DeepFuzz: Triggering vulnerabilities deeply hidden in binaries
We introduce a new method for triggering vulnerabilities in deep layers of binary executables and facilitate their exploitation. In our approach we combine dynamic symbolic execution with fuzzing techniques. To maximize both the execution path depth and the degree of freedom in input parameters for exploitation, we define a novel method to assign probabilities to program paths. Based on this probability distribution we apply new path exploration strategies. This facilitates payload generation and therefore vulnerability exploitation.
DeepFuzz: Triggering vulnerabilities deeply hidden in binaries
Detection of intrusions and malware, and vulnerability assessment. 13th International Conference
Authors: | Konstantin Böttinger and Claudia Eckert |
Year/month: | 2016/7 |
Booktitle: | Detection of intrusions and malware, and vulnerability assessment. 13th International Conference |
Pages: | 25-34 |
Address: | San Sebastián, Spain |
Publisher: | Springer International Publishing |
Fulltext: | click here |
Abstract |
|
We introduce a new method for triggering vulnerabilities in deep layers of binary executables and facilitate their exploitation. In our approach we combine dynamic symbolic execution with fuzzing techniques. To maximize both the execution path depth and the degree of freedom in input parameters for exploitation, we define a novel method to assign probabilities to program paths. Based on this probability distribution we apply new path exploration strategies. This facilitates payload generation and therefore vulnerability exploitation. |
Bibtex:
@inproceedings { deepfuzz,author = { Konstantin Böttinger and Claudia Eckert},
title = { DeepFuzz: Triggering vulnerabilities deeply hidden in binaries },
year = { 2016 },
month = { July },
booktitle = { Detection of intrusions and malware, and vulnerability assessment. 13th International Conference },
address = { San Sebastián, Spain },
pages = { 25-34 },
publisher = { Springer International Publishing },
url = { http://dx.doi.org/10.1007/978-3-319-40667-1_2 },
}