Automatic Patch-Based Exploit Generation

Slides:



Advertisements
Similar presentations
SM Online Group Administration Technical Configuration & Testing O L G A.
Advertisements

Binary Analysis for Botnet Reverse Engineering & Defense Dawn Song UC Berkeley.
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices Steve Hanna 1, Rolf Rolles 4, Andres.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
SMU SRG reading by Tey Chee Meng: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications by David Brumley, Pongsin Poosankam,
David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.
Differential Slicing: Identifying Causal Execution Differences for Security Applications Noah M. Johnson 1, Juan Caballero 2, Kevin Zhijie Chen 1, Stephen.
Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.
Software Security Lecture 0 Fang Yu Dept. of MIS National Chengchi University Spring 2011.
Vigilante: End-to-End Containment of Internet Worms M. Costa et al. (MSR) SOSP 2005 Shimin Chen LBA Reading Group.
1 Loop-Extended Symbolic Execution on Binary Programs Pongsin Poosankam ‡* Prateek Saxena * Stephen McCamant * Dawn Song * ‡ Carnegie Mellon University.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
IT:Network:Microsoft Applications
SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
A Framework for Automated Web Application Security Evaluation
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
EECS 583 – Class 21 Research Topic 3: Dynamic Taint Analysis University of Michigan December 5, 2012.
Semantics for Cybersecurity and Privacy Tim Finin, UMBC Joint work with Anupam Joshi, Karuna Joshi, Zareen Syed andmany UMBC graduate students
Jose Sanchez 1 o Tielei Wang†, TaoWei†, Zhiqiang Lin‡, Wei Zou†. o Purdue University & Peking University o Proceedings of NDSS'09: Network and Distributed.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.
TaintScope Presented by: Hector M Lugo-Cordero, MS CAP 6135 April 12, 2011.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Kaspersky Small Office Security INTRODUCING New for 2014!
GFI LANguard Matt Norris Dave Hone Chris Gould. GFI LANguard: Description Through the performances of the three (3) cornerstones of vulnerability management:
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.
보안 취약점 비교 Linux vs. Windows
CMGT 430 Week 1 Individual IT System Connection Table It is important to know the different interconnections each system has. IT systems do not operate.
Operating System Simulator
Accessing the Intranet
HookScout: Proactive Binary-Centric Hook Detection
ASP.NET Programming with C# and SQL Server First Edition
Internet Quarantine: Requirements for Containing Self-Propagating Code
SQL Server Security & Intrusion Prevention
# 66.
Auto-Detecting Hijacked Prefixes?
Auto-Detecting Hijacked Prefixes?
POLYGRAPH: Automatically Generating Signatures for Polymorphic Worms
Security Is a Game Tiffany Bao
Secure Yourself from RansomwareWanaCryptor
5.0 : Windows Operating System
Firewalls.
Microsoft Braindumps Installing and Configuring Windows 10
Oficesetup.com  Technical expert studying and writing helpful articles on antivirus and other security products.
CIS 333 RANK Perfect Education/ cis333rank.com.
Employers Internet What is it for?.
So… what is ransomware? #SPICECORPS.
Information Security Session October 24, 2005
CAE: A Collusion Attack against Privacy-preserving Data Aggregation Schemes Wei Yang University of Science and Technology of China (USTC) Contact Me.
Figure 6-4: Installation and Patching
Security Vulnerabilities in RPC (csci5931)
Microsoftofficesupport.org  Technical expert studying and writing helpful articles on antivirus and other security products.
CSC-682 Advanced Computer Security
IntScope: Automatically Detecting Integer overflow vulnerability in X86 Binary Using Symbolic Execution Tielei Wang, TaoWei, ZhingiangLin, weiZou Purdue.
Objectives of the Study conducted by several ANSP
Business Zone - Clearing your Cache
INTERNET SECURITY.
Bethesda Cybersecurity Club
Presentation transcript:

Automatic Patch-Based Exploit Generation By David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng (IEEE Security and Privacy Symposium, May, 2008) Presented in OWASP IL 2008 by Yossi Oren Carnegie Mellon University (Silicon Valley) מי מכיר את ההתקפה הזו?

Microsoft just released a patch over Windows Update Here’s a Situation: Microsoft just released a patch over Windows Update Your Internet connection is fast, so you got it first You have 1 hour to create an exploit Can you do it? לא שיחררו patch סתם – זה בא לפתור משהו. בוא נגלה מה זה בא לפתור ונייצר התקפה

Can you do it? Vulnerability Time to Exploit (in seconds) ASPNet Filter Information Disclosure (MS06-033) 11.57 GDI Integer Overflow (MS07-046) 10.34 IGMP Denial of Service (MS06-007) 29.07 PNG Buffer Overflow (MS05-025) 104.28

Identify new input sanitization checks How APEG works Diff patched binary and old binary using a bin-diffing tool (eEye EBDS) Identify new input sanitization checks Generate candidate exploits (they fail the new checks but pass the old ones) Verify candidate exploits using a taint analyzer (BitBlaze TEMU) TEMU is built upon a whole-system emulator, QEMU

Countermeasures Obfuscate patches Encrypt patches, distribute the key only when everybody’s ready Speed up patch distribution via P2P Ignore the problem

More information:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.