Détails sur le séminaire

Auditorium (IMAG)
29 mars 2017 - 10h30
Finding the Needle in the Heap: Combining Binary Analysis Techniques to Trigger Use-After-Free
par Josselin FEIST de VERIMAG / PACSS

Abstract: Security is becoming a major concern in software development, both for
software editors, end-users, and government agencies. A typical problem is
vulnerability detection, which consists in finding in a code bugs able to
let an attacker gain some unforeseen privileges like reading or writing
sensible data, or even hijacking the program execution.

This thesis proposes a practical approach to detect a specific kind of
vulnerability, called use-after-free, occurring when a heap memory block
is accessed after being freed. Such vulnerabilities have lead to numerous
exploits (in particular against web browsers), and they are difficult to detect
since they may involve several distant events in the code (allocating, freeing
and accessing a memory block).

The approach proposed consists in two steps. First, a coarse-grain and
unsound binary level static analysis, called GUEB, allows to track heap memory blocks
operation (allocation, free, and use). This leads to a program slice
containing potential use-after-free. Then, a dedicated guided dynamic
symbolic execution, developed within the Binsec plateform, is used to retrieve concrete
program inputs aiming to trigger these use-after-free. This combination happened to be be
effective in practice and allowed to detect several unknown vulnerabilities in
real-life code. The implementation is available as an open-source
tool-chain operating on x86 binary code.

[the defense will be held in French]


Pascal Cuoq (TrustInSoft)
Philippe Elbaz-Vincent (UGA/IF)
Vincent Nicomette (INSA Toulouse/LAAS CNRS)
Yves Le Traon (Université de Luxembourg)
Sarah Zennou (Airbus Group)
Marie-Laure Potet (Grenoble INP/Verimag) - supervisor
Laurent Mounier - (UGA/Verimag) - co-supervisor

Contact | Plan du site | Site réalisé avec SPIP 3.0.25 + AHUNTSIC [CC License]

info visites 789730