Affiliation:
1. National University of Defense Technology Changsha China
Abstract
AbstractExploiting an out‐of‐bounds write vulnerability in general‐purpose applications has become a current research focus. Given the large scale of code in programs, selecting appropriate memory objects for exploitation is challenging. This letter proposes a corrupted data propagation‐guided fuzzing method. By tracking the propagation process of corrupted data among memory objects, a multi‐level fuzzing schedule is proposed to search the execution paths. Experimental results show that this proposed method, EMOFuzz, can effectively identify exploitable objects under various overflow lengths, significantly enhancing the efficiency of exploitability analysis.
Publisher
Institution of Engineering and Technology (IET)
Reference21 articles.
1. Brumley D. Poosankam P. Song D. et al.:Automatic patch‐based exploit generation is possible: Techniques and implications. In: Proceedings of the2008 IEEE Symposium on Security and Privacy (sp 2008) pp.143–157.IEEE Piscataway NJ (2008)
2. Automatic exploit generation
3. Bratus S. Locasto M.E. Patterson M.L.:Exploit programming: From buffer overflows to “weird machines” and theory of computation. Exploit Program. 36(6) 13–21 (2011)
4. Chen W. Zou X. Li G. et al.:KOOBE: Towards facilitating exploit generation of kernel out‐of‐bounds write vulnerabilities. In: Proceedings of the29th USENIX Security Symposium (USENIX Security 20) pp.1093–1110. USENIX Association USA (2020)
5. Wu W. Chen Y. Xing X. et al.:KEPLER: Facilitating control‐flow hijacking primitive evaluation for Linux kernel vulnerabilities. In: Proceedings of the28th USENIX Security Symposium (USENIX Security 19) pp.1187–1204. USENIX Association USA (2019)