing, China (GRID:grid.9227.e)
2 School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China (GRID:grid.410726.6) (ISNI:0000 0004 1797 8419); College of Information Sciences and Technology, Pennsylvania State University, University Park, United States (GRID:grid.29857.31) (ISNI:0000 0001 2097 4281); Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China (GRID:grid.458480.5) (ISNI:0000 0004 0559 5648)
3 Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China (GRID:grid.12527.33) (ISNI:0000 0001 0662 3178)
4 College of Information Sciences and Technology, Pennsylvania State University, University Park, United States (GRID:grid.29857.31) (ISNI:0000 0001 2097 4281)
5 School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China (GRID:grid.410726.6) (ISNI:0000 0004 1797 8419); Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China (GRID:grid.458480.5) (ISNI:0000 0004 0559 5648)