Paper Info
Title
An Exploitability Analysis Technique for Binary Vulnerability Based on Automatic Exception Suppression.
Abstract
To quickly verify and fix vulnerabilities, it is necessary to judge the exploitability of the massive crash generated by the automated vulnerability mining tool. While the current manual analysis of the crash process is inefficient and time-consuming, the existing automated tools can only handle execute exceptions and some write exceptions but cannot handle common read exceptions. To address this problem, we propose a method of determining the exploitability based on the exception type suppression. This method enables the program to continue to execute until an exploitable exception is triggered. The method performs a symbolic replay of the crash sample, constructing and reusing data gadget, to bypass the complex exception, thereby improving the efficiency and accuracy of vulnerability exploitability analysis. The testing of typical CGC/RHG binary software shows that this method can automatically convert a crash that cannot be judged by existing analysis tools into a different crash type and judge the exploitability successfully.
Year
DOI
Venue
2018
10.1155/2018/4610320
SECURITY AND COMMUNICATION NETWORKS
Field
DocType
Volume
Analysis tools,Crash,Software engineering,Reuse,Computer security,Gadget,Computer science,Software,Vulnerability,Binary number
Journal
2018
ISSN
Citations 
PageRank 
1939-0114
0
0.34
References 
Authors
3
3
Name
Order
Citations
PageRank
Zhiyuan Jiang101.01
Chao Feng26315.02
Chaojing Tang32915.21