Skip to Main content Skip to Navigation

Finding the needle in the heap : combining binary analysis techniques to trigger use-after-free

Abstract : Security is becoming a major concern in software development, both for software editors, end-users, and government agencies. A typical problem is vulnerability detection, which consists in finding in a code bugs able to let an attacker gain some unforeseen privileges like reading or writing sensible data, or even hijacking the program execution.This thesis proposes a practical approach to detect a specific kind of vulnerability, called use-after-free, occurring when a heap memory block is accessed after being freed. Such vulnerabilities have lead to numerous exploits (in particular against web browsers), and they are difficult to detect since they may involve several distant events in the code (allocating, freeingand accessing a memory block).The approach proposed consists in two steps. First, a coarse-grain and unsound binary level static analysis, called GUEB, allows to track heap memory blocks operation (allocation, free, and use). This leads to a program slice containing potential use-after-free. Then, a dedicated guided dynamic symbolic execution, developed within the Binsec plateform, is used to retrieve concreteprogram inputs aiming to trigger these use-after-free. This combination happened to be be effective in practice and allowed to detect several unknown vulnerabilities in real-life code. The implementation is available as an open-source tool-chain operating on x86 binary code.
Document type :
Complete list of metadata

Cited literature [138 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Friday, January 12, 2018 - 3:09:53 PM
Last modification on : Friday, March 25, 2022 - 9:44:03 AM
Long-term archiving on: : Wednesday, May 23, 2018 - 8:13:03 PM


Version validated by the jury (STAR)


  • HAL Id : tel-01681707, version 2



Josselin Feist. Finding the needle in the heap : combining binary analysis techniques to trigger use-after-free. Cryptography and Security [cs.CR]. Université Grenoble Alpes, 2017. English. ⟨NNT : 2017GREAM016⟩. ⟨tel-01681707v2⟩



Record views


Files downloads