An Automatic Evaluation Approach for Binary Software Vulnerabilities with Address Space Layout Randomization Enabled

摘要

ASLR is currently an effective mean to defend against exploits based on known addresses, but in recent years, exploit codes have begun to effectively bypass the ASLR technology. Since the ASLR mechanism bypass methods are different and closely related to the target program, the current vulnerability assessments with ASLR enabled are manually completed based on the experience of manual vulnerability exploitation. Therefore, how to quickly assess software vulnerabilities, especially with the ASLR enabled, is a problem that needs to be solved in current software security. In this paper, we propose an automatic evaluation approach for binary software vulnerabilities with ASLR enabled, that can obtain key address information from the program to identify the possible ASLR bypasspaths. The approach uses an information leakage method based on a recessive output function by imitating the ASLR bypass technology commonly used among human vulnerability exploitation experts. By inputting a valid proof of concept, it first obtains the vulnerability triggering constraints of the target program, then searches for the hidden output function to leak information, and generates a final exploit that can be used to bypass ASLR. We argue that this automatic evaluation approach can reduce the reliance on manual work of ASLR-related exploits, and improves the vulnerability assessment mechanism significantly. We evaluated our approach against three CTF binary programs, and the results show that it can assess the exploitability of the vulnerability with the ASLR enabled in seconds.