Locating Vulnerabilities in Binaries via Memory Layout Recovering

Haijun Wang, Xiaofei Xie, Shang-Wei Lin, Yun Lin, Yuekang Li, Shengchao Qin, Yang Liu, Ting Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

176 Downloads (Pure)

Abstract

Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes.
Original languageEnglish
Title of host publicationThe 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
PublisherACM
Number of pages11
Publication statusPublished - 26 Aug 2019

Fingerprint

Data storage equipment
Binary codes
Semantics
Hardening
Recovery
Experiments

Cite this

Wang, H., Xie, X., Lin, S-W., Lin, Y., Li, Y., Qin, S., ... Liu, T. (2019). Locating Vulnerabilities in Binaries via Memory Layout Recovering. In The 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering ACM.
Wang, Haijun ; Xie, Xiaofei ; Lin, Shang-Wei ; Lin, Yun ; Li, Yuekang ; Qin, Shengchao ; Liu, Yang ; Liu, Ting. / Locating Vulnerabilities in Binaries via Memory Layout Recovering. The 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 2019.
@inproceedings{83e6f3233fed4634b896b8a3ceb78038,
title = "Locating Vulnerabilities in Binaries via Memory Layout Recovering",
abstract = "Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96{\%}), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes.",
author = "Haijun Wang and Xiaofei Xie and Shang-Wei Lin and Yun Lin and Yuekang Li and Shengchao Qin and Yang Liu and Ting Liu",
year = "2019",
month = "8",
day = "26",
language = "English",
booktitle = "The 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering",
publisher = "ACM",

}

Wang, H, Xie, X, Lin, S-W, Lin, Y, Li, Y, Qin, S, Liu, Y & Liu, T 2019, Locating Vulnerabilities in Binaries via Memory Layout Recovering. in The 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM.

Locating Vulnerabilities in Binaries via Memory Layout Recovering. / Wang, Haijun; Xie, Xiaofei; Lin, Shang-Wei; Lin, Yun; Li, Yuekang; Qin, Shengchao; Liu, Yang; Liu, Ting.

The 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 2019.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Locating Vulnerabilities in Binaries via Memory Layout Recovering

AU - Wang, Haijun

AU - Xie, Xiaofei

AU - Lin, Shang-Wei

AU - Lin, Yun

AU - Li, Yuekang

AU - Qin, Shengchao

AU - Liu, Yang

AU - Liu, Ting

PY - 2019/8/26

Y1 - 2019/8/26

N2 - Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes.

AB - Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes.

M3 - Conference contribution

BT - The 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

PB - ACM

ER -

Wang H, Xie X, Lin S-W, Lin Y, Li Y, Qin S et al. Locating Vulnerabilities in Binaries via Memory Layout Recovering. In The 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM. 2019