Automatically assessing crashes from heap overflows

Liang He; Yan Cai; Hong Hu; Purui Su; Zhenkai Liang; Yi Yang; Huafeng Huang; Jia Yan; Xiangkun Jia; Dengguo Feng

doi:10.1109/ASE.2017.8115640

Automatically assessing crashes from heap overflows

Liang He, Yan Cai, Hong Hu, Purui Su, Zhenkai Liang, Yi Yang, Huafeng Huang, Jia Yan, Xiangkun Jia, Dengguo Feng

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

13 Scopus citations

Abstract

Heap overflow is one of the most widely exploited vulnerabilities, with a large number of heap overflow instances reported every year. It is important to decide whether a crash caused by heap overflow can be turned into an exploit. Efficient and effective assessment of exploitability of crashes facilitates to identify severe vulnerabilities and thus prioritize resources. In this paper, we propose the first metrics to assess heap overflow crashes based on both the attack aspect and the feasibility aspect. We further present HCSIFTER, a novel solution to automatically assess the exploitability of heap overflow instances under our metrics. Given a heap-based crash, HCSIFTER accurately detects heap overflows through dynamic execution without any source code or debugging information. Then it uses several novel methods to extract program execution information needed to quantify the severity of the heap overflow using our metrics. We have implemented a prototype HCSIFTER and applied it to assess nine programs with heap overflow vulnerabilities. HCSIFTER successfully reports that five heap overflow vulnerabilities are highly exploitable and two overflow vulnerabilities are unlikely exploitable. It also gave quantitatively assessments for other two programs. On average, it only takes about two minutes to assess one heap overflow crash. The evaluation result demonstrates both effectiveness and efficiency of HC Sifter.

Original language	English (US)
Title of host publication	ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering
Editors	Tien N. Nguyen, Grigore Rosu, Massimiliano Di Penta
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	274-279
Number of pages	6
ISBN (Electronic)	9781538626849
DOIs	https://doi.org/10.1109/ASE.2017.8115640
State	Published - Nov 20 2017
Event	32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017 - Urbana-Champaign, United States Duration: Oct 30 2017 → Nov 3 2017

Publication series

Name	ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

Other

Other	32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017
Country/Territory	United States
City	Urbana-Champaign
Period	10/30/17 → 11/3/17

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Software
Control and Optimization

Access to Document

10.1109/ASE.2017.8115640

Cite this

He, L., Cai, Y., Hu, H., Su, P., Liang, Z., Yang, Y., Huang, H., Yan, J., Jia, X., & Feng, D. (2017). Automatically assessing crashes from heap overflows. In T. N. Nguyen, G. Rosu, & M. Di Penta (Eds.), ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering (pp. 274-279). Article 8115640 (ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASE.2017.8115640

He, Liang ; Cai, Yan ; Hu, Hong et al. / Automatically assessing crashes from heap overflows. ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering. editor / Tien N. Nguyen ; Grigore Rosu ; Massimiliano Di Penta. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 274-279 (ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering).

@inproceedings{700a61a431aa422ba5195d0d72415f22,

title = "Automatically assessing crashes from heap overflows",

abstract = "Heap overflow is one of the most widely exploited vulnerabilities, with a large number of heap overflow instances reported every year. It is important to decide whether a crash caused by heap overflow can be turned into an exploit. Efficient and effective assessment of exploitability of crashes facilitates to identify severe vulnerabilities and thus prioritize resources. In this paper, we propose the first metrics to assess heap overflow crashes based on both the attack aspect and the feasibility aspect. We further present HCSIFTER, a novel solution to automatically assess the exploitability of heap overflow instances under our metrics. Given a heap-based crash, HCSIFTER accurately detects heap overflows through dynamic execution without any source code or debugging information. Then it uses several novel methods to extract program execution information needed to quantify the severity of the heap overflow using our metrics. We have implemented a prototype HCSIFTER and applied it to assess nine programs with heap overflow vulnerabilities. HCSIFTER successfully reports that five heap overflow vulnerabilities are highly exploitable and two overflow vulnerabilities are unlikely exploitable. It also gave quantitatively assessments for other two programs. On average, it only takes about two minutes to assess one heap overflow crash. The evaluation result demonstrates both effectiveness and efficiency of HC Sifter.",

author = "Liang He and Yan Cai and Hong Hu and Purui Su and Zhenkai Liang and Yi Yang and Huafeng Huang and Jia Yan and Xiangkun Jia and Dengguo Feng",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017 ; Conference date: 30-10-2017 Through 03-11-2017",

year = "2017",

month = nov,

day = "20",

doi = "10.1109/ASE.2017.8115640",

language = "English (US)",

series = "ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "274--279",

editor = "Nguyen, {Tien N.} and Grigore Rosu and {Di Penta}, Massimiliano",

booktitle = "ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering",

address = "United States",

}

He, L, Cai, Y, Hu, H, Su, P, Liang, Z, Yang, Y, Huang, H, Yan, J, Jia, X & Feng, D 2017, Automatically assessing crashes from heap overflows. in TN Nguyen, G Rosu & M Di Penta (eds), ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering., 8115640, ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, Institute of Electrical and Electronics Engineers Inc., pp. 274-279, 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017, Urbana-Champaign, United States, 10/30/17. https://doi.org/10.1109/ASE.2017.8115640

Automatically assessing crashes from heap overflows. / He, Liang; Cai, Yan; Hu, Hong et al.
ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering. ed. / Tien N. Nguyen; Grigore Rosu; Massimiliano Di Penta. Institute of Electrical and Electronics Engineers Inc., 2017. p. 274-279 8115640 (ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Automatically assessing crashes from heap overflows

AU - He, Liang

AU - Cai, Yan

AU - Hu, Hong

AU - Su, Purui

AU - Liang, Zhenkai

AU - Yang, Yi

AU - Huang, Huafeng

AU - Yan, Jia

AU - Jia, Xiangkun

AU - Feng, Dengguo

PY - 2017/11/20

Y1 - 2017/11/20

N2 - Heap overflow is one of the most widely exploited vulnerabilities, with a large number of heap overflow instances reported every year. It is important to decide whether a crash caused by heap overflow can be turned into an exploit. Efficient and effective assessment of exploitability of crashes facilitates to identify severe vulnerabilities and thus prioritize resources. In this paper, we propose the first metrics to assess heap overflow crashes based on both the attack aspect and the feasibility aspect. We further present HCSIFTER, a novel solution to automatically assess the exploitability of heap overflow instances under our metrics. Given a heap-based crash, HCSIFTER accurately detects heap overflows through dynamic execution without any source code or debugging information. Then it uses several novel methods to extract program execution information needed to quantify the severity of the heap overflow using our metrics. We have implemented a prototype HCSIFTER and applied it to assess nine programs with heap overflow vulnerabilities. HCSIFTER successfully reports that five heap overflow vulnerabilities are highly exploitable and two overflow vulnerabilities are unlikely exploitable. It also gave quantitatively assessments for other two programs. On average, it only takes about two minutes to assess one heap overflow crash. The evaluation result demonstrates both effectiveness and efficiency of HC Sifter.

AB - Heap overflow is one of the most widely exploited vulnerabilities, with a large number of heap overflow instances reported every year. It is important to decide whether a crash caused by heap overflow can be turned into an exploit. Efficient and effective assessment of exploitability of crashes facilitates to identify severe vulnerabilities and thus prioritize resources. In this paper, we propose the first metrics to assess heap overflow crashes based on both the attack aspect and the feasibility aspect. We further present HCSIFTER, a novel solution to automatically assess the exploitability of heap overflow instances under our metrics. Given a heap-based crash, HCSIFTER accurately detects heap overflows through dynamic execution without any source code or debugging information. Then it uses several novel methods to extract program execution information needed to quantify the severity of the heap overflow using our metrics. We have implemented a prototype HCSIFTER and applied it to assess nine programs with heap overflow vulnerabilities. HCSIFTER successfully reports that five heap overflow vulnerabilities are highly exploitable and two overflow vulnerabilities are unlikely exploitable. It also gave quantitatively assessments for other two programs. On average, it only takes about two minutes to assess one heap overflow crash. The evaluation result demonstrates both effectiveness and efficiency of HC Sifter.

UR - http://www.scopus.com/inward/record.url?scp=85041446824&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041446824&partnerID=8YFLogxK

U2 - 10.1109/ASE.2017.8115640

DO - 10.1109/ASE.2017.8115640

M3 - Conference contribution

AN - SCOPUS:85041446824

T3 - ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

SP - 274

EP - 279

BT - ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

A2 - Nguyen, Tien N.

A2 - Rosu, Grigore

A2 - Di Penta, Massimiliano

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017

Y2 - 30 October 2017 through 3 November 2017

ER -

He L, Cai Y, Hu H, Su P, Liang Z, Yang Y et al. Automatically assessing crashes from heap overflows. In Nguyen TN, Rosu G, Di Penta M, editors, ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering. Institute of Electrical and Electronics Engineers Inc. 2017. p. 274-279. 8115640. (ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering). doi: 10.1109/ASE.2017.8115640

Automatically assessing crashes from heap overflows

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this