Труды Института системного программирования РАН (Oct 2018)

Software defect severity estimation in presence of modern defense mechanisms

  • A. N. Fedotov,
  • V. A. Padaryan,
  • V. V. Kaushan,
  • Sh. F. Kurmangaleev,
  • A. V. Vishnyakov,
  • A. R. Nurmukhametov

DOI
https://doi.org/10.15514/ISPRAS-2016-28(5)-4
Journal volume & issue
Vol. 28, no. 5
pp. 73 – 92

Abstract

Read online

This paper introduces a refined method for automated exploitability evaluation of found program bugs. During security development lifecycle a significant number of crashes is detected in programs. Because of limited resources, bug fixing is time consuming and needs prioritization. It should be the matter of highest priority to fix exploitable bugs. Automated exploit generation technique is used to solve this problem in practice. Generated exploit confirms the presence of a critical vulnerability. However, state-of-the-art publications omit modern defense mechanisms preventing exploitation. It results in lowering of an evaluation quality. This paper considers modern vulnerability exploitation prevention mechanisms. An evaluation of their prevalence and efficiency is also presented. The method can be applied to program binaries and doesn’t require any debug information. Proposed method is based on symbolic interpretation of traces obtained by a full-system emulator. Our method can demonstrate a real exploitability for stack buffer overflow vulnerability with write-what-where condition even when DEP, ASLR, and “canary” operate together. The implemented method capabilities were shown on model examples and real programs.

Keywords