Download presentation
Presentation is loading. Please wait.
1
Automatic Patch-Based Exploit Generation
By David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng (IEEE Security and Privacy Symposium, May, 2008) Presented in OWASP IL 2008 by Yossi Oren Carnegie Mellon University (Silicon Valley) מי מכיר את ההתקפה הזו?
2
Microsoft just released a patch over Windows Update
Here’s a Situation: Microsoft just released a patch over Windows Update Your Internet connection is fast, so you got it first You have 1 hour to create an exploit Can you do it? לא שיחררו patch סתם – זה בא לפתור משהו. בוא נגלה מה זה בא לפתור ונייצר התקפה
3
Can you do it? Vulnerability Time to Exploit (in seconds)
ASPNet Filter Information Disclosure (MS06-033) 11.57 GDI Integer Overflow (MS07-046) 10.34 IGMP Denial of Service (MS06-007) 29.07 PNG Buffer Overflow (MS05-025) 104.28
4
Identify new input sanitization checks
How APEG works Diff patched binary and old binary using a bin-diffing tool (eEye EBDS) Identify new input sanitization checks Generate candidate exploits (they fail the new checks but pass the old ones) Verify candidate exploits using a taint analyzer (BitBlaze TEMU) TEMU is built upon a whole-system emulator, QEMU
5
Countermeasures Obfuscate patches Encrypt patches, distribute the key only when everybody’s ready Speed up patch distribution via P2P Ignore the problem
6
More information:
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.