Abstract
An important component of software reliability is the assurance of certain security guarantees, such as absence of low-level bugs that may result in code exploitation, for example. A program crash is an early indicator of possible errors in the program like memory corruption, access violation or division by zero. In particular, a crash may indicate the presence of safety or security critical errors. A safety-error crash does not result in any exploitable condition, whereas a security-error crash allows an attacker to exploit a vulnerability. However, distinguishing one from the other is a non-trivial task. This exacerbates the problem in cases where we get hundreds of crashes and programmers have to make choices which crash to patch first! In this work, we present a technique to identify security critical crashes by applying machine learning on a set of features derived from core-dump files and runtime information obtained from hardware assisted monitoring such as the last branch record (LBR) register. We implement the proposed technique in a prototype called Exniffer. Our empirical results, obtained by experimenting Exniffer on several crashes on real-world applications show that proposed technique is able to classify a given crash as exploitable or not-exploitable with high accuracy.
Original language | English |
---|---|
Title of host publication | Proceedings - 24th Asia-Pacific Software Engineering Conference, APSEC 2017 |
Publisher | ACM, IEEE Computer Society |
Pages | 239-248 |
Number of pages | 10 |
Volume | 2017-December |
ISBN (Electronic) | 9781538636817 |
DOIs | |
Publication status | Published - 5 Mar 2018 |
Event | 24th Asia-Pacific Software Engineering Conference, APSEC 2017 - Nanjing, Jiangsu, China Duration: 4 Dec 2017 → 8 Dec 2017 |
Conference
Conference | 24th Asia-Pacific Software Engineering Conference, APSEC 2017 |
---|---|
Country/Territory | China |
City | Nanjing, Jiangsu |
Period | 4/12/17 → 8/12/17 |
Funding
We would like to thank the anonymous reviewers for their comments. This work was partially supported (for one author) by the Netherlands Organisation for Scientific Research through grant NWO 639.023.309 VICI (Dowsing).
Funders | Funder number |
---|---|
Nederlandse Organisatie voor Wetenschappelijk Onderzoek | NWO 639.023.309 VICI |
Keywords
- core-dump
- crash analysis
- hardware branch tracing
- information security
- machine learning
- operating systems security
- software security engineering
- vulnerability management