首页    期刊浏览 2024年11月30日 星期六
登录注册

文章基本信息

  • 标题:Analysis to Heap Overflow Exploit in Linux with Symbolic Execution
  • 本地全文:下载
  • 作者:Ning Huang ; Shuguang Huang ; Chao Chang
  • 期刊名称:IOP Conference Series: Earth and Environmental Science
  • 印刷版ISSN:1755-1307
  • 电子版ISSN:1755-1315
  • 出版年度:2019
  • 卷号:252
  • 期号:4
  • 页码:1-14
  • DOI:10.1088/1755-1315/252/4/042100
  • 出版社:IOP Publishing
  • 摘要:Heap overflow is a common error of buffer overflow in Linux. The control flow of a program may be hijacked when the program satisfies several specific conditions. The existing automatic exploit generation technologies for buffer overflow find vulnerability trigger point and generate exploit by checking the control flow state. However, the heap overflow data rarely lead to a control flow hijacking as well as protection mechanisms limit the trigger condition. It is difficult to analyze the exploitability of heap overflow automatically through the existing analysis technology. For the heap overflow errors in Linux, we summarize the features of exploit on the basis of analyzing the instances, building the detection model of the exploitability of heap overflow, and proposing a method for analyzing the exploitability of heap overflow based on the model. The proposed method monitors the input data and insecurity functions of the program by using taint analysis; builds the path constraints and data constraints which satisfy the conditions of heap overflow exploit through selective symbolic execution; solves the abovementioned constraints and generates the test case automatically. All the steps of our method can be finished automatically by using the symbolic execution tool S2E. The experiments show that this method can automatically analyze and detect the exploitability of heap overflow errors.
国家哲学社会科学文献中心版权所有