Please use this identifier to cite or link to this item:
https://www.um.edu.mt/library/oar/handle/123456789/99527
Title: | SUDUTA : script UAF detection using taint analysis |
Authors: | Galea, John Vella, Mark Joseph |
Keywords: | Computer security Computer networks -- Security measures Computer crimes Web services -- Security measures Binary control systems |
Issue Date: | 2015 |
Publisher: | Springer, Cham. |
Citation: | Galea, J., & Vella, M. (2015, September). SUDUTA: Script UAF Detection Using Taint Analysis. International Workshop on Security and Trust Management, Austria. 136-151. |
Abstract: | Use-after-free (UAF) vulnerabilities are caused by the use of dangling pointers. Their exploitation inside script engine-hosting applications, e.g. web browsers, can even bypass state-of-the-art countermeasures. This work proposes SUDUTA (Script UAF Detection Using Taint Analysis), which aims at facilitating the diagnosis of UAF bugs during vulnerability analysis and improves an existent promising technique based on dynamic taint tracking. Firstly, precise taint analysis rules are presented in this work to clearly specify how SUDUTA manages the taint state. Moreover, it shifts its analysis to on-line, enabling instrumentation code to gain access to the program state of the application. Lastly, it handles the presence of custom memory allocators that are typically utilised in script-hosting applications. Results obtained using a benchmark dataset and vulnerable applications validate these three improvements. |
URI: | https://www.um.edu.mt/library/oar/handle/123456789/99527 |
Appears in Collections: | Scholarly Works - FacICTCS |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
SUDUTA__Script_UAF_detection_using_taint_analysis(2015).pdf Restricted Access | 586.21 kB | Adobe PDF | View/Open Request a copy |
Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.