Automated method of building exploites in analysis software testing
Keywords:
target system security, exploit, information security, system buffer overflow, unauthorized access, software vulnerability, error classification.
Abstract
The article discusses the problem of the method of automated construction of exploits for the buffer overflow vulnerability on the stack and its application to the task of evaluating the criticality of errors in software and building software protection. The modern practical and theoretical methods of invading various operating systems are analyzed.
References
Andrianov V.I., Andronov A.V. Intelligent means of ensuring information security of automated systems in conditions of uncertainty // Journal of scientific publications of graduate students and doctoral students. 2010.No 8 (50). S. 120-121.
Vakhrushev I. A. et al. Method for searching for format string vulnerability // Transactions of the Institute for System Programming of the Russian Academy of Sciences, vol. 27, no. 4, 2015, pp. 23-38. DOI: 10.15514 / ISPRAS-2015-27 (4) -2.
Buynevich M.V., Izrailov K.E. Utility for searching for vulnerabilities in software of telecommunication devices using machine code algorithmization. Part 1. Functional architecture // Information Technologies and Communications. 2016.V. 4.No 1.P. 115-130.
Krasov A.V., Shterenberg S.I., Fakhrutdinov R. M., Ryzhakov D. V., Pestov I. E. Analysis of enterprise information security based on user data collection from open resources and monitoring of information resources using a machine training // T-comm: Telecommunications and transport. 2018.V. 12.No 10.P. 36-40.
Padaryan V.A., Kaushan V.V., Fedotov A.N. Automated method for constructing exploits for the buffer overflow vulnerability on the stack. Proceedings of ISP RAS, vol. 26, no. 3, pp. 127-144. DOI: 10.15514 / ISPRAS-2014-26 (3) -7.
Heelan S. Automatic generation of control flow hijacking exploits for software vulnerabilities. Master’s thesis, University of Oxford, 2009.
Huang S.K. et al. Crax: Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on. IEEE, 2012, pp. 78-87.
Fedotov A.N. A method for evaluating the exploitability of software defects. Proceedings of ISP RAS, vol. 28, no. 4, 2016, pp. 137-148. DOI: 10.15514 / ISPRAS- 2016-28 (4) -8.
Shterenberg S.I., Andrianov V.I. Investigation of adaptive attack techniques based on hidden attachment in executable files // Collection of articles of the International scientific and technical conference “Science, Technology, Innovations” (Bryansk, March 25–27, 2014 ) Bryansk: Reliable cars, 2014. S. 287-294.
Vakhrushev I. A. et al. Method for searching for format string vulnerability // Transactions of the Institute for System Programming of the Russian Academy of Sciences, vol. 27, no. 4, 2015, pp. 23-38. DOI: 10.15514 / ISPRAS-2015-27 (4) -2.
Buynevich M.V., Izrailov K.E. Utility for searching for vulnerabilities in software of telecommunication devices using machine code algorithmization. Part 1. Functional architecture // Information Technologies and Communications. 2016.V. 4.No 1.P. 115-130.
Krasov A.V., Shterenberg S.I., Fakhrutdinov R. M., Ryzhakov D. V., Pestov I. E. Analysis of enterprise information security based on user data collection from open resources and monitoring of information resources using a machine training // T-comm: Telecommunications and transport. 2018.V. 12.No 10.P. 36-40.
Padaryan V.A., Kaushan V.V., Fedotov A.N. Automated method for constructing exploits for the buffer overflow vulnerability on the stack. Proceedings of ISP RAS, vol. 26, no. 3, pp. 127-144. DOI: 10.15514 / ISPRAS-2014-26 (3) -7.
Heelan S. Automatic generation of control flow hijacking exploits for software vulnerabilities. Master’s thesis, University of Oxford, 2009.
Huang S.K. et al. Crax: Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on. IEEE, 2012, pp. 78-87.
Fedotov A.N. A method for evaluating the exploitability of software defects. Proceedings of ISP RAS, vol. 28, no. 4, 2016, pp. 137-148. DOI: 10.15514 / ISPRAS- 2016-28 (4) -8.
Shterenberg S.I., Andrianov V.I. Investigation of adaptive attack techniques based on hidden attachment in executable files // Collection of articles of the International scientific and technical conference “Science, Technology, Innovations” (Bryansk, March 25–27, 2014 ) Bryansk: Reliable cars, 2014. S. 287-294.
Abstract views: 188 PDF Downloads: 311
Published
2020-05-19
How to Cite
Martsenyuk , V., Didmanidze , I., Sverstiuk А., Andrushchak , I., & Rud К. (2020). Automated method of building exploites in analysis software testing. COMPUTER-INTEGRATED TECHNOLOGIES: EDUCATION, SCIENCE, PRODUCTION, (39), 146-150. https://doi.org/10.36910/6775-2524-0560-2020-39-25
Section
Computer science and computer engineering
