Automated exploit generation method for stack buffer overflow vulnerabilities

V. A. Padaryan; V. V. Kaushan; A. N. Fedotov

doi:10.15514/ispras-2014-26(3)-7

Труды Института системного программирования РАН (Oct 2018)

Automated exploit generation method for stack buffer overflow vulnerabilities

V. A. Padaryan,
V. V. Kaushan,
A. N. Fedotov

Affiliations

V. A. Padaryan: ИСП РАН
V. V. Kaushan: ИСП РАН
A. N. Fedotov: ИСП РАН

DOI: https://doi.org/10.15514/ispras-2014-26(3)-7
Journal volume & issue: Vol. 26, no. 3
pp. 127 – 144

Abstract

Read online

In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis and symbolic execution. We present a tool implementing the method. We used this tool to generate exploits for 8 vulnerabilities in both Linux and Windows programs, 3 of which were undocumented at the time this paper was written.

Published in Труды Института системного программирования РАН

ISSN: 2079-8156 (Print); 2220-6426 (Online)
Publisher: Ivannikov Institute for System Programming of the Russian Academy of Sciences
Country of publisher: Russian Federation
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://ispranproceedings.elpub.ru/jour/index

About the journal

Abstract

Keywords