Exniffer: Learning to Prioritize Crashes by Assessing the Exploitability from Memory Dump

Shubham Tripathi, Gustavo Grieco, Sanjay Rawat

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

An important component of software reliability is the assurance of certain security guarantees, such as absence of low-level bugs that may result in code exploitation, for example. A program crash is an early indicator of possible errors in the program like memory corruption, access violation or division by zero. In particular, a crash may indicate the presence of safety or security critical errors. A safety-error crash does not result in any exploitable condition, whereas a security-error crash allows an attacker to exploit a vulnerability. However, distinguishing one from the other is a non-trivial task. This exacerbates the problem in cases where we get hundreds of crashes and programmers have to make choices which crash to patch first! In this work, we present a technique to identify security critical crashes by applying machine learning on a set of features derived from core-dump files and runtime information obtained from hardware assisted monitoring such as the last branch record (LBR) register. We implement the proposed technique in a prototype called Exniffer. Our empirical results, obtained by experimenting Exniffer on several crashes on real-world applications show that proposed technique is able to classify a given crash as exploitable or not-exploitable with high accuracy.

Original languageEnglish
Title of host publicationProceedings - 24th Asia-Pacific Software Engineering Conference, APSEC 2017
PublisherACM, IEEE Computer Society
Pages239-248
Number of pages10
Volume2017-December
ISBN (Electronic)9781538636817
DOIs
Publication statusPublished - 5 Mar 2018
Event24th Asia-Pacific Software Engineering Conference, APSEC 2017 - Nanjing, Jiangsu, China
Duration: 4 Dec 20178 Dec 2017

Conference

Conference24th Asia-Pacific Software Engineering Conference, APSEC 2017
Country/TerritoryChina
CityNanjing, Jiangsu
Period4/12/178/12/17

Funding

We would like to thank the anonymous reviewers for their comments. This work was partially supported (for one author) by the Netherlands Organisation for Scientific Research through grant NWO 639.023.309 VICI (Dowsing).

FundersFunder number
Nederlandse Organisatie voor Wetenschappelijk OnderzoekNWO 639.023.309 VICI

    Keywords

    • core-dump
    • crash analysis
    • hardware branch tracing
    • information security
    • machine learning
    • operating systems security
    • software security engineering
    • vulnerability management

    Fingerprint

    Dive into the research topics of 'Exniffer: Learning to Prioritize Crashes by Assessing the Exploitability from Memory Dump'. Together they form a unique fingerprint.

    Cite this