Abstract
Software vulnerabilities can be attributed to inherent bugs in the system. Several types of bugs introduce faults for not conforming to system specifications and failures, including crash, hang, and panic. In our work, we exploit security faults due to crash-type failures. It is difficult to reconstruct system failures after a program has crashed. Much research work has been focused on detecting program errors and identifying their root causes either by static analysis or observing their running behavior through dynamic program instrument. Our goal is to design a tool that helps isolate bugs. This tool is called BEAGLE (Bug-tracking by Execution Auditing from Generated Logs and Errors). BEAGLE periodically makes stack checkpoints of program in execution. If the software crashes, we can approximate to the latest checkpoint and infer the precise corrupt site. After identifying the site of control state corruption, tainted input analysis will determine system exploitability if untouched passed through the corrupt site. Several case studies of corrupt site detections and tainted input analysis prove the applicability of our tool.
Original language | English |
---|---|
Title of host publication | Computer Security in the 21st Century |
Publisher | Springer US |
Pages | 169-180 |
Number of pages | 12 |
ISBN (Print) | 9780387240053 |
DOIs | |
State | Published - 2005 |
Keywords
- Control State Corruption
- COTS Vulnerability Testing
- Dynamic Analysis
- Software Wrapper