Identifying and Analyzing Pointer Misuses for Sophisticated Memory-Corruption Exploit Diagnosis
Software exploits are one of the major threats to the Internet security. A large family of exploits works by corrupting memory of the victim process to execute malicious code. To quickly respond to these attacks, it is critical to automatically diagnose such exploits to find out how they circumvent existing defense mechanisms. Because of the complexity of the victim programs and sophistication of recent exploits, existing analysis techniques fall short: they either miss important attack steps or report too much irrelevant information. In this paper, based on the observation that the key steps in memory corruption exploits often involve pointer misuses, the authors propose a novel solution, PointerScope, to use type inference on binary execution to detect the pointer misuses induced by an exploit.