|
Survey of methods for automated code-reuse exploit generation
A. V. Vishnyakovab, A. R. Nurmukhametova a Ivannikov Institute for System Programming of the Russian Academy of Sciences
b Lomonosov Moscow State University
Abstract:
This paper provides a survey of methods and tools for automated code-reuse exploit generation. Such exploits use code that already contains in a vulnerable program. The code-reuse approach, e.g., return-oriented programming, allows one to exploit vulnerabilities in the presence of operating system protection that prohibits execution of code in memory pages marked as data. We define fundamental terms such as gadget, gadget frame, gadget catalog. Moreover, we show that a gadget is, in fact, an instruction, and a set of gadgets defines a virtual machine. We can reduce an exploit creation problem to code generation for this virtual machine. Each particular executable file defines a virtual machine instruction set. We provide a survey of methods for gadgets searching and determining their semantics (creating a gadget catalog). These methods allow one to get the virtual machine instruction set. If a set of gadgets is Turing-complete, then a compiler can use a gadget catalog as a target architecture. However, some instructions can be absent. Hence we discuss several approaches to replace missing instructions with multiple gadgets. An exploit generation tool can chain gadgets by pattern searching (regular expressions) or taking gadgets semantics into consideration. Furthermore, some chaining methods use genetic algorithms, while others use SMTsolvers. We compare existing open source tools and propose a testing system rop-benchmark that can be used to verify whether a generated chain successfully opens a shell.
Keywords:
code-reuse attacks, return-oriented programming, ROP, data execution prevention, DEP, address space layout randomization, ASLR, gadget, gadget frame, gadget catalog, ROP chain, gadget search, gadget classification, ROP compiler, symbolic execution, ROP benchmark.
Citation:
A. V. Vishnyakov, A. R. Nurmukhametov, “Survey of methods for automated code-reuse exploit generation”, Proceedings of ISP RAS, 31:6 (2019), 99–124
Linking options:
https://www.mathnet.ru/eng/tisp472 https://www.mathnet.ru/eng/tisp/v31/i6/p99
|
Statistics & downloads: |
Abstract page: | 171 | Full-text PDF : | 192 | References: | 23 |
|