| Nowadays,the amount of software and the amount of code are exploding,and the resulting security problems are also attracting more and more attention.A small mistake of the programmer may cause serious consequences,which may affect the stability of the running of software and the security of the users.Because many programmers lack a certain security awareness of code writing,or simply pursue functional satisfaction,it is easy to generate erroneous code logic or ignore the legality of input.For now,format string,stack overflow and heap buffer vulnerabilities are still the mainstream types of vulnerabilities.These types of vulnerabilities are not only high in appearance rate,but also easily exploited to cause further attacks.These vulnerabilities may not only exist in newly written code,but also in old code,and as the software code becomes larger and the software supply chain becomes more complex,the vulnerabilities gradually become more diverse and more latent.It is increasingly difficult for humans to dig out valuable loopholes.At the same time,in complicated software,various conditions of the actual running environment should be taken into consideration during the manual exploitation.Vulnerability exploitation also requires people to have a deep understanding of the underlying computer and program operations.Manual construction of exploiting scripts is becoming more and more difficult,and the speed of construction and utilization is also getting slower and slower.These two factors lead to the automatic detection and exploitation of software vulnerabilities becoming a hot topic on current research.Through the research on the current automatic detection and exploitation of vulnerabilities,it is found that the current technology has insufficient classification of vulnerabilities,indirect or ineffective vulnerability exploiting,and little research on complex types of vulnerability.Having compared the current technology,finally we decide to choose the symbolic execution technique to model the behavior of format string vulnerability,stack overflow vulnerability and heap buffer vulnerability.When the vulnerability is discovered,the vulnerability type can be determined.Then we generate exploiting scripts or schemes automatically,according to the vulnerability characteristics and program features.This article implements a complete system that can detect,exploit and fix vulnerability automatically.The system uses fuzzing and symbolic execution technology.According to the vulnerability behavior model,it can effectively exploit format string,stack overflow and heap buffer vulnerability,and use symbolic execution technology to generate corresponding exploiting scripts or schemes.Finally,according to the type of vulnerability and program features,it can generate the appropriate patch file.The existing research does not involve the automatic exploitation of heap buffer vulnerabilities,and does not fix the vulnerabilities after successful exploitation.The system can also accurately identify the functions of statically compiled programs.The system tested 20 vulnerabilities of 32-bit x86 programs,found 16 vulnerabilities in total,and generated exploiting scripts or schemes for 10 programs.It generated patches for 14 programs,and finally found 21 real software vulnerabilities in practical tests. |
PDF Full Text Request