Proceedings of ISP RAS


Automated exploit generation method for stack buffer overflow vulnerabilities.

V.A. Padaryan, V.V. Kaushan, A.N. Fedotov.

Abstract

In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs. It is applied to program binaries, without requiring debug information. The method is based on dynamic analysis and symbolic execution. We present a tool implementing the method. We used this tool to generate exploits for 8 vulnerabilities in both Linux and Windows programs, 3 of which were undocumented at the time this paper was written.

Keywords

bug classification; vulnerability exploitation; binary code; dynamic analysis; symbolic execution

Edition

Proceedings of the Institute for System Programming, vol. 26, issue 3, 2014, pp. 127-144.

ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).

DOI: 10.15514/ISPRAS-2014-26(3)-7

Full text of the paper in pdf (in Russian) Back to the contents of the volume