BofAEG: Automated Stack Buffer Overflow Vulnerability Detection and Exploit Generation Based on Symbolic Execution and Dynamic Analysis-Reference-Cited by-同舟云学术

BofAEG: Automated Stack Buffer Overflow Vulnerability Detection and Exploit Generation Based on Symbolic Execution and Dynamic Analysis

Published:2022-06-22 Issue: Volume:2022 Page:1-9
ISSN:1939-0122
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

Xu Shenglin¹^ORCID,Wang Yongjun¹

Affiliation:

1. School of Computer, National University of Defense Technology, Changsha, China

Abstract

Stack buffer overflow vulnerability is a common software vulnerability that can overwrite function return addresses and hijack program control flow, causing serious system problems. Existing automated exploit generation (AEG) solutions cannot bypass position-independent executable (PIE) exploit mitigation and cannot cope with the situation where the standard output function is not introduced into the program. In this paper, we propose a solution to alleviate the above difficulties: BofAEG, which is based on symbolic execution and dynamic analysis to automatically detect stack buffer overflow vulnerability and generate exploit. We used to capture the flag (CTF) and common vulnerabilities and exposures (CVE) programs for experiments. Results show that BofAEG can not only detect and generate exploits effectively but also implement more exploit techniques and is faster than existing AEG solutions.

Funder

National Basic Research Program of China

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2022/1251987.pdf

Reference43 articles.

1. Smashing the stack for fun and profit;A. One;Phrack magazine,1996

2. Related to Stack Buffer Overflow Vulnerabilities;CVEs,2022

3. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks;C. Cowan,1998

4. Return-Oriented Programming

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. AutoPwn: Artifact-Assisted Heap Exploit Generation for CTF PWN Competitions;IEEE Transactions on Information Forensics and Security;2024

2. AAHEG: Automatic Advanced Heap Exploit Generation Based on Abstract Syntax Tree;Symmetry;2023-12-14

3. Fine-Grained Modeling of ROP Vulnerability Exploitation Process under Stack Overflow Based on Petri Nets;Electronics;2023-11-22

4. CanaryExp: A Canary-Sensitive Automatic Exploitability Evaluation Solution for Vulnerabilities in Binary Programs;Applied Sciences;2023-11-21

5. Protect the System Call, Protect (Most of) the World with BASTION;Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3;2023-03-25