Paper Info
Title
Automatic Exploit Generation for Buffer Overflow Vulnerabilities
Abstract
Buffer overflow vulnerabilities are widely found in software. Finding these vulnerabilities and identifying whether these vulnerabilities can be exploit is very important. However, it is not easy to find all of the buffer overflow vulnerabilities in software programs, and it is more difficult to find and exploit these vulnerabilities in binary programs. This paper proposes a method and a corresponding tool that automatically finds buffer overflow vulnerabilities in binary programs, and then automatically generate exploit for the vulnerability. The tool uses symbolic execution to search the target software and find potential buffer overflow vulnerabilities, then try to bypass system protection by choosing different exploiting method according to the different level of protections. Finally, the exploit of software vulnerability is generated using constraint solver. The method and tool can automatically find vulnerabilities and generate exploits for three kinds of protection: without system protection, with address space layout randomization protection, and with stack non-executable protection.
Year
DOI
Venue
2018
10.1109/QRS-C.2018.00085
2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C)
Keywords
Field
DocType
binary program,symbolic execution,automatic exploit generation
Vulnerability (computing),Address space layout randomization,Computer science,Constraint satisfaction problem,Exploit,Software,Symbolic execution,Software quality,Distributed computing,Buffer overflow
Conference
ISBN
Citations 
PageRank 
978-1-5386-7840-4
0
0.34
References 
Authors
0
4
Name
Order
Citations
PageRank
Luhang Xu100.68
Weixi Jia200.34
Xian Zhang311218.22
Yongjun Li4245.58