Automatic exploitation generation method of write-what-where vulnerability
To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where, a method of automatic exploitation generation for write-what-where was proposed.First, the write-what-where vulnerabi...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2022-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022003/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539994119831552 |
|---|---|
| author | Huafeng HUANG Purui SU Yi YANG Xiangkun JIA |
| author_facet | Huafeng HUANG Purui SU Yi YANG Xiangkun JIA |
| author_sort | Huafeng HUANG |
| collection | DOAJ |
| description | To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where, a method of automatic exploitation generation for write-what-where was proposed.First, the write-what-where vulnerability was detected based on the memory address control strength dynamic taint analysis method.Then, the vulnerability exploitation elements were searched based on the vulnerability exploitation modes, and the exploitation of write-what-where vulnerability was generated automatically by constraint solving.The experimental results show that the proposed method can effectively detect write-what-where vulnerability, search exploitation elements, and automatically generate the control-flow-hijacking exploitation from write-what-where. |
| format | Article |
| id | doaj-art-c70d49ab1a984454b3a8afe880d4263d |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2022-01-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-c70d49ab1a984454b3a8afe880d4263d2025-01-14T06:30:27ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2022-01-0143839559398404Automatic exploitation generation method of write-what-where vulnerabilityHuafeng HUANGPurui SUYi YANGXiangkun JIATo solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where, a method of automatic exploitation generation for write-what-where was proposed.First, the write-what-where vulnerability was detected based on the memory address control strength dynamic taint analysis method.Then, the vulnerability exploitation elements were searched based on the vulnerability exploitation modes, and the exploitation of write-what-where vulnerability was generated automatically by constraint solving.The experimental results show that the proposed method can effectively detect write-what-where vulnerability, search exploitation elements, and automatically generate the control-flow-hijacking exploitation from write-what-where.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022003/write-what-wherecontrol flow hijackingdynamic taint analysisvulnerability exploitation elementauto-matic exploitation generation |
| spellingShingle | Huafeng HUANG Purui SU Yi YANG Xiangkun JIA Automatic exploitation generation method of write-what-where vulnerability Tongxin xuebao write-what-where control flow hijacking dynamic taint analysis vulnerability exploitation element auto-matic exploitation generation |
| title | Automatic exploitation generation method of write-what-where vulnerability |
| title_full | Automatic exploitation generation method of write-what-where vulnerability |
| title_fullStr | Automatic exploitation generation method of write-what-where vulnerability |
| title_full_unstemmed | Automatic exploitation generation method of write-what-where vulnerability |
| title_short | Automatic exploitation generation method of write-what-where vulnerability |
| title_sort | automatic exploitation generation method of write what where vulnerability |
| topic | write-what-where control flow hijacking dynamic taint analysis vulnerability exploitation element auto-matic exploitation generation |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022003/ |
| work_keys_str_mv | AT huafenghuang automaticexploitationgenerationmethodofwritewhatwherevulnerability AT puruisu automaticexploitationgenerationmethodofwritewhatwherevulnerability AT yiyang automaticexploitationgenerationmethodofwritewhatwherevulnerability AT xiangkunjia automaticexploitationgenerationmethodofwritewhatwherevulnerability |