Biblio
Automatic exploit generation is an open challenge. Existing solutions usually explore in depth the crashing paths, i.e., paths taken by proof-of-concept (POC) inputs triggering vulnerabilities, and generate exploits when exploitable states are found along the paths. However, exploitable states do not always exist in crashing paths. Moreover, existing solutions heavily rely on symbolic execution and are not scalable in path exploration and exploit generation. In addition, few solutions could exploit heap-based vulnerabilities. In this paper, we propose a new solution revery to search for exploitable states in paths diverging from crashing paths, and generate control-flow hijacking exploits for heap-based vulnerabilities. It adopts three novel techniques:(1) a digraph to characterize a vulnerability's memory layout and its contributor instructions;(2) a fuzz solution to explore diverging paths, which have similar memory layouts as the crashing paths, in order to search more exploitable states and generate corresponding diverging inputs;(3) a stitch solution to stitch crashing paths and diverging paths together, and synthesize EXP inputs able to trigger both vulnerabilities and exploitable states. We have developed a prototype of revery based on the binary analysis engine angr, and evaluated it on a set of 19 real world CTF (capture the flag) challenges. Experiment results showed that it could generate exploits for 9 (47%) of them, and generate EXP inputs able to trigger exploitable states for another 5 (26%) of them.
Software-Defined Networks (SDN) is a trend of research in networks. Rule placement, a common operation for network administrators, has become more complicated due to the capacity limitation of devices in which the large number of rules are deployed. Prior works on rule placement mostly consider the influence on rule placement incurred by the rules in a single device. However, the position relationships between neighbor devices have influences on rule placement. Our basic idea is to classify the position relationships into two categories: the serial relationship and the parallel relationship, and we present a novel strategy for rule placement based on the two different position relationships. There are two challenges of implementing our strategies: to check whether a rule is contained by a rule set or not and to check whether a rule can be merged by other rules or not.To overcome the challenges, we propose a novel data structure called OPTree to represent the rules, which is convenient to check whether a rule is covered by other rules. We design the insertion algorithm and search algorithm for OPTree. Extensive experiments show that our approach can effectively reduce the number of rules while ensuring placed rules work. On the other hand, the experimental results also demonstrate that it is necessary to consider the position relationships between neighbor devices when placing rules.