Proceedings of the Institute for System Programming of the RAS
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Proceedings of the Institute for System Programming of the RAS, 2019, Volume 31, Issue 6, Pages 99–124
DOI: https://doi.org/10.15514/ISPRAS-2019-31(6)-6
(Mi tisp472)
 

Survey of methods for automated code-reuse exploit generation

A. V. Vishnyakovab, A. R. Nurmukhametova

a Ivannikov Institute for System Programming of the Russian Academy of Sciences
b Lomonosov Moscow State University
References:
Abstract: This paper provides a survey of methods and tools for automated code-reuse exploit generation. Such exploits use code that already contains in a vulnerable program. The code-reuse approach, e.g., return-oriented programming, allows one to exploit vulnerabilities in the presence of operating system protection that prohibits execution of code in memory pages marked as data. We define fundamental terms such as gadget, gadget frame, gadget catalog. Moreover, we show that a gadget is, in fact, an instruction, and a set of gadgets defines a virtual machine. We can reduce an exploit creation problem to code generation for this virtual machine. Each particular executable file defines a virtual machine instruction set. We provide a survey of methods for gadgets searching and determining their semantics (creating a gadget catalog). These methods allow one to get the virtual machine instruction set. If a set of gadgets is Turing-complete, then a compiler can use a gadget catalog as a target architecture. However, some instructions can be absent. Hence we discuss several approaches to replace missing instructions with multiple gadgets. An exploit generation tool can chain gadgets by pattern searching (regular expressions) or taking gadgets semantics into consideration. Furthermore, some chaining methods use genetic algorithms, while others use SMTsolvers. We compare existing open source tools and propose a testing system rop-benchmark that can be used to verify whether a generated chain successfully opens a shell.
Keywords: code-reuse attacks, return-oriented programming, ROP, data execution prevention, DEP, address space layout randomization, ASLR, gadget, gadget frame, gadget catalog, ROP chain, gadget search, gadget classification, ROP compiler, symbolic execution, ROP benchmark.
Funding agency Grant number
Russian Foundation for Basic Research 17-01-00600
This work was supported by the Russian Foundation for Basic Research, project no. 17-01-00600
Document Type: Article
Language: Russian
Citation: A. V. Vishnyakov, A. R. Nurmukhametov, “Survey of methods for automated code-reuse exploit generation”, Proceedings of ISP RAS, 31:6 (2019), 99–124
Citation in format AMSBIB
\Bibitem{VisNur19}
\by A.~V.~Vishnyakov, A.~R.~Nurmukhametov
\paper Survey of methods for automated code-reuse exploit generation
\jour Proceedings of ISP RAS
\yr 2019
\vol 31
\issue 6
\pages 99--124
\mathnet{http://mi.mathnet.ru/tisp472}
\crossref{https://doi.org/10.15514/ISPRAS-2019-31(6)-6}
Linking options:
  • https://www.mathnet.ru/eng/tisp472
  • https://www.mathnet.ru/eng/tisp/v31/i6/p99
  • Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Proceedings of the Institute for System Programming of the RAS
    Statistics & downloads:
    Abstract page:171
    Full-text PDF :192
    References:23
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024