Research On Automatic Exploit Generation Of Binary Vulnerabilities

The increasing popularity of the Internet has made various software systems widely used in many areas.At the same time,information security issues have become more and more severe.As an important carrier of the information system,software vulnerabilities are the root of most information security problems.To ensure the security of the information system,it is necessary to detect the vulnerabilities in software and assess their harmfulness accurately.However,the methods of vulnerability detection and assessment are less automated.Due to the increasing scale and complexity of software,and the variety of types and principles of vulnerability,it is difficult to cope with the challenges by analyzing vulnerabilities manually.In order to improve the efficiency of software security evaluation,this thesis studies the binary vulnerability principle and program analysis methods,and then proposes an automatic exploit generation method based on the binary vulnerability,which detects and exploits buffer overflow vulnerabilities in the program to verify the security of the program.First,the program is executed by the symbolic execution engine,and vulnerable state is detected according to the detection rule.Then,the method constructs constraint expressions for the exploitable vulnerability.Finally,constraint expressions are solved to generate exploit automatically.The major work of this thesis includes the following aspects:(1)In order to generate exploit automatically,this thesis summarizes the process of constructing the exploit manually,and establish the exploitation model through abstracting the exploitation process into the vulnerability constraint expression and exploit constraint expression.(2)A vulnerability-oriented automated vulnerability detection method is designed.To improve the pertinence of vulnerability detection,a static analysis method based on program slice is used to obtain the suspicious code snippet containing a vulnerable path.This method uses symbolic execution to detect vulnerabilities.In order to alleviate the state explosion problem in symbolic execution and improve the vulnerability detection efficiency,the state unrelated to vulnerabilities is trimmed according to the suspicious code snippet.(3)An automatic exploit generation method based on constraint solving is designed.The method abstract code injection,using jump instruction to bypass ASLR and return-to-libc to constraint expressions,which to achieve generating exploit automatically by solving constraint expressions.For the problem that the controllable memory space is not enough to store the shellcode in code injection exploit,this thesis proposes segmentation injection to improve the layout of the attack code,this method segments and stores shellcode in multiple memory blocks,which improves the applicability of the automatic exploit generation method.(4)This thesis designs and implements a binary-based automatic exploit generation system named AutoExp.And several disclosed vulnerabilities are used to test the system,the experimental results show that AutoExp can detect vulnerabilities and generate exploit automatically,which can effectively improve the effectiveness of software security evaluation.In addition,AutoExp has better applicability than other methods.