The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later

Introduction

This paper is published in CCS 2017. In the paper, the paper proposes a dynamic analysis (Newton) to find function gadgets even in the presence of state-of-the-art code reuse defenses. In the end of this paper, the author gives an in-depth analysis on nginx and present attacks under the restriction of CPI and Context-sensitive CFI. Continue reading “The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later”

Advertisements

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concepts Exploits

Introduction

In this paper, the author finds that, besides the running status, the non-code descriptions in CVE and Linux git logs can also help the fuzzer to avoid unnecessary runs, saving a lot of time in the fuzzing process. In particular, we use the semantics-based approach (e.g., NLP) to automatically analyse the description and extract necessary information for feeding to the fuzzer. Continue reading “SemFuzz: Semantics-based Automatic Generation of Proof-of-Concepts Exploits”