Proceedings of ISP RAS


Severity software defects estimation in presence of modern defense mechanisms

A.N. Fedotov (ISP RAS, Moscow, Russia)
V.A. Padaryan (ISP RAS, Moscow, Russia, MSU, Moscow, Russia)
V.V. Kaushan (ISP RAS, Moscow, Russia)
Sh.F. Kurmangaleev (ISP RAS, Moscow, Russia)
A.V. Vishnyakov (ISP RAS, Moscow, Russia)
A.R. Nurmukhametov (ISP RAS, Moscow, Russia)

Abstract

This paper introduces a refined method for automated exploitability evaluation of found program bugs. During security development lifecycle a significant number of crashes is detected in programs. Because of limited resources, bug fixing is time consuming and needs prioritization. It should be the matter of highest priority to fix exploitable bugs. Automated exploit generation technique is used to solve this problem in practice. Generated exploit confirms the presence of a critical vulnerability. However, state-of-the-art publications omit modern defense mechanisms preventing exploitation. It results in lowering of an evaluation quality. This paper considers modern vulnerability exploitation prevention mechanisms. An evaluation of their prevalence and efficiency is also presented. The method can be applied to program binaries and doesn’t require any debug information. Proposed method is based on symbolic interpretation of traces obtained by a full-system emulator. Our method can demonstrate a real exploitability for stack buffer overflow vulnerability with write-what-where condition even when DEP, ASLR, and “canary” operate together. The implemented method capabilities were shown on model examples and real programs.

Keywords

critical vulnerability, binary code, symbolic execution

Edition

Proceedings of the Institute for System Programming, vol. 28, issue 5, 2016, pp. 73-92.

ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).

DOI: 10.15514/ISPRAS-2016-28(5)-4

Full text of the paper in pdf (in Russian) Back to the contents of the volume