13-11-2012, 02:31 PM
Automatic Detection of Unsafe Dynamic Component Loadings
ABSTRACT
Dynamic loading of software components (e.g., libraries
or modules) is a widely used mechanism for an
improved system modularity and flexibility. Correct
component resolution is critical for reliable and secure
software execution. However, programming mistakes
may lead to unintended or even malicious components
being resolved and loaded. In particular, dynamic
loading can be hijacked by placing an arbitrary file with
the specified name in a directory searched before
resolving the target component. Although this issue has
been known for quite some time, it was not considered
serious because exploiting it requires access to the local
file system on the vulnerable host. Recently, such
vulnerabilities have started to receive considerable
attention as their remote exploitation became realistic. It
is now important to detect and fix these vulnerabilities.
In this paper, we present the first automated technique to
detect vulnerable and unsafe dynamic component
loadings. Our analysis has two phases: 1) apply dynamic
binary instrumentation to collect runtime information on
component loading (online phase), and 2) analyze the
collected information to detect vulnerable component
loadings (offline phase). For evaluation, we
implemented our technique to detect vulnerable and
unsafe component loadings in popular software on
Microsoft Windows and Linux. Our evaluation results
show that unsafe component loading is prevalent in
software on both OS platforms, and it is more severe on
Microsoft Windows. In particular, our tool detected
more than 4,000 unsafe component loadings in our
evaluation, and some can lead to remote code execution
on Microsoft Windows.