Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Paladin describes a set of internal tools that automate the steps a researcher would take to understand how a given exploit takes advantage of a given vulnerability. As of today, these tools are not for public consumption.
These tools take as input a vulnerable program and an exploit. The tools run the exploit against the vulnerable program and generate an output a file. This output file characterizes how the exploit puts the vulnerable program into a malicious state.
A vulnerable program is in a malicious state when an exploit:
These four states encompass a large set of how vulnerabilities in software are exploited.
Our automated vulnerability analysis tools are composed of a binary translator and data flow tracker. The binary translator works with the data flow tracker to dynamically track the exploit bytes entering a vulnerable program’s address space and propagating throughout the address space during program execution. Whenever these exploit bytes are used to produce one of the four above conditions, execution is halted and automated analysis is complete.
Stack based overflow in an Image Viewer program occurs when a field in an image file exceeds a fixed sized buffer limit.
The interesting portions of the characterizing output log of this Image Viewer vulnerability are as follows:
The automatically generated log file provides the following information to the researcher:
To obtain the above information in a matter of seconds is a large win for a researcher and just part of an arsenal of tools that will deliver scalable automated vulnerability analysis.
- MMPC Vulnerability Response Team