| Program vulnerabilities are caused by programming mistakes.An attacker can control the behavior of a program by exploiting its vulnerabilities,and take further control of the entire computer system.The research of program vulnerabilities has developed nearly three decades with the computer industry.Vulnerabilities are one of the most critical threats to computer security at present.There are numerous vulnerabilities being discovered and exploited every day,causing significant damage and loss to computer industry and even human society.Attack and defense are the two aspects of vulnerability research.They keep competing with each other.New attack techniques and defense mechanism emerge one after another,pushing the frontier of computer security.Nowadays the attack and defense of vulnerabilities are becoming mature,but there still leaves a huge room for improvement.Many programs are fundamentally flawed in terms of security due to their basic design.However the widely deployment of general mitigations on modern operating systems obsoletes most of legacy exploit techniques,and new techniques have not been proposed yet.Therefore we do an intensive study of the default heap allocator and dynamic linker of Linux operating system and present several novel exploit techniques in this thesis,including seven techniques against ptmalloc allocator,and a dynamic linking based technique on Linux system.We also provide the proof-of-concept code.Experiments show that these new techniques are more effective and versatile than the techniques proposed by previous researchers,and can effectively defeat most of the mitigations on modern operating systems,pushing the frontier of vulnerability exploitation once again. |
PDF Full Text Request