Finding the needle in the heap : combining binary analysis techniques to trigger use-after-free

Abstract : Security is becoming a major concern in software development, both for software editors, end-users, and government agencies. A typical problem is vulnerability detection, which consists in finding in a code bugs able to let an attacker gain some unforeseen privileges like reading or writing sensible data, or even hijacking the program execution.This thesis proposes a practical approach to detect a specific kind of vulnerability, called use-after-free, occurring when a heap memory block is accessed after being freed. Such vulnerabilities have lead to numerous exploits (in particular against web browsers), and they are difficult to detect since they may involve several distant events in the code (allocating, freeingand accessing a memory block).The approach proposed consists in two steps. First, a coarse-grain and unsound binary level static analysis, called GUEB, allows to track heap memory blocks operation (allocation, free, and use). This leads to a program slice containing potential use-after-free. Then, a dedicated guided dynamic symbolic execution, developed within the Binsec plateform, is used to retrieve concreteprogram inputs aiming to trigger these use-after-free. This combination happened to be be effective in practice and allowed to detect several unknown vulnerabilities in real-life code. The implementation is available as an open-source tool-chain operating on x86 binary code.
Document type :
Theses
Complete list of metadatas

Cited literature [138 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01681707
Contributor : Abes Star <>
Submitted on : Friday, January 12, 2018 - 3:09:53 PM
Last modification on : Friday, July 6, 2018 - 10:08:02 AM
Long-term archiving on : Wednesday, May 23, 2018 - 8:13:03 PM

File

FEIST_2017_diffusion.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01681707, version 2

Collections

Citation

Josselin Feist. Finding the needle in the heap : combining binary analysis techniques to trigger use-after-free. Cryptography and Security [cs.CR]. Université Grenoble Alpes, 2017. English. ⟨NNT : 2017GREAM016⟩. ⟨tel-01681707v2⟩

Share

Metrics

Record views

411

Files downloads

823