Automatic exploitation generation method of write-what-where vulnerability

To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where, a method of automatic exploitation generation for write-what-where was proposed.First, the write-what-where vulnerabi...

Full description

Saved in:
Bibliographic Details
Main Authors: Huafeng HUANG, Purui SU, Yi YANG, Xiangkun JIA
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2022-01-01
Series:Tongxin xuebao
Subjects:
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022003/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where, a method of automatic exploitation generation for write-what-where was proposed.First, the write-what-where vulnerability was detected based on the memory address control strength dynamic taint analysis method.Then, the vulnerability exploitation elements were searched based on the vulnerability exploitation modes, and the exploitation of write-what-where vulnerability was generated automatically by constraint solving.The experimental results show that the proposed method can effectively detect write-what-where vulnerability, search exploitation elements, and automatically generate the control-flow-hijacking exploitation from write-what-where.
ISSN:1000-436X