Sciweavers

CCS
2010
ACM

Input generation via decomposition and re-stitching: finding bugs in Malware

13 years 11 months ago
Input generation via decomposition and re-stitching: finding bugs in Malware
Attackers often take advantage of vulnerabilities in benign software, and the authors of benign software must search their code for bugs in hopes of finding vulnerabilities before they are exploited. But there has been little research on the converse question of whether defenders can turn the tables by finding vulnerabilities in malware. We provide a first affirmative answer to that question. We introduce a new technique, stitched dynamic symbolic execution, that makes it possible to use exploration techniques based on symbolic execution in the presence of functionalities that are common in malware and otherwise hard to analyze, such as decryption and checksums. The technique is based on decomposing the constraints induced by a program, solving only a subset, and then re-stitching the constraint solution into a complete input. We implement the approach in a system for x86 binaries, and apply it to 4 prevalent families of bots and other malware. We find 6 bugs that could be exploited b...
Juan Caballero, Pongsin Poosankam, Stephen McCaman
Added 06 Dec 2010
Updated 06 Dec 2010
Type Conference
Year 2010
Where CCS
Authors Juan Caballero, Pongsin Poosankam, Stephen McCamant, Domagoj Babic, Dawn Song
Comments (0)