Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers

Research Article

Automatic Polymorphic Exploit Generation for Software Vulnerabilities

Download101 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-04283-1_14,
        author={Minghua Wang and Purui Su and Qi Li and Lingyun Ying and Yi Yang and Dengguo Feng},
        title={Automatic Polymorphic Exploit Generation for Software Vulnerabilities},
        proceedings={Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2014},
        month={6},
        keywords={software vulnerability dynamic taint analysis exploit generation},
        doi={10.1007/978-3-319-04283-1_14}
    }
    
  • Minghua Wang
    Purui Su
    Qi Li
    Lingyun Ying
    Yi Yang
    Dengguo Feng
    Year: 2014
    Automatic Polymorphic Exploit Generation for Software Vulnerabilities
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-04283-1_14
Minghua Wang1,*, Purui Su1,*, Qi Li2,*, Lingyun Ying1,*, Yi Yang1,*, Dengguo Feng1,*
  • 1: Chinese Academy of Sciences
  • 2: ETH Zurich
*Contact email: wangminghua@is.iscas.ac.cn, supurui@is.iscas.ac.cn, qi.li@inf.ethz.ch, yly@is.iscas.ac.cn, yangyi@is.iscas.ac.cn, feng@is.iscas.ac.cn

Abstract

Generating exploits from the perspective of attackers is an effective approach towards severity analysis of known vulnerabilities. However, it remains an open problem to generate even one exploit using a program binary and a known abnormal input that crashes the program, not to mention multiple exploits. To address this issue, in this paper, we propose PolyAEG, a system that automatically generates multiple exploits for a vulnerable program using one corresponding abnormal input. To generate polymorphic exploits, we fully leverage different trampoline instructions to hijack control flow and redirect it to malicious code in the execution context. We demonstrate that, given a vulnerable program and one of its abnormal inputs, our system can generate polymorphic exploits for the program. We have successfully generated control flow hijacking exploits for 8 programs in our experiment. Particularly, we have generated 4,724 exploits using only one abnormal input for IrfanView, a widely used picture viewer.