Title :
A Stack Model for Symbolic Buffer Overflow Exploitability Analysis
Author :
Grieco, Gustavo ; Mounier, Laurent ; Potet, Marie-Laure ; Rawat, Seema
Author_Institution :
VERIMAG, Univ. of Grenoble, Grenoble, France
Abstract :
Vulnerability analysis aims to detect programming flaws inside software code in order to prevent their exploitation by external attackers, for instance by control-flow hijacking. One of the most challenging issues in vulnerability analysis is being able to distinguish between exploitable and nonexploitable flaws. In this work we propose a symbolic approach to assess the exploitability level of a path leading to a flaw. This approach operates on (disassembled) binary code and starts with the identification of “dangerous paths”, i.e., paths containing some patterns that depend on inputs. Then, we produce the corresponding path conditions augmented by symbolic constraints dedicated to exploitability.
Keywords :
binary codes; security of data; software reliability; control-flow hijacking; dangerous paths; disassembled binary code; exploitability level; external attackers; nonexploitable flaw; path conditions; programming flaws; software code; stack model; symbolic buffer overflow exploitability analysis; symbolic constraints; vulnerability analysis; Abstracts; Analytical models; Binary codes; Conferences; Educational institutions; Indexes; Memory management; binary analysis; constraint-satisfaction; exploitability; symbolic execution;
Conference_Titel :
Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on
Conference_Location :
Luxembourg
Print_ISBN :
978-1-4799-1324-4
DOI :
10.1109/ICSTW.2013.33
