A Taint Semantic Map to Accelerate Exploitation: FY20 Cyber Security Line Supported Program
Abstract
This report describes and provides preliminary results for an analysis intended to accelerate the process of exploiting software vulnerabilities. The Taint Semantic Map (TSM) helps answer a critical question frequently posed by reverse engineers engaged in exploitation: what is the type and semantics of data in memory at a given point in program execution. This intelligence aids in exploring the implications of a read or write buffer overflow, as it tells one what can I read or corrupt? But it should also aid other aspects of exploitation, such as heap grooming and dynamic data structure understanding. The TSM is an application of dynamic taint analysis, in which memory access instructions are augmented to apply persistent labels to memory indicating the code that created or consumed that data. At a given point in execution, querying memory to determine the pattern of labels present can be used to determine type and semantics. We implement TSMin PANDA, the Platform for Architecture-Neutral Dynamic Analysis. In this report we motivate and describe TSM and its implementation. This is followed by some evaluations of its abilities and performance, including some sample maps from vulnerabilities seeded in programs.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 07, 2021
- Accession Number
- AD1147896
Entities
People
- A. J. King
- A. T. Davis
- T. R. Leek
Organizations
- MIT Lincoln Laboratory