Site Navigation

Reuse-Oriented Camouflaging Attack: Vulnerability Detection and Attack Construction

Page Content

Get BibTex-formatted data

Author

Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu

Tech report number

CERIAS TR 2009-29

Entry type

techreport

Abstract

We introduce a reuse-oriented camouflaging attack – a new threat to legal software binaries. To perform a malicious action, such an attack will identify and reuse an existing function in a legal binary program instead of implementing the function itself. Furthermore, the attack is stealthy in that the malicious invocation of a targeted function usually takes place in a location where it is legal to do so, closely mimicking a legal invocation. At the network level, the victim binary can still follow its communication protocol without exhibiting any anomalous behavior. Meanwhile, many close-source shareware binaries are rich in functions that can be maliciously "reused," making them attractive targets of this type of attack. In this paper, we present a framework to determine if a given binary program is vulnerable to this attack and to construct a concrete attack if so. Our experiments with a number of real-world software binaries demonstrate that the reuse-oriented camouflaging attacks are real and vulnerabilities in the binaries can be effectively revealed and confirmed.

Download

PDF

Date

2009 – 11 – 11

Key alpha

Lin

Publication Date

2009-04-20

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Lin,
	title = "Reuse-Oriented Camouflaging Attack: Vulnerability Detection and Attack Construction",
	author = "Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu",
	year = "2009",
	month = "11",
	day = "11",
	abstract = "We introduce a reuse-oriented camouflaging attack – a new threat to legal software binaries. To perform a malicious action, such an attack will identify and reuse an existing function in a legal binary program instead of implementing the function itself. Furthermore, the attack is stealthy in that the malicious invocation of a targeted function usually takes place in a location where it is legal to do so, closely mimicking a legal invocation. At the network level, the victim binary can still follow its communication protocol without exhibiting any anomalous behavior. Meanwhile, many close-source shareware binaries are rich in functions that can
be maliciously "reused," making them attractive targets of this type of attack. In this paper, we present a framework to determine if a given binary program is vulnerable to this attack and to construct a concrete attack if so. Our experiments with a number of real-world software binaries demonstrate that the reuse-oriented camouflaging attacks are real and vulnerabilities in the binaries can be effectively
revealed and confirmed.",
}

Current News

Blog

Footer

RSS Feeds

Combined XML Feed News XML Feed Events XML Feed Weblogs XML Feed Security Seminar Podcast Twitter: @cerias, @ceriasarchive, #cerias

CERIAS, Purdue University / Recitation Building / 656 Oval Drive / West Lafayette IN 47907-2086
phone (765)494-7841 / fax (765)496-3181

Copyright © 2013, Purdue University, all rights reserved. Purdue University is an equal access/equal opportunity university.
If you have trouble accessing this page because of a disability, please contact the CERIAS webmaster at webmaster@cerias.purdue.edu. Some content on this site may require the use of a special plug-in or application. Please visit our plug-ins page for links to download these applications.
Privacy Policy

Intranet Site