HAIT: Heap Analyzer with Input Tracing

Andrea Atzeni, Andrea Marcelli, Francesco Muroni, Giovanni Squillero

2017

Abstract

Heap exploits are one of the most advanced, complex and frequent types of attack. Over the years, many effective techniques have been developed to mitigate them, such as data execution prevention, address space layout randomization and canaries. However, if both knowledge and control of the memory allocation are available, heap spraying and other attacks are still feasible. This paper presents HAIT, a memory profiler that records critical operations on the heap and shows them graphically in a clear and comprehensible format. A prototype was implemented on top of Triton, a framework for dynamic binary analysis. The experimental evaluation demonstrates that HAIT can help identifying the essential information needed to carry out heap exploits, providing valuable knowledge for an effective attack.

Download


Paper Citation


in Harvard Style

Atzeni A., Marcelli A., Muroni F. and Squillero G. (2017). HAIT: Heap Analyzer with Input Tracing . In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017) ISBN 978-989-758-259-2, pages 327-334. DOI: 10.5220/0006420803270334


in Bibtex Style

@conference{secrypt17,
author={Andrea Atzeni and Andrea Marcelli and Francesco Muroni and Giovanni Squillero},
title={HAIT: Heap Analyzer with Input Tracing},
booktitle={Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)},
year={2017},
pages={327-334},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006420803270334},
isbn={978-989-758-259-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)
TI - HAIT: Heap Analyzer with Input Tracing
SN - 978-989-758-259-2
AU - Atzeni A.
AU - Marcelli A.
AU - Muroni F.
AU - Squillero G.
PY - 2017
SP - 327
EP - 334
DO - 10.5220/0006420803270334