Ivannikov Institute for System Programming of the RAS


Automated Exploit Generation for Stack Buffer Overflow Vulnerabilities.

Authors

V.A. Padaryan, V.V. Kaushan, A.N. Fedotov

Abstract

An automated method for exploit generation is presented. This method allows one to construct exploits for stack buffer overflow vulnerabilities and to prioritize software bugs. The method is based on the dynamic analysis and symbolic execution of programs. It could be applied to program binaries and does not require debug information. The proposed method was used to develop a tool for exploit generation. This tool was used to generate exploits for eight vulnerabilities in Linux and Windows programs, of which three were not fixed at the time this paper was written.

Full text of the paper in pdf

Keywords

bug classification; vulnerability exploitation; binary code; dynamic analysis; symbolic execution

Edition

Programming and Computer Software, 2015, Vol. 41, No. 6, pp. 373–380.

DOI: 10.1134/S0361768815060055

ISSN 0361-7688

Research Group

Compiler Technology

All publications during 2015 All publications