Abstract
We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component, such as layouts of stack frames. Existing software analysis tools, while effective at identifying vulnerabilities, fail to model low-level details, and are hence unsuitable for exploit-finding. We study the issues involved in exploit-finding by considering application programming interface (API) level exploits. A software component is vulnerable to an API-level exploit if its security can be compromised by invoking a sequence of API operations allowed by the component. We present a framework to model low-level details of APIs, and develop an automatic technique based on bounded, infinite-state model checking to discover API-level exploits. We present two instantiations of this framework. We show that format-string exploits can be modeled as API-level exploits, and demonstrate our technique by finding exploits against vulnerabilities in widely-used software. We also use the framework to model a cryptographic-key management API (the IBM CCA) and demon-strate a tool that identifies a previously known exploit.
| Original language | English (US) |
|---|---|
| Pages | 312-321 |
| Number of pages | 10 |
| DOIs | |
| State | Published - 2005 |
| Externally published | Yes |
| Event | 27th International Conference on Software Engineering, ICSE05 - St. Louis, MO, United States Duration: May 15 2005 → May 21 2005 |
Other
| Other | 27th International Conference on Software Engineering, ICSE05 |
|---|---|
| Country/Territory | United States |
| City | St. Louis, MO |
| Period | 5/15/05 → 5/21/05 |
All Science Journal Classification (ASJC) codes
- Engineering(all)
Keywords
- API-level exploit
- Bounded model checking