JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Enhancement of Accuracy of Exploitability Analysis Tools for Crashes
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Enhancement of Accuracy of Exploitability Analysis Tools for Crashes
Jeon, Hyeon-gu; Eom, Ki-Jin; Mok, Seong-Kyun; Cho, Eun-Sun;
  PDF(new window)
 Abstract
To enhance the reliability of programs, developers use fuzzing tools in test processes to identify vulnerabilities so that they can be fixed ahead of time. In this case, the developers consider the security-related vulnerabilities to be the most critical ones that should be urgently fixed to avoid possible exploitation by attackers. However, developers without much experience of analysis of vulnerabilities usually rely on tools to pick out the security-related crashes from the normal crashes. In this paper, we suggest a static analysis-based tool to help developers to make their programs more reliable by identifying security-related crashes among them. This paper includes experimental results, and compares them to the results from MSEC !exploitable for the same sets of crashes.
 Keywords
static analysis;crash;exploitability;taint analysis;
 Language
Korean
 Cited by
 References
1.
Andy Renk (2013, May). !exploitable Crash Analyzer-MSEC Debugger Extensions [Online]. Available: https://msecdbg.codeplex.com/(downloaded 2016, Feb.)

2.
M.-S. Noh, J.-B. Na, G.-U. Jung , J. Ryou, B.-N. Noh, "A Study on MS Crash Analyzer," KIPS transactions on computer and communication systems, Vol. 2, No. 9, pp. 399-404, 2013. (in Korean) crossref(new window)

3.
J. Clause, W. Li., and R. Orso, "Dytan A generic dynamic taint analysis framework," Proc. of International Symposium on Software Testing and Analysis, pp. 133-147, 2005.

4.
L. Li and C. Wang, "Dynamic Analysis and Debugging of Binary Code for Security Applications," Runtime Verification, Vol. 8174, pp.403-423, 2013. crossref(new window)

5.
MITRE (2010). CVE-2010-1807, Common Vulnerabilities and Expiosures, [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 (downloaded 2015, May.)

6.
K.-J. Eom et. aI., "Automated Crash Filtering for ARM Binary Programs," Proc. of IEEE Computer Software and Applications Conference, pp. 478-483, 2015.

7.
Zynamics (2011 , Mar). Platform-independent integrated reverse engineering environment, [Online]. Available: http://www.zynamics.com (downloaded 2014, Aug.)

8.
H.-G. Jeon et. aI., "Exploitability Analysis on Crashes using Static Analysis," Proc. of the KIISE Korea Computer Congress, pp. 1730-1732, 2015. (in Korean)

9.
PeachFuzzer (2016, Feb). Dummy Fuzzer-Peach [Online]. Available: http://www.peachfuzzer.com/ (downloaded 2016, Feb.)