Proceedings of the Institute for System Programming of the RAS
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS


Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
Find




Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register

Proceedings of the Institute for System Programming of the RAS, 2017, Volume 29, Issue 6, Pages 151–162
DOI: https://doi.org/10.15514/ISPRAS-2017-29(6)-8 (Mi tisp278) 		 
This article is cited in 2 scientific papers (total in 2 papers)

Building security predicates for some types of vulnerabilities

A. N. Fedotova, V. V. Kaushana, S. S. Gaissaryanabcd, Sh. F. Kurmangaleeva

a Ivannikov Institute for System Programming of the Russian Academy of Sciences
b Lomonosov Moscow State University
c National Research University Higher School of Economics (HSE)
d Moscow Institute of Physics and Technology (State University)
Full-text PDF (528 kB) Citations (2)
References:
PDF
HTML
DOI: https://doi.org/10.15514/ISPRAS-2017-29(6)-8
Abstract: Approaches for code execution using program vulnerabilities are considered in this paper. Particularly, ways of code execution using buffer overflow on stack and on heap, using use-after-free vulnerabilities and format string vulnerabilities are examined in section 2. Methods for automatic generation input data, leading to code execution are described in section 3. This methods are based on dynamic symbolic execution. Dynamic symbolic execution allows to gain input data, which leads program along the path of triggering vulnerability. The security predicate is an extra set of symbolic formulas, describing program's state in which code execution is possible. To get input data, leading to code execution, path and security predicates need to be united, and then the whole system should be solved. Security predicates for pointer overwrite, function pointer overwrite and format string vulnerability, that leads to stack buffer overflow are presented in the paper. Represented security predicates were used in method for software defect severity estimation. The method was applied to several binaries from Darpa Cyber Grand Challenge. Testing security predicate for format string vulnerability, that leads to buffer overflow was conducted on vulnerable version of Ollydbg. As a result of testing it was possible to obtain input data that leads to code execution.
Keywords: software bugs, symbolic execution, security predicates, binary analysis, dynamic analysis.
Funding agency Grant number
Russian Foundation for Basic Research 17-01-00600
Bibliographic databases:
Document Type: Article
Language: Russian
Citation: A. N. Fedotov, V. V. Kaushan, S. S. Gaissaryan, Sh. F. Kurmangaleev, “Building security predicates for some types of vulnerabilities”, Proceedings of ISP RAS, 29:6 (2017), 151–162
Citation in format AMSBIB
\Bibitem{FedKauGay17}
\by A.~N.~Fedotov, V.~V.~Kaushan, S.~S.~Gaissaryan, Sh.~F.~Kurmangaleev
\paper Building security predicates for some types of vulnerabilities
\jour Proceedings of ISP RAS
\yr 2017
\vol 29
\issue 6
\pages 151--162
\mathnet{http://mi.mathnet.ru/tisp278}
\crossref{https://doi.org/10.15514/ISPRAS-2017-29(6)-8}
\elib{https://elibrary.ru/item.asp?id=32309071}
Linking options:
  • https://www.mathnet.ru/eng/tisp278
  • https://www.mathnet.ru/eng/tisp/v29/i6/p151
    • This publication is cited in the following 2 articles:
    Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    		Proceedings of the Institute for System Programming of the RAS
    Statistics & downloads:
    Abstract page:218
    Full-text PDF :121
    References:25
     
      Contact us:
    		  Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024