Modular Synthesis of Heap Exploits. / Repel, Dusan; Kinder, Johannes; Cavallaro, Lorenzo.

PLAS '17 Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security. Association for Computing Machinery (ACM), 2017. p. 25-35.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Modular Synthesis of Heap Exploits. / Repel, Dusan; Kinder, Johannes; Cavallaro, Lorenzo.

PLAS '17 Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security. Association for Computing Machinery (ACM), 2017. p. 25-35.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Repel, D, Kinder, J & Cavallaro, L 2017, Modular Synthesis of Heap Exploits. in PLAS '17 Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security. Association for Computing Machinery (ACM), pp. 25-35. https://doi.org/10.1145/3139337.3139346

APA

Repel, D., Kinder, J., & Cavallaro, L. (2017). Modular Synthesis of Heap Exploits. In PLAS '17 Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security (pp. 25-35). Association for Computing Machinery (ACM). https://doi.org/10.1145/3139337.3139346

Vancouver

Repel D, Kinder J, Cavallaro L. Modular Synthesis of Heap Exploits. In PLAS '17 Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security. Association for Computing Machinery (ACM). 2017. p. 25-35 https://doi.org/10.1145/3139337.3139346

Author

Repel, Dusan ; Kinder, Johannes ; Cavallaro, Lorenzo. / Modular Synthesis of Heap Exploits. PLAS '17 Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security. Association for Computing Machinery (ACM), 2017. pp. 25-35

BibTeX

@inproceedings{65bfebcd053c4b0db736265dc4d8d3bd,
title = "Modular Synthesis of Heap Exploits",
abstract = "Memory errors continue to compromise the security of today's systems. Recent efforts to automatically synthesize exploits for stack-based buffer overflows promise to help assess a vulnerability's severity more quickly and alleviate the burden of manual reasoning. However, generation of heap exploits has been out of scope for such methods thus far. In this paper, we investigate the problem of automatically generating heap exploits, which, in addition to finding the vulnerability, requires intricate interaction with the heap manager. We identify the challenges involved in automatically finding the right parameters and interaction sequences for such attacks, which have traditionally required manual analysis. To tackle these challenges, we present a modular approach that is designed to minimize the assumptions made about the heap manager used by the target application. Our prototype system is able to find exploit primitives in six binary implementations of Windows and UNIX-based heap managers and applies these to successfully exploit two real-world applications.",
author = "Dusan Repel and Johannes Kinder and Lorenzo Cavallaro",
year = "2017",
month = "10",
day = "30",
doi = "10.1145/3139337.3139346",
language = "English",
pages = "25--35",
booktitle = "PLAS '17 Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

RIS

TY - GEN

T1 - Modular Synthesis of Heap Exploits

AU - Repel, Dusan

AU - Kinder, Johannes

AU - Cavallaro, Lorenzo

PY - 2017/10/30

Y1 - 2017/10/30

N2 - Memory errors continue to compromise the security of today's systems. Recent efforts to automatically synthesize exploits for stack-based buffer overflows promise to help assess a vulnerability's severity more quickly and alleviate the burden of manual reasoning. However, generation of heap exploits has been out of scope for such methods thus far. In this paper, we investigate the problem of automatically generating heap exploits, which, in addition to finding the vulnerability, requires intricate interaction with the heap manager. We identify the challenges involved in automatically finding the right parameters and interaction sequences for such attacks, which have traditionally required manual analysis. To tackle these challenges, we present a modular approach that is designed to minimize the assumptions made about the heap manager used by the target application. Our prototype system is able to find exploit primitives in six binary implementations of Windows and UNIX-based heap managers and applies these to successfully exploit two real-world applications.

AB - Memory errors continue to compromise the security of today's systems. Recent efforts to automatically synthesize exploits for stack-based buffer overflows promise to help assess a vulnerability's severity more quickly and alleviate the burden of manual reasoning. However, generation of heap exploits has been out of scope for such methods thus far. In this paper, we investigate the problem of automatically generating heap exploits, which, in addition to finding the vulnerability, requires intricate interaction with the heap manager. We identify the challenges involved in automatically finding the right parameters and interaction sequences for such attacks, which have traditionally required manual analysis. To tackle these challenges, we present a modular approach that is designed to minimize the assumptions made about the heap manager used by the target application. Our prototype system is able to find exploit primitives in six binary implementations of Windows and UNIX-based heap managers and applies these to successfully exploit two real-world applications.

U2 - 10.1145/3139337.3139346

DO - 10.1145/3139337.3139346

M3 - Conference contribution

SP - 25

EP - 35

BT - PLAS '17 Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security

PB - Association for Computing Machinery (ACM)

ER -