Abstract
To quickly verify and fix vulnerabilities, it is necessary to judge the exploitability of the massive crash generated by the automated vulnerability mining tool. While the current manual analysis of the crash process is inefficient and time-consuming, the existing automated tools can only handle execute exceptions and some write exceptions but cannot handle common read exceptions. To address this problem, we propose a method of determining the exploitability based on the exception type suppression. This method enables the program to continue to execute until an exploitable exception is triggered. The method performs a symbolic replay of the crash sample, constructing and reusing data gadget, to bypass the complex exception, thereby improving the efficiency and accuracy of vulnerability exploitability analysis. The testing of typical CGC/RHG binary software shows that this method can automatically convert a crash that cannot be judged by existing analysis tools into a different crash type and judge the exploitability successfully.
Highlights
Software development is an error-prone job, as a vulnerability caused by the negligence of the developer will have serious consequences once exploited by an attacker
Researchers engaging in security can find software vulnerabilities with abnormal sample data without understanding the operating logic of the software being analyzed
The three major categories are read exceptions, write exceptions, and execution exceptions. Both the pattern-based and the exploitability test methods can only be applied to the problem of the exploitability of write exceptions and execution exceptions [14]; these methods cannot determine the availability of the vulnerabilities that are caused by read exceptions
Summary
Software development is an error-prone job, as a vulnerability caused by the negligence of the developer will have serious consequences once exploited by an attacker. Both the pattern-based and the exploitability test methods can only be applied to the problem of the exploitability of write exceptions and execution exceptions [14]; these methods cannot determine the availability of the vulnerabilities that are caused by read exceptions. To solve this problem, the paper presents an exploitability analysis method based on automatic exception suppression on a binary program analysis platform named angr [15]. Through the tracking and analysis of the implementation process of the vulnerability exception sample, the method can automatically generate new test cases that can suppress the read exception, according to the software execution path and the corresponding symbolic constraint condition, and convert the read exception with unknown exploitability into a write exception or a execute exception to complete the exploitability judgement.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
