2023
DOI: 10.3390/app132312556
|View full text |Cite
|
Sign up to set email alerts
|

CanaryExp: A Canary-Sensitive Automatic Exploitability Evaluation Solution for Vulnerabilities in Binary Programs

Hui Huang,
Yuliang Lu,
Kailong Zhu
et al.

Abstract: We propose CanaryExp, an exploitability evaluation solution for vulnerabilities among binary programs protected by StackGuard. CanaryExp devises three novel techniques, namely canary leakage proof of concept generation, canary leaking analysis time exploitation, and dynamic canary-relocation-based exploitability evaluation. The canary leakage proof of concept input generation mechanism first traces the target program’s execution, transforming the execution state into some canary leaking state, from which some … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2024
2024
2024
2024

Publication Types

Select...
1

Relationship

0
1

Authors

Journals

citations
Cited by 1 publication
(1 citation statement)
references
References 26 publications
0
1
0
Order By: Relevance
“…But when it detects an attack, the application has already been attacked once, which may lead to unpredictable consequences. StackGuard [15], CanaryExp [16] and Libsafe [17] add a piece of detection data to the tail of the heap or stack to ensure that the target object cannot be accessed beyond its boundary. However, attackers can use memory disclosure (such as cloning a child process) to read the boundary value and use equivalent rewriting to bypass these methods.…”
Section: Boundary Detectionmentioning
confidence: 99%
“…But when it detects an attack, the application has already been attacked once, which may lead to unpredictable consequences. StackGuard [15], CanaryExp [16] and Libsafe [17] add a piece of detection data to the tail of the heap or stack to ensure that the target object cannot be accessed beyond its boundary. However, attackers can use memory disclosure (such as cloning a child process) to read the boundary value and use equivalent rewriting to bypass these methods.…”
Section: Boundary Detectionmentioning
confidence: 99%