Heap exploits are one of the most advanced, complex and frequent types of attack. Over the years, many effective techniques have been developed to mitigate them, such as data execution prevention, address space layout randomization and canaries. However, if both knowledge and control of the memory allocation are available, heap spraying and other attacks are still feasible. This paper presents HAIT, a memory profiler that records critical operations on the heap and shows them graphically in a clear and comprehensible format. A prototype was implemented on top of Triton, a framework for dynamic binary analysis. The experimental evaluation demonstrates that HAIT can help identifying the essential information needed to carry out heap exploits, providing valuable knowledge for an effective attack.
HAIT: Heap Analyzer with Input Tracing / Atzeni, Andrea; Marcelli, Andrea; Muroni, Francesco; Squillero, Giovanni. - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT:(2017), pp. 327-334. (Intervento presentato al convegno SECRYPT 2017 tenutosi a Madrid, Spain nel 24-26 Luglio 2017) [10.5220/0006420803270334].
HAIT: Heap Analyzer with Input Tracing
ATZENI, ANDREA;MARCELLI, ANDREA;MURONI, FRANCESCO;SQUILLERO, GIOVANNI
2017
Abstract
Heap exploits are one of the most advanced, complex and frequent types of attack. Over the years, many effective techniques have been developed to mitigate them, such as data execution prevention, address space layout randomization and canaries. However, if both knowledge and control of the memory allocation are available, heap spraying and other attacks are still feasible. This paper presents HAIT, a memory profiler that records critical operations on the heap and shows them graphically in a clear and comprehensible format. A prototype was implemented on top of Triton, a framework for dynamic binary analysis. The experimental evaluation demonstrates that HAIT can help identifying the essential information needed to carry out heap exploits, providing valuable knowledge for an effective attack.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2672737
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo