Please use this identifier to cite or link to this item:
Title: SUDUTA : script UAF detection using taint analysis
Authors: Galea, John
Vella, Mark Joseph
Keywords: Computer security
Computer networks -- Security measures
Computer crimes
Web services -- Security measures
Binary control systems
Issue Date: 2015
Publisher: Springer, Cham.
Citation: Galea, J., & Vella, M. (2015, September). SUDUTA: Script UAF Detection Using Taint Analysis. International Workshop on Security and Trust Management, Austria. 136-151.
Abstract: Use-after-free (UAF) vulnerabilities are caused by the use of dangling pointers. Their exploitation inside script engine-hosting applications, e.g. web browsers, can even bypass state-of-the-art countermeasures. This work proposes SUDUTA (Script UAF Detection Using Taint Analysis), which aims at facilitating the diagnosis of UAF bugs during vulnerability analysis and improves an existent promising technique based on dynamic taint tracking. Firstly, precise taint analysis rules are presented in this work to clearly specify how SUDUTA manages the taint state. Moreover, it shifts its analysis to on-line, enabling instrumentation code to gain access to the program state of the application. Lastly, it handles the presence of custom memory allocators that are typically utilised in script-hosting applications. Results obtained using a benchmark dataset and vulnerable applications validate these three improvements.
Appears in Collections:Scholarly Works - FacICTCS

Files in This Item:
File Description SizeFormat 
  Restricted Access
586.21 kBAdobe PDFView/Open Request a copy

Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.