![](/images/graphics-bg.png)
A Pattern-Based Software Testing Framework for Exploitability Evaluation of Metadata Corruption Vulnerabilities
Joint Authors
Jiang, Zhiyuan
Deng, Fenglei
Wang, Jian
Su, Yunfei
Feng, Chao
Zhang, Bin
Source
Issue
Vol. 2020, Issue 2020 (31 Dec. 2020), pp.1-21, 21 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2020-09-27
Country of Publication
Egypt
No. of Pages
21
Main Subjects
Abstract EN
In recent years, increased attention is being given to software quality assurance and protection.
With considerable verification and protection schemes proposed and deployed, today’s software unfortunately still fails to be protected from cyberattacks, especially in the presence of insecure organization of heap metadata.
In this paper, we aim to explore whether heap metadata could be corrupted and exploited by cyberattackers, in an attempt to assess the exploitability of vulnerabilities and ensure software quality.
To this end, we propose RELAY, a software testing framework to simulate human exploitation behavior for metadata corruption at the machine level.
RELAY employs the heap layout serialization method to construct exploit patterns from human expertise and decomposes complex exploit-solving problems into a series of intermediate state-solving subproblems.
With the heap layout procedural method, RELAY makes use of the fewer resources consumed to solve a layout problem according to the exploit pattern, activates the intermediate state, and generates the final exploit.
Additionally, RELAY can be easily extended and can continuously assimilate human knowledge to enhance its ability for exploitability evaluation.
Using 20 CTF&RHG programs, we then demonstrate that RELAY has the ability to evaluate the exploitability of metadata corruption vulnerabilities and works more efficiently compared with other state-of-the-art automated tools.
American Psychological Association (APA)
Deng, Fenglei& Wang, Jian& Zhang, Bin& Feng, Chao& Jiang, Zhiyuan& Su, Yunfei. 2020. A Pattern-Based Software Testing Framework for Exploitability Evaluation of Metadata Corruption Vulnerabilities. Scientific Programming،Vol. 2020, no. 2020, pp.1-21.
https://search.emarefa.net/detail/BIM-1209298
Modern Language Association (MLA)
Deng, Fenglei…[et al.]. A Pattern-Based Software Testing Framework for Exploitability Evaluation of Metadata Corruption Vulnerabilities. Scientific Programming No. 2020 (2020), pp.1-21.
https://search.emarefa.net/detail/BIM-1209298
American Medical Association (AMA)
Deng, Fenglei& Wang, Jian& Zhang, Bin& Feng, Chao& Jiang, Zhiyuan& Su, Yunfei. A Pattern-Based Software Testing Framework for Exploitability Evaluation of Metadata Corruption Vulnerabilities. Scientific Programming. 2020. Vol. 2020, no. 2020, pp.1-21.
https://search.emarefa.net/detail/BIM-1209298
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1209298