Abstract | ||
---|---|---|
We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component, such as layouts of stack frames. Existing software analysis tools, while effective at identifying vulnerabilities, fail to model low-level details, and are hence unsuitable for exploit-finding.We study the issues involved in exploit-finding by considering application programming interface (API) level exploits. A software component is vulnerable to an API-level exploit if its security can be compromised by invoking a sequence of API operations allowed by the component. We present a framework to model low-level details of APIs, and develop an automatic technique based on bounded, infinite-state model checking to discover API-level exploits.We present two instantiations of this framework. We show that format-string exploits can be modeled as API-level exploits, and demonstrate our technique by finding exploits against vulnerabilities in widely-used software. We also use the framework to model a cryptographic-key management API (the IBM CCA) and demonstrate a tool that identifies a previously known exploit. |
Year | DOI | Venue |
---|---|---|
2005 | 10.1145/1062455.1062518 | ICSE |
Keywords | Field | DocType |
infinite-state model checking,software component,compromise security,automatic technique,api operation,automatic discovery,format-string exploit,existing software analysis tool,low-level detail,widely-used software,api-level exploit,model checking,application software,cryptography,software engineering,it security,object oriented programming,application programming interface,cryptographic key management,failure analysis,security,software analysis,algorithms,key management,application program interface,computer science | Model checking,Object-oriented programming,Software analysis pattern,Computer science,Real-time computing,Exploit,Software,Application programming interface,Component-based software engineering,Application software | Conference |
ISSN | ISBN | Citations |
0270-5257 | 1-58113-963-2 | 14 |
PageRank | References | Authors |
1.17 | 28 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Vinod Ganapathy | 1 | 713 | 42.69 |
Sanjit A. Seshia | 2 | 2226 | 168.09 |
S. Jha | 3 | 7921 | 539.19 |
Thomas W. Reps | 4 | 7525 | 1040.21 |
Randal E. Bryant | 5 | 9204 | 1194.64 |