Identifying Non-Control Security-Critical Data through Program Dependence Learning
arxiv(2021)
摘要
As control-flow protection gets widely deployed, it is difficult for
attackers to corrupt control-data and achieve control-flow hijacking. Instead,
data-oriented attacks, which manipulate non-control data, have been
demonstrated to be feasible and powerful. In data-oriented attacks, a
fundamental step is to identify non-control, security-critical data. However,
critical data identification processes are not scalable in previous works,
because they mainly rely on tedious human efforts to identify critical data. To
address this issue, we propose a novel approach that combines traditional
program analysis with deep learning. At a higher level, by examining how
analysts identify critical data, we first propose dynamic analysis algorithms
to identify the program semantics (and features) that are correlated with the
impact of a critical data. Then, motivated by the unique challenges in the
critical data identification task, we formalize the distinguishing features and
use customized program dependence graphs (PDG) to embed the features. Different
from previous works using deep learning to learn basic program semantics, this
paper adopts a special neural network architecture that can capture the long
dependency paths (in the PDG), through which a critical variable propagates its
impact. We have implemented a fully-automatic toolchain and conducted
comprehensive evaluations. According to the evaluations, our model can achieve
90
FuzzBench. In addition, we demonstrate the harmfulness of the exploits using
the identified critical variables by simulating 7 data-oriented attacks through
GDB.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要