@inproceedings{1bfd36c6592940a28bf4320ef7eef74e,
title = "Kepler: Facilitating control-flow hijacking primitive evaluation for linux kernel vulnerabilities",
abstract = "Automatic exploit generation is a challenging problem. A challenging part of the task is to connect an identified exploitable state (exploit primitive) to triggering execution of code-reuse (e.g., ROP) payload. A control-flow hijacking primitive is one of the most common capabilities for exploitation. However, due to the challenges of widely deployed exploit mitigations, pitfalls along an exploit path, and ill-suited primitives, it is difficult to even manually craft an exploit with a control-flow hijacking primitive for an off-the-shelf modern Linux kernel. We propose KEPLER to facilitate exploit generation by automatically generating a “single-shot” exploitation chain. KEPLER accepts as input a control-flow hijacking primitive and bootstraps any kernel ROP payload by symbolically stitching an exploitation chain taking advantage of prevalent kernel coding style and corresponding gadgets. Comparisons with previous automatic exploit generation techniques and previous kernel exploit techniques show KEPLER effectively facilitates evaluation of control-flow hijacking primitives in the Linux kernel.",
author = "Wei Wu and Yueqi Chen and Xinyu Xing and Wei Zou",
note = "Publisher Copyright: {\textcopyright} 2019 by The USENIX Association. All rights reserved.; 28th USENIX Security Symposium ; Conference date: 14-08-2019 Through 16-08-2019",
year = "2019",
language = "English (US)",
series = "Proceedings of the 28th USENIX Security Symposium",
publisher = "USENIX Association",
pages = "1187--1204",
booktitle = "Proceedings of the 28th USENIX Security Symposium",
}