Finding the needle in the heap: combining static analysis and dynamic symbolic execution to trigger use-after-free. - Citegraph

Paper Info

Title
Finding the needle in the heap: combining static analysis and dynamic symbolic execution to trigger use-after-free.

Abstract
This paper presents a fully automated technique to find and trigger Use-After-Free vulnerabilities (UAF) on binary code. The approach combines a static analyzer and a dynamic symbolic execution engine. We also introduce several original heuristics for the dynamic symbolic execution part, speeding up the exploration and making this combination effective in practice. The tool we developed is open-source, and it has successfully been applied on real world vulnerabilities. As an example, we detail a proof-of-concept exploit triggering a previously unknown vulnerability on JasPer leading to the CVE-2015-5221.

Year	DOI	Venue
2016	10.1145/3015135.3015137	Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering
DocType	Citations	PageRank
Conference	2	0.37
References	Authors
42	5

Authors (5 rows)

Cited by (2 rows)

References (42 rows)

Name	Order	Citations	PageRank
Josselin Feist	1	2	0.37
Laurent Mounier	2	1187	79.54
Sébastien Bardin	3	30	4.88
Robin David	4	2	0.37
Marie-Laure Potet	5	190	21.34

1