Design And Implementation Of Vulnerability Exploit Generation Technology For Linux Platform Program

With the development of vulnerability mining technology,the speed of vulnerability discovery is getting faster and faster.For security practitioners or software vendors,the automated exploit generation helps them prioritize the most serious vulnerabilities by severity.In this way,the resources of vulnerability repair can be reasonably allocated.In recent years,more and more work has been done in the field,but there are still many shortcomings.For example,the existing exploit generation schemes only face a single or a few vulnerability types,and cannot effectively identify some specific vulnerabilities(such as internal overflow vulnerability of heap objects),and the exploit generation need PoC(proof-of-concept),etc.This thesis presents an innovative Exploit Primitive Determination(EPD)based on vulnerability exploitation model for heap vulnerabilities.Given target program,the EPD technology gets target program input by symbolic execution,then performs key behavioral analysis for all inputs and gets the inputs with labels.And then EPD constructs Fuzzing template according to the vulnerability exploit primitive model and tagged input.Finally,according to fuzzing template,the fuzzing test based on generation is carried out to obtain the PoC that can trigger the exploit primitive.Based on EPD technology,this thesis implements a vulnerability exploit generation system for ELF(Linux executable file format)program.This system obtains the vulnerability and crash information through the combination of concrete execution and symbolic execution.If the crash is unexploitable and the vulnerability type is heap overflow and UAF(Use-After-Free)vulnerability,the PoC that can trigger the exploitation primitive is determined by EPD technology.If the crash is exploitable,the exploit is generated based on the crash and vulnerability information.The experimental results show that the information collection module of this system can successfully identify four kinds of vulnerabilities and determine the exploitability of the crash.EPD technology can accurately identify the key behavior of the target program(The recognition accuracy was 100%on the four experimental procedures.),can effectively determine the exploit primitives(75%),and EPD is superior to REVERY in the determination of exploit primitive of internal overflow vulnerability of heap object.In addition,the exploit generation system can successfully generate exploit of five kinds of vulnerability.