ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2019, Vol. 56 ›› Issue (11): 2299-2314.doi: 10.7544/issn1000-1239.2019.20190341

Special Issue: 2019密码学与智能安全研究专题

    Next Articles

Automatic Software Vulnerability Discovery and Exploit Under the Limited Resource Conditions

Huang Huafeng1,2, Wang Jiajie3, Yang Yi1,2, Su Purui1,2, Nie Chujiang1,2, Xin Wei3   

  1. 1(Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190);2(School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100190);3(China Information Technology Security Evaluation Center, Beijing 100085)
  • Online:2019-11-12

Abstract: Vulnerabilities are the core elements of system security and attack-defense confrontation. The automatic discovery, analysis and exploit of vulnerabilities has been a hot and difficult issue for a long time. The related researches mainly focus on fuzzing, propagate taint analysis and symbolic execution. On one hand, current solutions focus on different aspects of vulnerability discovery, analysis and exploit, which lack systematic researches and implementations. On the other hand, current solutions ignore the feasibility of limited resources under the realistic environment. Inside, the fuzzing is mainly based on large-scale server cluster system implementation, and the methods of propagate taint analysis and symbolic execution have high time and space complexity, which are prone to state explosion. Counter the problem of vulnerability automatic discovery and exploit under the limited resources, a program dynamic runtime Weak-Tainted model is established, then a complete solution for automatic vulnerability discovery, analysis and exploit is presented. The paper optimizes and enhances the ability of propagate taint analysis, and proposes a method for input solving based on output feature feedback, and any other analysis solutions under the limited resources to improve the ability and efficiency of vulnerability discovery, analysis and exploit. The paper designs and implements the vulnerability discovery and exploit automatic prototype system, which can concurrent 25 tasks for fuzzing, and propagate taint analysis and input solving with one server. The paper tests experiments on the samples of the 2018 BCTF competition, and the results show that the method of input solving in this paper is superior to ANGR for solving the atoi, hex and base64 encoding. The efficiency of vulnerability discovery is improved 45.7% higher than AFL, and 24 of the 50 samples can generate exploits automatically successfully. The advantages of Weak-Tainted vulnerability description model for vulnerability discovery and exploit are verified.

Key words: vulnerability, fuzzing, taint propagate, symbolic execution, input solving, automatic exploit

CLC Number: