Issue No.02 - March-April (2013 vol.11)
pp: 47-54
Bart Coppens , Ghent University
Bjorn De Sutter , Ghent University
Koen De Bosschere , Ghent University
As described in many blog posts and the scientific literature, exploits for software vulnerabilities are often engineered on the basis of patches, which often involves the manual or automated identification of vulnerable code. The authors evaluate how this identification can be automated with the most frequently referenced diffing tools, demonstrating that for certain types of patches, these tools are indeed effective attacker tools. But they also demonstrate that by using binary code diversification, the effectiveness of the tools can be diminished severely, thus severely closing the attacker's window of opportunity.
Computer security, Software development, Software reliability, Privacy, Semantics, Syntactics, patch-based attacks, software protection, binary code diversity, diffing tools
Bart Coppens, Bjorn De Sutter, Koen De Bosschere, "Protecting Your Software Updates", IEEE Security & Privacy, vol.11, no. 2, pp. 47-54, March-April 2013, doi:10.1109/MSP.2012.113
1. "Windows SMTP Service DNS Query ID Vulnerabilities," CoreLabs Security Advisory, 2010; http://corelabs.coresecurity.comindex.php?module=Wiki&action=view&type=advisory&name=CORE-2010-0427.
2. N. Economou, "Microsoft Virtual PC: The Hyper-Hole-Visor Bug & MS10-048: Win32k Window Creation Vulnerability (CVE-2010-1897)," Ekoparty, 2010; http://corelabs.coresecurity.comindex.php?module=Wiki&action=attachment&type=researcher&page=Nicolas_Economou&file=publication\%2F2x1_Microsoft_Bugs_Virtual_PC_hyper-hole-visor_Windows_Creation_Vulnerability_MS10-048\%2F2x1MicrosoftBug-Economou.pdf .
3. D. Brumley et al., "Automatic Patch-Based Exploit Generation Is Possible: Techniques and Implications," Proc. IEEE Symp. Security and Privacy, IEEE, 2008, pp. 143–157.
4. S. Harris et al., Gray Hat Hacking: The Ethical Hacker's Handbook, McGraw-Hill, 2008.
5. J. Oh, "Fight against 1-Day Exploits: Diffing Binaries vs. Anti-Diffing Binaries," Proc. Black Hat USA, 2009; OHBHUSA09-Oh-DiffingBinaries-PAPER.pdf.
6. A. Protas and S. Manzuik, "Skeletons in Microsoft's Closet: Silently Fixed Vulnerabilities," Proc. Black Hat Europe, 2006; bh-eu-06-Manzuik.pdf.
7. C. Eagle, The IDA Pro Book, 2nd ed., No Starch Press, 2011.
8. C. Collberg and J. Nagra, Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection, Addison-Wesley Professional, 2009.
9. C.D. Manning and H. Schutz, Introduction to Information Retrieval, Cambridge Univ. Press, 2008.
10. B. Anckaert, "Diversity for Software Protection," PhD thesis, Electronics and Information Systems Dept., Ghent Univ., 2008.
11. M. Madou et al., "Hybrid Static-Dynamic Attacks against Software Protection Mechanisms," Proc. 5th ACM Workshop on Digital Rights Management, ACM, 2005, pp. 75–82.