| Software vulnerability is one of the important threats to cyberspace security.With the development of automated vulnerability mining technology,the contradiction between efficient vulnerability mining and inefficient vulnerability analysis and repair under limited human resources has become prominent.The development of automated vulnerability exploitability assessment methods is the key to resolving this contradiction.The hazard of the vulnerability is measured by the exploitability of the vulnerability,and the vulnerabilities with high hazard are repaired first,which can minimize the losses caused by the vulnerability.Automatic exploit generation remains a challenge due to the diversity of vulnerability types and the existence of system defenses.Existing automatic exploit generation solutions usually limit the exploitation of vulnerabilities to the crash path.They use symbolic execution technology to model the crash state,and exploit the vulnerability based on the crash state.However,the crash state is not equal to the exploitable state,and the exploitable state does not necessarily exist on the crash path.The exploit based on the crash state will limit the exploitation of the vulnerability,leading to underestimation of the harmfulness of the vulnerability.Therefore,finding potentially exploitable states in program execution when crash states are not exploitable is a key issue in automated vulnerability exploitation.In addition,most of the existing automated exploits are based on weak security defenses to generate exploits,which results in their insufficient exploitability in the face of security defenses and cannot accurately assess the harm of vulnerabilities in real environments.This research studies the above problems and proposes a new vulnerability exploitability assessment and verification method.Aiming at the problem that the available state is difficult to find,this research proposes an available state inference method based on symbolic execution.This method explores the exploitable state around the vulnerability point,and designs the stack overflow exploitable state inference method and the heap vulnerability exploitable state inference method based on the characteristics of different types of vulnerabilities,which improves the exploration ability of exploitable state.In order to address the problem of system security bypass,this research proposes a vulnerability exploitability verification method under the condition of strong security defense.The method constructs the utilization mode of a variety of vulnerability exploit technologies,transforms the advanced vulnerability utilization technology of defense bypass into the rules and constraints in the process of exploit generation,and enhances the ability of automatic vulnerability utilization to counter defensive measures.A prototype system Aeg Ex is implemented.To verify the effectiveness of the approach proposed in this research,comparative experimental evaluations with existing work were conducted on 39 CTF programs.The results show that Aeg Ex has stronger vulnerability exploitation capabilities. |
PDF Full Text Request