Pith. sign in

REVIEW

Detecting Exploit Primitives Automatically for Heap Vulnerabilities on Binary Programs

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2212.13990 v1 pith:U7PNOUJB submitted 2022-12-23 cs.CR

Detecting Exploit Primitives Automatically for Heap Vulnerabilities on Binary Programs

classification cs.CR
keywords exploitheapprimitivesvulnerabilitiesdepaprogramsprimitive-crucial-behaviorarbitrary
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Automated Exploit Generation (AEG) is a well-known difficult task, especially for heap vulnerabilities. Previous works first detected heap vulnerabilities and then searched for exploitable states by using symbolic execution and fuzzing techniques on binary programs. However, it is not always easy to discovery bugs using fuzzing or symbolic technologies and solvable for internal overflow of heap objects. In this paper, we present a solution DEPA to detect exploit primitives based on primitive-crucial-behavior model for heap vulnerabilities. The core of DEPA contains two novel techniques, 1) primitive-crucial-behavior identification through pointer dependence analysis, and 2) exploit primitive determination method which includes triggering both vulnerabilities and exploit primitives. We evaluate DEPA on eleven real-world CTF(capture the flag) programs with heap vulnerabilities and DEPA can discovery arbitrary write and arbitrary jump exploit primitives for ten programs except for program multi-heap. Results showed that primitive-crucial-behavior identification and determining exploit primitives are accurate and effective by using our approach. In addition, DEPA is superior to the state-of-the-art tools in determining exploit primitives for the heap object internal overflow

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.