Exniffer: Learning to Prioritize Crashes by Assessing the Exploitability from Memory Dump

Shubham Tripathi, Gustavo Grieco, Sanjay Rawat

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

An important component of software reliability is the assurance of certain security guarantees, such as absence of low-level bugs that may result in code exploitation, for example. A program crash is an early indicator of possible errors in the program like memory corruption, access violation or division by zero. In particular, a crash may indicate the presence of safety or security critical errors. A safety-error crash does not result in any exploitable condition, whereas a security-error crash allows an attacker to exploit a vulnerability. However, distinguishing one from the other is a non-trivial task. This exacerbates the problem in cases where we get hundreds of crashes and programmers have to make choices which crash to patch first! In this work, we present a technique to identify security critical crashes by applying machine learning on a set of features derived from core-dump files and runtime information obtained from hardware assisted monitoring such as the last branch record (LBR) register. We implement the proposed technique in a prototype called Exniffer. Our empirical results, obtained by experimenting Exniffer on several crashes on real-world applications show that proposed technique is able to classify a given crash as exploitable or not-exploitable with high accuracy.

Original languageEnglish
Title of host publicationProceedings - 24th Asia-Pacific Software Engineering Conference, APSEC 2017
PublisherACM, IEEE Computer Society
Pages239-248
Number of pages10
Volume2017-December
ISBN (Electronic)9781538636817
DOIs
Publication statusPublished - 5 Mar 2018
Event24th Asia-Pacific Software Engineering Conference, APSEC 2017 - Nanjing, Jiangsu, China
Duration: 4 Dec 20178 Dec 2017

Conference

Conference24th Asia-Pacific Software Engineering Conference, APSEC 2017
Country/TerritoryChina
CityNanjing, Jiangsu
Period4/12/178/12/17

Keywords

  • core-dump
  • crash analysis
  • hardware branch tracing
  • information security
  • machine learning
  • operating systems security
  • software security engineering
  • vulnerability management

Fingerprint

Dive into the research topics of 'Exniffer: Learning to Prioritize Crashes by Assessing the Exploitability from Memory Dump'. Together they form a unique fingerprint.

Cite this