The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis

碩士 === 國立交通大學 === 資訊工程系所 === 92 === In order to meet time to market, software often releases with unintended flaws. Some cause software crashes that are highly related to security vulnerabilities. Commercial Off-The-Shelf (COTS) software normally comes without source code. If there happened any prog...

Full description

Bibliographic Details
Main Authors: Shih-Hung Liu, 劉世弘
Other Authors: Shih-Kun Huang
Format: Others
Language:en_US
Published: 2004
Online Access:http://ndltd.ncl.edu.tw/handle/66571440931134637515
id ndltd-TW-092NCTU5392026
record_format oai_dc
spelling ndltd-TW-092NCTU53920262015-10-13T13:04:22Z http://ndltd.ncl.edu.tw/handle/66571440931134637515 The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis 程式失控動態分析系統設計與實作 Shih-Hung Liu 劉世弘 碩士 國立交通大學 資訊工程系所 92 In order to meet time to market, software often releases with unintended flaws. Some cause software crashes that are highly related to security vulnerabilities. Commercial Off-The-Shelf (COTS) software normally comes without source code. If there happened any program crash, all we can do is to report it to the vendor and wait for the patch. Some software companies, however, develop their patch not in timely manner, or even no longer support the older version. Normally, intended users can use debuggers to observe the running behavior of the software and determine if there exists any vulnerability to exploit. Our objective is to design a tool that helps systematically detect security-related errors from the crash. We want to automate the process to a certain extent for crash analysis. Much research work focused on detecting program errors and identifying their root causes either by static analysis or observing their running behavior through dynamic program instrument. Much of the work analyzes or instruments the source code of the software. However, with the assumption of lack of the source code, we develop an execution instrument and interception system and add detection mechanism of anomaly control flow inside to automatically judge if a certain crash can be exploited. We develop stack corrupt site identification and call target validation to detect if the control flow of the program is changed abnormally. Case studies of several commercial Windows applications from known exploits have proved the applicability of our system and better understanding of the exploiting path of these vulnerabilities. It manifests that our corrupt site identification mechanism points out the vulnerable function where the stack is polluted. At last, we compare this work with several related work to manifest the evaluation in the recent research. Shih-Kun Huang 黃世昆 2004 學位論文 ; thesis 59 en_US
collection NDLTD
language en_US
format Others
sources NDLTD
description 碩士 === 國立交通大學 === 資訊工程系所 === 92 === In order to meet time to market, software often releases with unintended flaws. Some cause software crashes that are highly related to security vulnerabilities. Commercial Off-The-Shelf (COTS) software normally comes without source code. If there happened any program crash, all we can do is to report it to the vendor and wait for the patch. Some software companies, however, develop their patch not in timely manner, or even no longer support the older version. Normally, intended users can use debuggers to observe the running behavior of the software and determine if there exists any vulnerability to exploit. Our objective is to design a tool that helps systematically detect security-related errors from the crash. We want to automate the process to a certain extent for crash analysis. Much research work focused on detecting program errors and identifying their root causes either by static analysis or observing their running behavior through dynamic program instrument. Much of the work analyzes or instruments the source code of the software. However, with the assumption of lack of the source code, we develop an execution instrument and interception system and add detection mechanism of anomaly control flow inside to automatically judge if a certain crash can be exploited. We develop stack corrupt site identification and call target validation to detect if the control flow of the program is changed abnormally. Case studies of several commercial Windows applications from known exploits have proved the applicability of our system and better understanding of the exploiting path of these vulnerabilities. It manifests that our corrupt site identification mechanism points out the vulnerable function where the stack is polluted. At last, we compare this work with several related work to manifest the evaluation in the recent research.
author2 Shih-Kun Huang
author_facet Shih-Kun Huang
Shih-Hung Liu
劉世弘
author Shih-Hung Liu
劉世弘
spellingShingle Shih-Hung Liu
劉世弘
The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis
author_sort Shih-Hung Liu
title The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis
title_short The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis
title_full The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis
title_fullStr The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis
title_full_unstemmed The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis
title_sort design and implementation of a dynamic instrument tool for program crash analysis
publishDate 2004
url http://ndltd.ncl.edu.tw/handle/66571440931134637515
work_keys_str_mv AT shihhungliu thedesignandimplementationofadynamicinstrumenttoolforprogramcrashanalysis
AT liúshìhóng thedesignandimplementationofadynamicinstrumenttoolforprogramcrashanalysis
AT shihhungliu chéngshìshīkòngdòngtàifēnxīxìtǒngshèjìyǔshízuò
AT liúshìhóng chéngshìshīkòngdòngtàifēnxīxìtǒngshèjìyǔshízuò
AT shihhungliu designandimplementationofadynamicinstrumenttoolforprogramcrashanalysis
AT liúshìhóng designandimplementationofadynamicinstrumenttoolforprogramcrashanalysis
_version_ 1717729719288332288