Dereference Under the Influence (DUI) – You Can’t Afford It
Download: Paper (PDF)
Date: 27 Jul 2015
Document Type: Briefing Papers
Associated Event: NDSS Symposium 2015
Abstract:
One way to enhance software security is to isolate important code and data. In such a mechanism, different components/programs are isolated from each other, and access is only provided through limited interfaces. However, the interface still provides attackers with a channel to influence the code being protected, where normal code can be leveraged by attackers to perform arbitrary memory accesses. In this paper, we present a systematic method to detect such dereference under the influence (DUI) vulnerability through binary analysis. Our solution detects DUI and estimates the attackers’ capability that can be obtained through DUI exploits. Our evaluation shows that our approach can accurately identify code vulnerable to DUIs in real-world software components and programs.