摘要
针对现有漏洞自动利用生成方法无法实现从“可控内存写”到“控制流劫持”的自动构造问题,提出一种可控内存写漏洞的自动利用生成方法。首先,基于内存地址控制力度的动态污点分析方法检测可控内存写漏洞;然后,基于漏洞利用模式进行利用要素搜索,通过约束求解自动构造可控内存写漏洞的利用。实验结果表明,所提方法可以有效检测可控内存写漏洞,搜索漏洞利用要素,自动生成从可控内存写到控制流劫持的利用。
To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where,a method of automatic exploitation generation for write-what-where was proposed.First,the write-what-where vulnerability was detected based on the memory address control strength dynamic taint analysis method.Then,the vulnerability exploitation elements were searched based on the vulnerability exploitation modes,and the exploitation of write-what-where vulnerability was generated automatically by constraint solving.The experimental results show that the proposed method can effectively detect write-what-where vulnerability,search exploitation elements,and automatically generate the control-flow-hijacking exploitation from write-what-where.
作者
黄桦烽
苏璞睿
杨轶
贾相堃
HUANG Huafeng;SU Purui;YANG Yi;JIA Xiangkun(Trusted Computing and Information Assurance Laboratory,Institute of Software Chinese Academy of Sciences,Beijing 100190,China;School of Computer Science and Technology,University of Chinese Academy of Sciences,Beijing 100190,China)
出处
《通信学报》
EI
CSCD
北大核心
2022年第1期83-95,共13页
Journal on Communications
基金
国家自然科学基金资助项目(No.U1736209,No.61572483,No.U1836117,No.U1836113,No.62102406)
中国科学院战略性先导科技专项基金资助项目(No.XDC02020300)。
关键词
可控内存写
控制流劫持
动态污点分析
漏洞利用要素
自动利用生成
write-what-where
control flow hijacking
dynamic taint analysis
vulnerability exploitation element
automatic exploitation generation