Extracting Models of Security-Sensitive Operations using String-Enhanced White-Box Exploration on Binaries

Abstract

Models of security-sensitive code enable reasoning about the security implications of code. In this paper we present an approach for extracting models of security-sensitive operations directly from program binaries, which lets third-party analysts reason about a program when the source code is not available. Our approach is based on string-enhanced white-box exploration, a new technique that improves the effectiveness of current white-box exploration techniques on programs that use strings, by reasoning directly about string operations, rather than about the individual byte-level operations that comprise them. We implement our approach and use it to extract models of the closed-source content sniffing algorithms of two popular browsers: Internet Explorer 7 and Safari 3.1. We use the generated models to automatically find recently studied content-sniffing XSS attacks, and show the benefits of string-enhanced white-box exploration over current byte-level exploration techniques.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 06, 2009
Accession Number
ADA538848

Entities

People

  • Adam Barth
  • Dawn Song
  • Juan Caballero
  • Stephen Mccamant

Organizations

  • University of California, Berkeley

Tags

DTIC Thesaurus Topics

  • Algorithms
  • Computer Programs
  • Computer Science
  • Control Systems
  • Detection
  • Internet
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Networks
  • Operating Systems
  • Reasoning
  • Security
  • Software Testing
  • Web Browsers
  • Websites

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Systems Analysis and Design

Technology Areas

  • AI & ML
  • AI & ML - DoD AI Strategy