A zero-day attack happens when attackers exploit a cyber vulnerability that is unknown to the public. It has been reported that 15% of the exploits occur before the disclosure of relevant vulnerabilities. Unfortunately, it is extremely challenging to defend against zero-day exploitation because the root cause of the relevant vulnerability is unknown and no patch is available when the attack happens. Security analysts or program developers will need enough data such as attack incidences and network/system logs to diagnose the compromised hosts. Tremendous damage could have been done by the time patches are released and applied. The notorious Heartbleed attack has caused huge information leakage by exploiting the Heartbeat feature in OpenSSL clients and servers. Even until now, though the patch is released, there are online hosts that are still exposed to Heartbleed.
The zero-day vulnerability gives attackers a free pass to hack any reachable host with relevant programs installed. In order to gain more benefit at a larger scale, zero-day attacks typically target popular programs, network protocols and web services. One of the major reasons of network related programs being more vulnerable to zero-day attack is the issue of "feature creep''. The implementations of popular network services are often "bloated'' due to various users' needs and complex environment for deployment. The continual expansion of program features contribute to not only growing complexity but also the increasing attack surface, making the maintenance of program security more challenging.
Existing works try to reduce the zero-day attack surface through program customization, which is to create a customized version of the original program, by removing undesired program functionalities ahead of potential attacks. Static customization approaches typically rely on tainting/slicing analysis upon source code, to extract the target program components. Dynamic approaches reuse instruction traces to construct new program binaries. While the former heavily depends on program source code, which could be unavailable for commercial software, the latter suffer from limited code coverage due to incomplete input space. Therefore, it is desirable to design an automated and robust program customization framework that works with program binary and achieves high code coverage and soundness.
This dissertation aims to address the limitations of existing program customization and vulnerability detection techniques and apply the new design to network protocols/programs. In particular, feature-based customization framework is proposed (which consists of feature identification, feature rewriting and feature validation) to create customized programs. We utilize techniques such as system emulation/tracing, cross-host tainting, guided symbolic execution to identify the relevant program instructions, after which static binary rewriting is performed to modify the program. Further, dynamic feature management system is proposed to protect the feature invocation during runtime. Finally, a state-aware fuzzer is designed to improve the code coverage of targeted features and validate the soundness of feature customization. Our proposed customization and fuzzing framework effectively identifies and removes undesired features in the original program, and builds a program with just-enough features, eliminating the potential vulnerabilities that may result in zero-day attacks.
|Commitee:||Lan, Tian, Ozel, Omur, Venkataramani, Guru, Doroslovacki, Milos, Dehghanian, Payman|
|School:||The George Washington University|
|School Location:||United States -- District of Columbia|
|Source:||DAI-A 81/8(E), Dissertation Abstracts International|
|Subjects:||Computer Engineering, Communication|
|Keywords:||Binary analysis, Cyber security, Network protocol, Program fuzzing, Vulnerability detection|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be