Reuse-Oriented Camouflaging Attack: Vulnerability Detection and Attack Construction

The authors introduce a reuse-oriented camouflaging attack - a new threat to legal software binaries. To perform a malicious action, such an attack will identify and reuse an existing function in a legal binary program instead of implementing the function itself. Furthermore, the attack is stealthy in that the malicious invocation of a targeted function usually takes place in a location where it is legal to do so, closely mimicking a legal invocation. At the network level, the victim binary can still follow its communication protocol without exhibiting any anomalous behavior. Meanwhile, many close-source shareware binaries are rich in functions that can be maliciously "Reused", making them attractive targets of this type of attack.