deExploit: Identifying misuses of input data to diagnose memory-corruption exploits at the binary level

详细信息    查看全文

• 作者：Run Wang^a ; ^b ; ^cAuthor Vitae ; Pei Liu^dAuthor Vitae ; Lei Zhao ; ^a ; ^b ; ^c ; ^{leizhao@whu.edu.cn}Author Vitae ; Yueqiang Cheng^eAuthor Vitae ; Lina Wang^a ; ^b ; ^cAuthor Vitae
• 关键词：Software vulnerability ; Exploit diagnosis ; Memory corruption ; Reverse engineering
• 刊名：Journal of Systems and Software
• 出版年：2017
• 出版时间：February 2017
• 年：2017
• 卷：124
• 期：Complete
• 页码：153-168
• 全文大小：1659 K
• 卷排序：124

文摘

We propose to detect memory corruption by identifying misuses of input data. We propose a binary level approach for memory corruption detection and diagnosis. Our approach is generic to typical memory corruption attacks. Our approach is effective in localizing the root causes of vulnerabilities. Our approach is explainable to identify key attack steps for exploit diagnosis.