Research On Automated Exploit Generation Of Binary Program Memory Corruption Vulnerability

Software vulnerabilities are major risks of cyberspace security.With the develop-ment of vulnerability detection research,more and more software vulnerability has been disclosed.In front of a large number of vulnerabilities,vulnerability fix is facing great pressure,so software developers can only give priority to fix the vulnerability with high harm degree.Vulnerability exploitability analysis is one of the most important indexes to reflect the degree of vulnerability damage.Currently,it is generally believed that the most accurate method to judge the exploitability of vulnerabilities is to generate the exploit of the corresponding vulnerability.However,the process of exploit generation involves a lot of expertise in vulnerability verification and has a high technical threshold.Therefore,the automated exploit generation method is needed.In this paper,the three points are studied as follow: 1.Automated exploitable state exploration; 2.Automated exploit mitigation bypassing; 3.Exploit generation.This paper carries out the research on related issues,and the main work is introduced as follows:Automated Exploit Generation Based on Non-exploitable State(1)Aiming at the problem that the program input cannot trigger exploitable state,the research of automated exploitable state exploration is carried outMost inputs in real-world cannot trigger exploitable state.Therefore,it is necessary to solve the problem of automated exploit generation with a non-exploitable state.Firstly,it utilizes the customized taint analysis to explore the execution path during the program simulation execution,and obtained the exploitable state position and the static execution path.Then,the symbolic execution was used to collect symbolic constraints to solve the exploitable state constraints,and the customized pruning technology was used to effec-tively alleviate the state explosion problem.Finally,the program input that can trigger the available state was generated.Based on the above method,a prototype system is constructed and evaluated.The experiment shows that the prototype system can achieve the expected experimental effect,and the efficiency can be improved by about 85.5 times compared with the state-of-the-art.Automated Exploit Generation Based on Exploitable State(2)Aiming at the problem of the limitation of vulnerability exploit mitigations,the research of automated exploit mitigation bypassing is carried outExploit mitigations have been deployed in operating systems and compiled software.To accurately evaluate the vulnerability hazard in the real-world environment,the auto-mated exploit generation should try to bypass the exploit mitigations.Firstly,according to the characteristics of exploit mitigations,identify the exploit mitigations,which are enabled,in the current program running environment.Then,according to experts’ ex-perience,the exploit mitigation bypassing model is established to generate the exploit mitigation bypassing payload.Finally,the symbolic execution technology is used to col-lect the symbolic constraints of the program and build the exploit mitigation bypassing payload constraints.Based on the above method,a prototype system is constructed and evaluated.The experiment shows that the prototype system can achieve the expected experimental effect.Compared with the open-source state-of-the-art system,the prototype system can show a better effect on the exploit mitigations bypassing.(3)Aiming at the problem of constructing the vulnerability exploit models,the re-search of exploit generation is carried outMost of the existing automated exploit generation solutions take vulnerability types as classification methods.This method can perform well in the case of simple vulnera-bility effects such as stack overflow and format string vulnerability,but cannot perform well in the case of relatively complex vulnerabilities.Firstly,the timing of exploitable state trigging is judged by program monitoring.Then,automated exploit models under different exploitable states are constructed according to exploit experience.Finally,the symbolic execution technique is used to construct the exploit constraints in the symbolic memory of the program,and the final exploit is generated by solving the constraint.Based on the above method,a prototype system is constructed and evaluated.The experiment shows that the prototype system can achieve the expected experimental effect.