HeapBuster Automatically Exploiting Heap Vulnerabilities

Abstract

SIFT, the University of California Santa Barbara (UCSB), and the University of Minnesota (UMN) propose to develop HeapBuster, a tool that will automatically find exploitable heap memory management flaws in firmware. HeapBuster will leverage new binary pattern-matching and semantic function recognition methods to identify which specific heap management libraries (HMLs) are used by a particular firmware sample. Identifying these libraries is challenging when operating on “blob” firmware samples, as these libraries are statically compiled into the firmware image, and may not be easily isolated. Once the firmware’s heap management subcomponent has been identified and its interface defined, HeapBuster will use an enhanced version of UCSB’s HeapHopper to identify vulnerabilities in the HML. These vulnerabilities may require specific precursor flaws in the rest of the application, that allow an attacker to modify the metadata used by the HML to handle memory allocation and deallocation. HeapBuster will use targeted symbolic execution to search for those precursor flaws, synthesizing a complete Proof of Vulnerability (PoV) that exploits the HML, if the flaws are located. Such a PoV can be used for instance by application developers to develop fixes for a vulnerability, or to train network filters to block attacks, with the final effect of raising the level of cyber defense and improving its automation.

Document Details

Document Type

DoD Grant Award

Publication Date

Sep 30, 2019

Source ID

N000141912541

Entities

Tags