Authors:
Andrea Atzeni
1
;
Andrea Marcelli
1
;
Francesco Muroni
2
and
Giovanni Squillero
1
Affiliations:
1
Politecnico di Torino, Italy
;
2
Independent Scholar, Italy
Keyword(s):
Heap, Exploit, Memory Profiler, Dynamic Symbolic Execution, Taint Analysis.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Software Security
Abstract:
Heap exploits are one of the most advanced, complex and frequent types of attack. Over the years, many
effective techniques have been developed to mitigate them, such as data execution prevention, address space
layout randomization and canaries. However, if both knowledge and control of the memory allocation are
available, heap spraying and other attacks are still feasible. This paper presents HAIT, a memory profiler that
records critical operations on the heap and shows them graphically in a clear and comprehensible format. A
prototype was implemented on top of Triton, a framework for dynamic binary analysis. The experimental
evaluation demonstrates that HAIT can help identifying the essential information needed to carry out heap
exploits, providing valuable knowledge for an effective attack.