Towards Locating Memory Corruption Vulnerability with Core Dump
Modern operating systems integrate various security mechanisms to prevent software faults from being exploited. To bypass defenses and hijack program execution, an attacker therefore needs to constantly mutate an exploit and make many attempts. While in their attempts, the exploit may terminate a running process abnormally, and leaves behind a snapshot of its crashing state in the form of a core dump. While a core dump carries a large amount of information, which has long been used for software debugging, it barely serves as informative debugging aids in locating software faults, particularly memory corruption vulnerabilities.
This research project aims to explore, design and develop lightweight, systematic and automated approaches that turn a core dump to an informative aid in tracking down memory corruption vulnerabilities. The proposed research has three key components. First, the project will develop a technical approach to improve the quality of information extracted from core dumps. Second, the project will explore a set of technical approaches to enhance this readily-available information. Last but not least, the project will develop a technical approach to automatically analyze enhanced core dumps and pinpoint the root cause of software crashes. This project will make an important step towards improving information available to developers and analysts debugging vulnerable software.