Detection of Unlink Attack Based on Symbolic Execution

doi:10.3969/j.issn.1000-565X.2018.08.012

Journal of South China University of Technology (Natural Science Edition) ›› 2018, Vol. 46 ›› Issue (8): 81-87.doi: 10.3969/j.issn.1000-565X.2018.08.012

• Computer Science & Technology • Previous Articles Next Articles

Detection of Unlink Attack Based on Symbolic Execution

HUANG Ning¹ HUANG Shuguang¹ LIANG Zhichao²

1． Electronic Engineering Institute，National University of Defense Technology，Hefei 230037，Anhui，China;
2． School of Automation Science and Engineering，South China University of Technology，Guangzhou 510640，Guangdong，China

Received:2017-12-20 Revised:2018-02-11 Online:2018-08-25 Published:2018-07-01
Contact: Ning HUANG，黄宁(1990-)，男，博士生，主要从事软件漏洞分析研究 E-mail:809848161@qq.com
About author: 黄宁(1990-)，男，博士生，主要从事软件漏洞分析研究
Supported by:
Supported by the National Key Ｒesearch and Development Program“Cyberspace Security” (2017YFB0802905)

Abstract

Abstract: Unlink attack is a kind of attack against heap-based overflow vulnerability in Linux. Existed detection technology of the buffer overflow attack find the vulnerability trigger point and generate testcase by checking the control flow state. However, the heap-based overflow data seldom lead to the control flow hijack and the protection mechanisms limit the trigger condition, it is hard to judge the program whether or not the conditions of unlink attack is satisfied through existed detection technology. To improve the security of software, and detect the unlink attack, this paper summarized the features of unlink attack according to analyzing the instances, built the detection model of unlink attack, and proposed the unlink detection method based on the model. This method monitored the input data and sensitive cooperation of program by using taint analysis; built the path constraint of tainted data and data constraint which is satisfied the condition of unlink attack by selective symbolic execution; through solving the constraints above, judged if the program can be attacked by unlink and generated testcase. The experiments showed that this method can detect the unlink attack effectively.

Key words: heap-based overflow, buffer overflow, unlink attack, symbol execution, taint analysis

CLC Number:

TP311

HUANG Ning HUANG Shuguang LIANG Zhichao. Detection of Unlink Attack Based on Symbolic Execution[J]. Journal of South China University of Technology (Natural Science Edition), 2018, 46(8): 81-87.

[1]	LIU Jiaqi GAO Mu. Incentive Mechanism of Crowdsensing Based on Loss Aversion [J]. Journal of South China University of Technology (Natural Science Edition), 2019, 47(8): 96-104.
[2]	HUANG Ning HUANG Shuguang HUANG Hui DENG Zhaokun. Automatic Generation of Multi-modules ROP Based on Static Instructions Assignment [J]. Journal of South China University of Technology (Natural Science Edition), 2019, 47(6): 31-38.
[3]	. Formal Semantics of Operators of Normal Function Tables in Tabular Expressions [J]. Journal of South China University of Technology (Natural Science Edition), 2019, 47(2): 85-91.
[4]	LIN Weiwei WANG Zetao . Docker Cluster Scheduling Strategy Based on Genetic Algorithm [J]. Journal of South China University of Technology (Natural Science Edition), 2018, 46(3): 127-133.
[5]	Zhou Na-qin Qi De-yu. Parameterized Decomposition Tree-Based Obfuscation Method with Double Flattening Control Flow [J]. Journal of South China University of Technology (Natural Science Edition), 2015, 43(5): 132-138.
[6]	Du Qing Wang Qi-xuan Huang Dong-ping Cai Yi Wang Tao Min Hua-qing. Question Answering System Based on Social Relationship and Recommendation of the Best Answerer [J]. Journal of South China University of Technology (Natural Science Edition), 2015, 43(1): 132-139.
[7]	Li Mu- nan Su Jin- dian Fan Xia. A Novel Software Architecture Model for Pervasive Computing [J]. Journal of South China University of Technology (Natural Science Edition), 2014, 42(7): 40-48.
[8]	Han Di Pan Zhi-hong. Somatic Operation Based on Sensor of Android Mobile Devices [J]. Journal of South China University of Technology(Natural Science Edition), 2012, 40(9): 75-80.
[9]	Jin Lian-Yin Xi Jian-Qing Li Meng-Juan You Jin-Guo Liu Yong Miao De-Cheng. Dtrie-allpair: an Efficient Set T-Overlap Join Algorithm [J]. Journal of South China University of Technology(Natural Science Edition), 2012, 40(6): 109-117.
[10]	Huang Yu-long Xi Jian-qing Zhang Ping-jian Fang Xiao-lin Liu Yong. GBLHT: a GPU-Accelerated Linear Hash Table with Batch Insertion [J]. Journal of South China University of Technology(Natural Science Edition), 2012, 40(4): 49-56.
[11]	Liang Ru-bing Liu Qiong. KNN Query Technology of Mobile Terminals in Highway Networks [J]. Journal of South China University of Technology(Natural Science Edition), 2012, 40(1): 138-145,158.
[12]	Chen Wei Ding Qiu-lin Xie Qiang. Interactive Data Migration System and Its Approximately-detecting Efficiency Optimization [J]. Journal of South China University of Technology(Natural Science Edition), 2004, 32(2): 58-61.
[13]	. An Optimized Distributed Query Algorithm for Virtural Database System [J]. Journal of South China University of Technology(Natural Science Edition), 2003, 31(11): 24-29.
[14]	Wen Hu-i ying Zou Xian-min X u Jian-min. Development and Application of Transportation Database System for the Bus Station of Guangdong Province [J]. Journal of South China University of Technology(Natural Science Edition), 2003, 31(11): 61-64.
[15]	Fan Chong-gui Wen Jun Wen Gu-i hua Ding Y ue-hua. Product Model Based on Extended Object-oriented Petri Net [J]. Journal of South China University of Technology(Natural Science Edition), 2003, 31(10): 32-35.

Detection of Unlink Attack Based on Symbolic Execution

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments