CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 12718 > Article
Paper
1 June 2023 CAEG: crash-based automatic exploit generation
Zhenwei Ge, Chao Zhang, Zhongyuan Qin, Xin Sun, Wen Wang
Author Affiliations +
Proceedings Volume 12718, International Conference on Cyber Security, Artificial Intelligence, and Digital Economy (CSAIDE 2023); 1271809 (2023) https://doi.org/10.1117/12.2681588
Event: International Conference on Cyber Security, Artificial Intelligence, and Digital Economy (CSAIDE 2023), 2023, Nanjing, China
Abstract
In this paper, CAEG (Crash-based Automatic Exploit Generation) is proposed to automatically generate binary program exploits based on known crash inputs. In CAEG we analyze the input causing a program crash and address two main challenges: how to reproduce the crash state and how to automatically generate control flow hijacking exploits. Firstly, a path-oriented algorithm is proposed to find the crash path using symbolic execution techniques by treating the crash input as a symbolic value. Secondly, we summarize the principle of multiple control flow hijacking vulnerability exploits. In addition, consider bypassing the vulnerability mitigation mechanism by using springboard instructions to bypass Address Space Layout Randomization (ASLR) and return-to-libc to bypass Non-executable bit (NX). We tested 11 open source software with vulnerabilities (8 from the test sets of AEG and MAYHEM, and 3 from the CVE and EDB vulnerability repositories). The experimental results show that our scheme is more efficient than AEG and MAYHEM.
© (2023) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Zhenwei Ge, Chao Zhang, Zhongyuan Qin, Xin Sun, and Wen Wang "CAEG: crash-based automatic exploit generation", Proc. SPIE 12718, International Conference on Cyber Security, Artificial Intelligence, and Digital Economy (CSAIDE 2023), 1271809 (1 June 2023); https://doi.org/10.1117/12.2681588
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 7 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Binary data
Printing
Mining
Analytical research
Design and modelling
Engineering
Systems modeling
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top