loading
Papers

Research.Publish.Connect.

Paper

Authors: Andrea Atzeni 1 ; Andrea Marcelli 1 ; Francesco Muroni 2 and Giovanni Squillero 1

Affiliations: 1 Politecnico di Torino, Italy ; 2 Independent Scholar, Italy

ISBN: 978-989-758-259-2

Keyword(s): Heap, Exploit, Memory Profiler, Dynamic Symbolic Execution, Taint Analysis.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Software Security

Abstract: Heap exploits are one of the most advanced, complex and frequent types of attack. Over the years, many effective techniques have been developed to mitigate them, such as data execution prevention, address space layout randomization and canaries. However, if both knowledge and control of the memory allocation are available, heap spraying and other attacks are still feasible. This paper presents HAIT, a memory profiler that records critical operations on the heap and shows them graphically in a clear and comprehensible format. A prototype was implemented on top of Triton, a framework for dynamic binary analysis. The experimental evaluation demonstrates that HAIT can help identifying the essential information needed to carry out heap exploits, providing valuable knowledge for an effective attack.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.210.22.132

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Atzeni, A.; Marcelli, A.; Muroni, F. and Squillero, G. (2017). HAIT: Heap Analyzer with Input Tracing.In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017) ISBN 978-989-758-259-2, pages 327-334. DOI: 10.5220/0006420803270334

@conference{secrypt17,
author={Andrea Atzeni. and Andrea Marcelli. and Francesco Muroni. and Giovanni Squillero.},
title={HAIT: Heap Analyzer with Input Tracing},
booktitle={Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)},
year={2017},
pages={327-334},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006420803270334},
isbn={978-989-758-259-2},
}

TY - CONF

JO - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)
TI - HAIT: Heap Analyzer with Input Tracing
SN - 978-989-758-259-2
AU - Atzeni, A.
AU - Marcelli, A.
AU - Muroni, F.
AU - Squillero, G.
PY - 2017
SP - 327
EP - 334
DO - 10.5220/0006420803270334

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.