Loading...
Please wait, while we are loading the content...
Similar Documents
Automated Exploit Generation for Control-Flow Hijacking Attacks
| Content Provider | Semantic Scholar |
|---|---|
| Author | Huang, Po-Yen Huang, Shih-Kun |
| Copyright Year | 2011 |
| Abstract | Due to the rapid deployment of information technology, the threats on information assets are getting more serious. These threats are originated from software vulnerabilities. The vulnerabilities bring about attacks. If attacks launched before the public exposure of the targeted vulnerability, they are called zero-day attacks. These attacks usually damage system and economy seriously. We have analyzed the process of zero-day attacks in the perspective of software process and recognize that it is a race competition between attacks and software patch development and deployment. If developers can fix the vulnerabilities as soon as possible, the threats will be significantly reduced. In order to faster the vulnerability finding process, we use the software testing techniques, focusing on finding bugs automatically. However, it is still hard to locate security vulnerabilities from a large number of bugs. In our paper, we switch to the roles of attackers and aim at generating attacks automatically to prove that a bug is a security vulnerability. Based on symbolic execution, we are able to automatically generate exploit for control-flow hijacking attacks and perform several experiments with realworld programs to prove our method is feasible. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | https://ir.nctu.edu.tw/bitstream/11536/48318/1/558401.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
