Browse > Article
http://dx.doi.org/10.3837/tiis.2016.10.016

Deduplication and Exploitability Determination of UAF Vulnerability Samples by Fast Clustering  

Peng, Jianshan (China National Digital Switching System Engineering and Technological Research Center)
Zhang, Mi (Henan Technical College of Construction)
Wang, Qingxian (China National Digital Switching System Engineering and Technological Research Center)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.10, 2016 , pp. 4933-4956 More about this Journal
Abstract
Use-After-Free (UAF) is a common lethal form of software vulnerability. By using tools such as Web Browser Fuzzing, a large amount of samples containing UAF vulnerabilities can be generated. To evaluate the threat level of vulnerability or to patch the vulnerabilities, automatic deduplication and exploitability determination should be carried out for these samples. There are some problems existing in current methods, including inadequate pertinence, lack of depth and precision of analysis, high time cost, and low accuracy. In this paper, in terms of key dangling pointer and crash context, we analyze four properties of similar samples of UAF vulnerability, explore the method of extracting and calculate clustering eigenvalues from these samples, perform clustering by fast search and find of density peaks on a large number of vulnerability samples. Samples were divided into different UAF vulnerability categories according to the clustering results, and the exploitability of these UAF vulnerabilities was determined by observing the shape of class cluster. Experimental results showed that the approach was applicable to the deduplication and exploitability determination of a large amount of UAF vulnerability samples, with high accuracy and low performance cost.
Keywords
Use After Free; deduplication of vulnerability samples; exploitability determination; clustering; dangling pointer;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. Lee, T. Avgerinos, D. Brumley, “TIE: Principled Reverse Engineering of Types in Binary Programs,” in Proc. of Network and Distributed System Security Symposium, San Diego, California, February 2011.Article (CrossRef Link).
2 S. Sparks, S. Embleton, R. Cunningham, et al., “Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting,” in Proc. of Computer Security Applications Conference, pp. 477-486, 2007.Article (CrossRef Link).
3 P. Godefroid, M. Y. Levin, D. A. Molnar, “Automated Whitebox Fuzz Testing,” in Proc. of Network and Distributed System Security Symposium, pp. 151-166, San Diego, CA, 2008. Article (CrossRef Link).
4 D. Brumley, P. Poosankam et al., “Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications,” in Proc. of 2013 IEEE Symposium on Security and Privacy, pp. 143-157, 2013. Article (CrossRef Link).
5 T. Avgerinos, S. K. Cha, A. Rebert, et al., “Automatic exploit generation,” Communications of the ACM, vol. 57, no. 2, pp. 74-84, 2014. Article (CrossRef Link).   DOI
6 S. K. Cha, T. Avgerinos, A. Rebert, et al., “Unleashing mayhem on binary code,” in Proc. of IEEE Security and Privacy, pp. 380-394, San Francisco, 2012. Article (CrossRef Link).
7 “!exploitable Crash Analyzer - MSEC Debugger Extensions,” Available: http://msecdbg.codeplex.com/, 2013. Article (CrossRef Link).
8 AC Jose, R. Malekian, “Smart Home Automation Security: A Literature Review,” Smartcr, vol. 5, no. 4, pp. 269-285, 2015. Article (CrossRef Link).
9 G. Gugnani, SP Ghrera, et al., “Implementing DNA Encryption Technique in Web Services to Embed Confidentiality in Cloud,” in Proc. of International Conference on Computer and Communication Technologies, pp. 407-415, 2015. Article (CrossRef Link).
10 YE Ning, Y. Zhu, RC Wang, et al., “An Efficient Authentication and Access Control Scheme for Perception Layer of Internet of Things,” Applied Mathematics & Information Sciences, vol. 8, no. 4, pp. 1617-1624, 2014. Article (CrossRef Link).   DOI
11 J. Afek, A. Sharabani, “Dangling Pointer – Smashing the Pointer for Fun and Profit,” in Proc. of BlackHat, Las Vegas, CA, July 2007.Article (CrossRef Link).
12 Ruderman, J., “JavaScript fuzzer available,” Mozilla Security Blog, Available: http://www.squarefree.com/2007/08/02/introducing-jsfunfuzz/.Article (CrossRef Link).
13 A. Sotirov, M. Dowd. “Bypassing browser memory protections,” in Proc. of Blackhat, 2008. Article (CrossRef Link).
14 “Microsoft Internet Explorer CVE-2013-3893 Memory Corruption Vulnerability,” SecurityFocus, Available: http://www.securityfocus.com/bid/62453, Jul 15, 2015.Article (CrossRef Link).
15 “Microsoft Internet Explorer CMarkup Function Use-After-Free Arbitrary Code Execution Vulnerability,” Cisco Security, Available: https://tools.cisco.com/security/center/viewAlert.x?alertId=27533, 2012. Article (CrossRef Link).
16 J. Feist, L. Mounier, ML. Potet, “Statically detecting use after free on binary code,” Journal of Computer Virology & Hacking Techniques, 2014, vol. 10, no. 3, pp. 211-217, 2014. Article (CrossRef Link).   DOI
17 “CVE-2014-1776 (IE 0day) Analysis,” SIGNALSEC, Available: http://www.signalsec.com/blog/cve-2014-1776-ie-0day-analysis/, May 1st, 2014. Article (CrossRef Link).
18 TEMU: The BitBlaze Dynamic Analysis Component. Article (CrossRef Link).
19 James Newsome, Dawn Song. “Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software,” in Proc. of Network and Distributed System Security Symposium, San Diego, CA, USA, 2005. Article (CrossRef Link).
20 J. Caballero, G. Grieco, M. Marron, A. Nappa, “Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities,” in Proc. of the 2012 International Symposium on Software Testing and Analysis ACM, pp. 133-143, 2012. Article (CrossRef Link).
21 R. Alex, L. Alessandro, “Clustering by fast search and find of density peaks,” Science, vol. 344, no. 6191, pp. 1492-6, 2014. Article (CrossRef Link).   DOI
22 R. Hastings, B. Joyce, “Purify: Fast Detection of Memory Leaks and Access Errors,” in Proc. of USENIX 1992, San Francisco, California, 1992.Article (CrossRef Link).
23 J. A. Hartigan, M. A. Wong, “Algorithm AS 136: A K-Means Clustering Algorithm,” Applied Statistics, vol. 28, no. 1, pp. 100-108, 1979. Article (CrossRef Link).   DOI
24 “Windows ISV Software Security Defenses,” MSDN, Available: https://msdn.microsoft.com/en-us/library/bb430720.aspx, December 2010. Article (CrossRef Link).
25 J. Babaud, A. P. Witkin, M. Baudin, et al., “Uniqueness of the gaussian kernel for scale-space filtering,” IEEE Transactions on Pattern Analysis & Machine Intelligence, vol. 8, no. 1, pp. 26-33, 1986.Article (CrossRef Link).   DOI
26 B. Perens. “Electric Fence Malloc Debugger,” July 2011.Article (CrossRef Link).
27 “Page Heap for Chromium,” July 2011.Article (CrossRef Link).