TUM Logo

DeepFuzz: Triggering vulnerabilities deeply hidden in binaries

We introduce a new method for triggering vulnerabilities in deep layers of binary executables and facilitate their exploitation. In our approach we combine dynamic symbolic execution with fuzzing techniques. To maximize both the execution path depth and the degree of freedom in input parameters for exploitation, we define a novel method to assign probabilities to program paths. Based on this probability distribution we apply new path exploration strategies. This facilitates payload generation and therefore vulnerability exploitation.

DeepFuzz: Triggering vulnerabilities deeply hidden in binaries

Detection of intrusions and malware, and vulnerability assessment. 13th International Conference

Authors: Konstantin Böttinger and Claudia Eckert
Year/month: 2016/7
Booktitle: Detection of intrusions and malware, and vulnerability assessment. 13th International Conference
Pages: 25-34
Address: San Sebastián, Spain
Publisher: Springer International Publishing
Fulltext: click here

Abstract

We introduce a new method for triggering vulnerabilities in deep layers of binary executables and facilitate their exploitation. In our approach we combine dynamic symbolic execution with fuzzing techniques. To maximize both the execution path depth and the degree of freedom in input parameters for exploitation, we define a novel method to assign probabilities to program paths. Based on this probability distribution we apply new path exploration strategies. This facilitates payload generation and therefore vulnerability exploitation.

Bibtex:

@inproceedings { deepfuzz,
author = { Konstantin Böttinger and Claudia Eckert},
title = { DeepFuzz: Triggering vulnerabilities deeply hidden in binaries },
year = { 2016 },
month = { July },
booktitle = { Detection of intrusions and malware, and vulnerability assessment. 13th International Conference },
address = { San Sebastián, Spain },
pages = { 25-34 },
publisher = { Springer International Publishing },
url = { http://dx.doi.org/10.1007/978-3-319-40667-1_2 },

}