Author(s): Hong Hu, Zheng Leong Chua, Prateek Saxena, Zhenkai Liang

Download: Paper (PDF)

Date: 27 Jul 2015

Document Type: Briefing Papers

Associated Event: NDSS Symposium 2015


One way to enhance software security is to isolate important code and data. In such a mechanism, different components/programs are isolated from each other, and access is only provided through limited interfaces. However, the interface still provides attackers with a channel to influence the code being protected, where normal code can be leveraged by attackers to perform arbitrary memory accesses. In this paper, we present a systematic method to detect such dereference under the influence (DUI) vulnerability through binary analysis. Our solution detects DUI and estimates the attackers’ capability that can be obtained through DUI exploits. Our evaluation shows that our approach can accurately identify code vulnerable to DUIs in real-world software components and programs.