Title :
Reuse-oriented camouflaging trojan: Vulnerability detection and attack construction
Author :
Lin, Zhiqiang ; Zhang, Xiangyu ; Xu, Dongyan
Author_Institution :
Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
fDate :
June 28 2010-July 1 2010
Abstract :
We introduce the reuse-oriented camouflaging trojan-a new threat to legitimate software binaries. To perform a malicious action, such a trojan identifies and reuses an existing function in a legal binary program instead of implementing the function itself. Furthermore, this trojan is stealthy in that the malicious invocation of a targeted function usually takes place in a location where it is legal to do so, closely mimicking a legal invocation. At the network level, the victim binary can still follow its communication protocol without exhibiting any anomalous behavior. Meanwhile, many close-source shareware binaries are rich in functions that can be maliciously “reused”, making them attractive targets of this type of attack. In this paper, we present a framework to determine if a given binary program is vulnerable to this attack and to construct a concrete trojan if so. Our experiments with a number of real-world software binaries demonstrate that the reuse-oriented camouflaging trojans are a real threat and vulnerabilities of this type in legal binaries can be effectively revealed and confirmed.
Keywords :
invasive software; public domain software; attack construction; close-source shareware binaries; communication protocol; legal binary program; legal invocation; reuse-oriented camouflaging trojan; vulnerability detection; Computer science; Computer worms; Concrete; Law; Legal factors; Logic; Payloads; Protocols; Security; Sockets;
Conference_Titel :
Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on
Conference_Location :
Chicago, IL
Print_ISBN :
978-1-4244-7500-1
Electronic_ISBN :
978-1-4244-7499-8
DOI :
10.1109/DSN.2010.5544305
