Automated Exploit Diagnosis via Type Inference on Binary Execution
讲座名称:
Automated Exploit Diagnosis via Type Inference on Binary Execution
讲座时间:
2011-06-16
讲座人:
Heng Yin
形式:
校区:
兴庆校区
实践学分:
讲座内容:
讲座名称:Automated Exploit Diagnosis via Type Inference on Binary Execution
讲座时间:2011年6月16号下午4.30分
讲座地点:科学馆207
讲 座 人:Heng Yin
讲座类型:计算机安全
讲座内容:
Software exploit is one of the major threats to the Internet security. In particular, drive-by download attacks exploiting the vulnerabilities in web browsers have become increasingly prevalent these days. To quickly respond to these attacks, it is critical to automatically diagnose previously unknown exploits, identifying what specific vulnerability has been triggered and how the exploit has bypassed the existing defense mechanisms. Because of the complexity of the victim programs (e.g., web browser) and sophistication of recent exploits, existing analysis techniques fall short: they either miss important attack steps or report too much irrelevant information. In this paper, we leverage a key observation that memory corruption exploits inevitably violate the type consistency of the targeted program. We propose to use type inference on binary execution to detect the type conflicts induced by an exploit. These type conflicts highlight the important attack steps during the exploit, and therefore convey valuable information about the exploit characteristics. Such type conflicts help us to identify the key steps in an exploit and the causal relationships among them. We implemented this new technique in a prototype system called ClearType. Using real-world exploit samples (including several recent drive-by download exploits), we demonstrated that ClearType can successfully capture the key attack steps for all these samples and highlight a very small portion of the execution trace to facilitate attack response.
相关视频