Abstract:
Vulnerabilities are the core elements of system security and attack-defense confrontation. The automatic discovery, analysis and exploit of vulnerabilities has been a hot and difficult issue for a long time. The related researches mainly focus on fuzzing, propagate taint analysis and symbolic execution. On one hand, current solutions focus on different aspects of vulnerability discovery, analysis and exploit, which lack systematic researches and implementations. On the other hand, current solutions ignore the feasibility of limited resources under the realistic environment. Inside, the fuzzing is mainly based on large-scale server cluster system implementation, and the methods of propagate taint analysis and symbolic execution have high time and space complexity, which are prone to state explosion. Counter the problem of vulnerability automatic discovery and exploit under the limited resources, a program dynamic runtime Weak-Tainted model is established, then a complete solution for automatic vulnerability discovery, analysis and exploit is presented. The paper optimizes and enhances the ability of propagate taint analysis, and proposes a method for input solving based on output feature feedback, and any other analysis solutions under the limited resources to improve the ability and efficiency of vulnerability discovery, analysis and exploit. The paper designs and implements the vulnerability discovery and exploit automatic prototype system, which can concurrent 25 tasks for fuzzing, and propagate taint analysis and input solving with one server. The paper tests experiments on the samples of the 2018 BCTF competition, and the results show that the method of input solving in this paper is superior to ANGR for solving the atoi, hex and base64 encoding. The efficiency of vulnerability discovery is improved 45.7% higher than AFL, and 24 of the 50 samples can generate exploits automatically successfully. The advantages of Weak-Tainted vulnerability description model for vulnerability discovery and exploit are verified.