HI-CFG: Construction by Binary Analysis and Application to Attack Polymorphism View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2013

AUTHORS

Dan Caselden , Alex Bazhanyuk , Mathias Payer , Stephen McCamant , Dawn Song

ABSTRACT

Security analysis often requires understanding both the control and data-flow structure of a binary. We introduce a new program representation, a hybrid information- and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a program whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack inputs under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such attack polymorphism shows the insufficiency of any filter that does not support all the same transformations as the vulnerable application. In case studies, we show this attack capability against a PDF viewer and a word processor. More... »

PAGES

164-181

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-642-40203-6_10

DOI

http://dx.doi.org/10.1007/978-3-642-40203-6_10

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1033182312


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0802", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computation Theory and Mathematics", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "FireEye, Inc., USA", 
          "id": "http://www.grid.ac/institutes/grid.497114.e", 
          "name": [
            "FireEye, Inc., USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Caselden", 
        "givenName": "Dan", 
        "id": "sg:person.015333102656.50", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015333102656.50"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Intel Corporation, USA", 
          "id": "http://www.grid.ac/institutes/grid.419318.6", 
          "name": [
            "Intel Corporation, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Bazhanyuk", 
        "givenName": "Alex", 
        "id": "sg:person.07425412056.02", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07425412056.02"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Berkeley, USA", 
          "id": "http://www.grid.ac/institutes/grid.47840.3f", 
          "name": [
            "University of California, Berkeley, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Payer", 
        "givenName": "Mathias", 
        "id": "sg:person.01234154671.86", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01234154671.86"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Minnesota, USA", 
          "id": "http://www.grid.ac/institutes/grid.437349.e", 
          "name": [
            "University of Minnesota, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "McCamant", 
        "givenName": "Stephen", 
        "id": "sg:person.010676646155.72", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010676646155.72"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Berkeley, USA", 
          "id": "http://www.grid.ac/institutes/grid.47840.3f", 
          "name": [
            "University of California, Berkeley, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Song", 
        "givenName": "Dawn", 
        "id": "sg:person.01143152610.86", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2013", 
    "datePublishedReg": "2013-01-01", 
    "description": "Security analysis often requires understanding both the control and data-flow structure of a binary. We introduce a new program representation, a hybrid information- and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a program whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack inputs under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such attack polymorphism shows the insufficiency of any filter that does not support all the same transformations as the vulnerable application. In case studies, we show this attack capability against a PDF viewer and a word processor.", 
    "editor": [
      {
        "familyName": "Crampton", 
        "givenName": "Jason", 
        "type": "Person"
      }, 
      {
        "familyName": "Jajodia", 
        "givenName": "Sushil", 
        "type": "Person"
      }, 
      {
        "familyName": "Mayes", 
        "givenName": "Keith", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-642-40203-6_10", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-642-40202-9", 
        "978-3-642-40203-6"
      ], 
      "name": "Computer Security \u2013 ESORICS 2013", 
      "type": "Book"
    }, 
    "keywords": [
      "data flow structure", 
      "control flow graph", 
      "security analysis", 
      "user-specified combination", 
      "symbolic execution", 
      "vulnerable applications", 
      "PDF viewer", 
      "program representation", 
      "hybrid information", 
      "attack inputs", 
      "attack capability", 
      "word processor", 
      "binary analysis", 
      "new program representation", 
      "structural knowledge", 
      "applications", 
      "complex transformations", 
      "algorithm", 
      "execution", 
      "case study", 
      "processors", 
      "graph", 
      "task", 
      "attacks", 
      "input", 
      "representation", 
      "same transformation", 
      "capability", 
      "viewers", 
      "information", 
      "traces", 
      "vulnerability", 
      "program", 
      "transformation", 
      "knowledge", 
      "filter", 
      "construction", 
      "binaries", 
      "analysis", 
      "part", 
      "control", 
      "combination", 
      "structure", 
      "study", 
      "insufficiency", 
      "polymorphism", 
      "approach"
    ], 
    "name": "HI-CFG: Construction by Binary Analysis and Application to Attack Polymorphism", 
    "pagination": "164-181", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1033182312"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-642-40203-6_10"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-642-40203-6_10", 
      "https://app.dimensions.ai/details/publication/pub.1033182312"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-10T10:56", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220509/entities/gbq_results/chapter/chapter_8.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-642-40203-6_10"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-40203-6_10'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-40203-6_10'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-40203-6_10'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-40203-6_10'


 

This table displays all metadata directly associated to this object as RDF triples.

154 TRIPLES      23 PREDICATES      73 URIs      66 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-642-40203-6_10 schema:about anzsrc-for:08
2 anzsrc-for:0802
3 schema:author N9c9667f089a54e99aaf0b2327916b5a2
4 schema:datePublished 2013
5 schema:datePublishedReg 2013-01-01
6 schema:description Security analysis often requires understanding both the control and data-flow structure of a binary. We introduce a new program representation, a hybrid information- and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a program whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack inputs under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such attack polymorphism shows the insufficiency of any filter that does not support all the same transformations as the vulnerable application. In case studies, we show this attack capability against a PDF viewer and a word processor.
7 schema:editor N0b327c19f4564b81969b03d11d433de1
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf N10c0eb59af1448dd9ce67a4da4e019d9
12 schema:keywords PDF viewer
13 algorithm
14 analysis
15 applications
16 approach
17 attack capability
18 attack inputs
19 attacks
20 binaries
21 binary analysis
22 capability
23 case study
24 combination
25 complex transformations
26 construction
27 control
28 control flow graph
29 data flow structure
30 execution
31 filter
32 graph
33 hybrid information
34 information
35 input
36 insufficiency
37 knowledge
38 new program representation
39 part
40 polymorphism
41 processors
42 program
43 program representation
44 representation
45 same transformation
46 security analysis
47 structural knowledge
48 structure
49 study
50 symbolic execution
51 task
52 traces
53 transformation
54 user-specified combination
55 viewers
56 vulnerability
57 vulnerable applications
58 word processor
59 schema:name HI-CFG: Construction by Binary Analysis and Application to Attack Polymorphism
60 schema:pagination 164-181
61 schema:productId N3a7dcce4c9094b9e8d69692c9d4c167c
62 N45a03706d768478184e11a52f4f736ab
63 schema:publisher Ndf1875e6c6ee4942a3b493f560e7e3b8
64 schema:sameAs https://app.dimensions.ai/details/publication/pub.1033182312
65 https://doi.org/10.1007/978-3-642-40203-6_10
66 schema:sdDatePublished 2022-05-10T10:56
67 schema:sdLicense https://scigraph.springernature.com/explorer/license/
68 schema:sdPublisher N4b33add0a9ce4648938dfe15537c567d
69 schema:url https://doi.org/10.1007/978-3-642-40203-6_10
70 sgo:license sg:explorer/license/
71 sgo:sdDataset chapters
72 rdf:type schema:Chapter
73 N0b327c19f4564b81969b03d11d433de1 rdf:first N858318c4ff7b4d5393aa6f8e30d2e4e1
74 rdf:rest Nf7675f4dccf043b6974d28e2875c58ed
75 N0dd5236718664585badd97d8bc211bcf rdf:first Nb5b5fd65c6c243789a31dc2b353b394d
76 rdf:rest rdf:nil
77 N10c0eb59af1448dd9ce67a4da4e019d9 schema:isbn 978-3-642-40202-9
78 978-3-642-40203-6
79 schema:name Computer Security – ESORICS 2013
80 rdf:type schema:Book
81 N2eb6cda420f8498687c014c2ef382098 rdf:first sg:person.07425412056.02
82 rdf:rest Nb869768717584c3d83092ca73cc1b203
83 N3a7dcce4c9094b9e8d69692c9d4c167c schema:name dimensions_id
84 schema:value pub.1033182312
85 rdf:type schema:PropertyValue
86 N45a03706d768478184e11a52f4f736ab schema:name doi
87 schema:value 10.1007/978-3-642-40203-6_10
88 rdf:type schema:PropertyValue
89 N4b33add0a9ce4648938dfe15537c567d schema:name Springer Nature - SN SciGraph project
90 rdf:type schema:Organization
91 N583282975276494497f5343c1f3b3aff schema:familyName Jajodia
92 schema:givenName Sushil
93 rdf:type schema:Person
94 N5b28038d7cdb4171b2bb89610f864f21 rdf:first sg:person.01143152610.86
95 rdf:rest rdf:nil
96 N858318c4ff7b4d5393aa6f8e30d2e4e1 schema:familyName Crampton
97 schema:givenName Jason
98 rdf:type schema:Person
99 N9c9667f089a54e99aaf0b2327916b5a2 rdf:first sg:person.015333102656.50
100 rdf:rest N2eb6cda420f8498687c014c2ef382098
101 Nb5b5fd65c6c243789a31dc2b353b394d schema:familyName Mayes
102 schema:givenName Keith
103 rdf:type schema:Person
104 Nb869768717584c3d83092ca73cc1b203 rdf:first sg:person.01234154671.86
105 rdf:rest Nc610ee3d9b3c4be5ae0d52fba49de88c
106 Nc610ee3d9b3c4be5ae0d52fba49de88c rdf:first sg:person.010676646155.72
107 rdf:rest N5b28038d7cdb4171b2bb89610f864f21
108 Ndf1875e6c6ee4942a3b493f560e7e3b8 schema:name Springer Nature
109 rdf:type schema:Organisation
110 Nf7675f4dccf043b6974d28e2875c58ed rdf:first N583282975276494497f5343c1f3b3aff
111 rdf:rest N0dd5236718664585badd97d8bc211bcf
112 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
113 schema:name Information and Computing Sciences
114 rdf:type schema:DefinedTerm
115 anzsrc-for:0802 schema:inDefinedTermSet anzsrc-for:
116 schema:name Computation Theory and Mathematics
117 rdf:type schema:DefinedTerm
118 sg:person.010676646155.72 schema:affiliation grid-institutes:grid.437349.e
119 schema:familyName McCamant
120 schema:givenName Stephen
121 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010676646155.72
122 rdf:type schema:Person
123 sg:person.01143152610.86 schema:affiliation grid-institutes:grid.47840.3f
124 schema:familyName Song
125 schema:givenName Dawn
126 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86
127 rdf:type schema:Person
128 sg:person.01234154671.86 schema:affiliation grid-institutes:grid.47840.3f
129 schema:familyName Payer
130 schema:givenName Mathias
131 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01234154671.86
132 rdf:type schema:Person
133 sg:person.015333102656.50 schema:affiliation grid-institutes:grid.497114.e
134 schema:familyName Caselden
135 schema:givenName Dan
136 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015333102656.50
137 rdf:type schema:Person
138 sg:person.07425412056.02 schema:affiliation grid-institutes:grid.419318.6
139 schema:familyName Bazhanyuk
140 schema:givenName Alex
141 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07425412056.02
142 rdf:type schema:Person
143 grid-institutes:grid.419318.6 schema:alternateName Intel Corporation, USA
144 schema:name Intel Corporation, USA
145 rdf:type schema:Organization
146 grid-institutes:grid.437349.e schema:alternateName University of Minnesota, USA
147 schema:name University of Minnesota, USA
148 rdf:type schema:Organization
149 grid-institutes:grid.47840.3f schema:alternateName University of California, Berkeley, USA
150 schema:name University of California, Berkeley, USA
151 rdf:type schema:Organization
152 grid-institutes:grid.497114.e schema:alternateName FireEye, Inc., USA
153 schema:name FireEye, Inc., USA
154 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...