A Unit-Based Symbolic Execution Method for Detecting Heap Overflow Vulnerability in Executable Codes

Mouzarani, Maryam; Kamali, Ali; Baradaran, Sara; Heidari, Mahdi

doi:10.1007/978-3-031-09827-7_6

Cited by 1 publication

(1 citation statement)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This code is given the name (Shellcode) which means that the offender can spawn a local shell such as (CMD or Bash) on the target machine. Second, the attackers exploit a weakness, such as buffer-overflow [5] or heap overflow [6], in the application code which allows them to run that Shellcode. Microsoft has adopted several techniques, to mitigate memory corruption attacks, such as an approach (DEP) [7], Address Space Layout Randomization (ASLR) [8].…”

Section: Introductionmentioning

confidence: 99%

NG-MVEE: A New Proposed Hybrid Technique for Enhanced Mitigation of Code Re-Use Attack

et al. 2023

View full text Add to dashboard Cite

Code-Reuse Attacks (CRAs) are solid mechanisms to bypass advanced software and hardware defenses because they use the software's own code and they are very hard to be detected without significant overhead. Numerous methods have been proposed to protect against memory-based attacks that result from reusing parts of the attacked binary code. In this paper, two problems were tackled. the first problem is the lack of a categorized survey, analysis, and evaluation of the different CRAs proposed in the literature. The second problem is the inherent vulnerability that exists in protection techniques that are based on Multi-Variant Execution Environment (MVEE) since they are using shared Linux libraries with gadget-prone codes. In the paper a novel framework of CRA mitigation is introduced; fusing the two different prominent techniques of control flow integrity and multi-variant execution environment. The novel mitigation technique, named Next Generation MVEE (NG-MVEE), was built upon an existing generic CRA detection system (GHUMVEE) and complemented with a different CRA detection technique (G-Free) in order to provide comprehensive protection against code-reuse attacks. The outcome of the hybrid system is an optimized hybrid version of an MVEE technique, with minimal performance overhead increase due to the added protection layer of the G-Free technique. A median of 7% performance overhead resulted from the proposed protection system.

show abstract