HI-CFG: Construction by binary analysis and application to attack polymorphism

Dan Caselden; Alex Bazhanyuk; Mathias Payer; Stephen McCamant; Dawn Song

doi:10.1007/978-3-642-40203-6_10

HI-CFG: Construction by binary analysis and application to attack polymorphism

Dan Caselden, Alex Bazhanyuk, Mathias Payer, Stephen McCamant, Dawn Song

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

28 Scopus citations

Abstract

Security analysis often requires understanding both the control and data-flow structure of a binary. We introduce a new program representation, a hybrid information- and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a program whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack inputs under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such attack polymorphism shows the insufficiency of any filter that does not support all the same transformations as the vulnerable application. In case studies, we show this attack capability against a PDF viewer and a word processor.

Original language	English (US)
Title of host publication	Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings
Pages	164-181
Number of pages	18
DOIs	https://doi.org/10.1007/978-3-642-40203-6_10
State	Published - 2013
Event	18th European Symposium on Research in Computer Security, ESORICS 2013 - Egham, United Kingdom Duration: Sep 9 2013 → Sep 13 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8134 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	18th European Symposium on Research in Computer Security, ESORICS 2013
Country/Territory	United Kingdom
City	Egham
Period	9/9/13 → 9/13/13

Access

10.1007/978-3-642-40203-6_10

OpenUrl availability

Full text

Cite this

Caselden, D., Bazhanyuk, A., Payer, M., McCamant, S., & Song, D. (2013). HI-CFG: Construction by binary analysis and application to attack polymorphism. In Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings (pp. 164-181). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8134 LNCS). https://doi.org/10.1007/978-3-642-40203-6_10

HI-CFG: Construction by binary analysis and application to attack polymorphism. / Caselden, Dan; Bazhanyuk, Alex; Payer, Mathias et al.
Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings. 2013. p. 164-181 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8134 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Caselden, D, Bazhanyuk, A, Payer, M, McCamant, S & Song, D 2013, HI-CFG: Construction by binary analysis and application to attack polymorphism. in Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8134 LNCS, pp. 164-181, 18th European Symposium on Research in Computer Security, ESORICS 2013, Egham, United Kingdom, 9/9/13. https://doi.org/10.1007/978-3-642-40203-6_10

Caselden D, Bazhanyuk A, Payer M, McCamant S, Song D. HI-CFG: Construction by binary analysis and application to attack polymorphism. In Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings. 2013. p. 164-181. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-40203-6_10

Caselden, Dan ; Bazhanyuk, Alex ; Payer, Mathias et al. / HI-CFG : Construction by binary analysis and application to attack polymorphism. Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings. 2013. pp. 164-181 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{4247f9a8933a46ffb2dfadebb7cc5704,

title = "HI-CFG: Construction by binary analysis and application to attack polymorphism",

abstract = "Security analysis often requires understanding both the control and data-flow structure of a binary. We introduce a new program representation, a hybrid information- and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a program whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack inputs under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such attack polymorphism shows the insufficiency of any filter that does not support all the same transformations as the vulnerable application. In case studies, we show this attack capability against a PDF viewer and a word processor.",

author = "Dan Caselden and Alex Bazhanyuk and Mathias Payer and Stephen McCamant and Dawn Song",

year = "2013",

doi = "10.1007/978-3-642-40203-6_10",

language = "English (US)",

isbn = "9783642402029",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "164--181",

booktitle = "Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings",

note = "18th European Symposium on Research in Computer Security, ESORICS 2013 ; Conference date: 09-09-2013 Through 13-09-2013",

}

TY - GEN

T1 - HI-CFG

T2 - 18th European Symposium on Research in Computer Security, ESORICS 2013

AU - Caselden, Dan

AU - Bazhanyuk, Alex

AU - Payer, Mathias

AU - McCamant, Stephen

AU - Song, Dawn

PY - 2013

Y1 - 2013

N2 - Security analysis often requires understanding both the control and data-flow structure of a binary. We introduce a new program representation, a hybrid information- and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a program whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack inputs under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such attack polymorphism shows the insufficiency of any filter that does not support all the same transformations as the vulnerable application. In case studies, we show this attack capability against a PDF viewer and a word processor.

AB - Security analysis often requires understanding both the control and data-flow structure of a binary. We introduce a new program representation, a hybrid information- and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a program whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack inputs under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such attack polymorphism shows the insufficiency of any filter that does not support all the same transformations as the vulnerable application. In case studies, we show this attack capability against a PDF viewer and a word processor.

UR - http://www.scopus.com/inward/record.url?scp=84884780814&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84884780814&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-40203-6_10

DO - 10.1007/978-3-642-40203-6_10

M3 - Conference contribution

AN - SCOPUS:84884780814

SN - 9783642402029

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 164

EP - 181

BT - Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings

Y2 - 9 September 2013 through 13 September 2013

ER -

HI-CFG: Construction by binary analysis and application to attack polymorphism

Abstract

Publication series

Other

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this