Reuse-Oriented Camouflaging Trojan: Vulnerability Detection and Attack Construction
Zhiqiang Lin, Xiangyu Zhang and Dongyan Xu
$Id: dsn10.t2t, v1.0, last updated %%mtime(%c) Exp $

%! Target:
%! Options: --toc --css-sugar --encoding=iso-8859-1
%! Style: tech.css
%! PreProc:
%! PostProc:
%! include: ''dim.js''


=== Abstract ===

[[img/dsn10.jpg] img/dsn10.jpg]

We introduce the reuse-oriented camouflaging trojan -- a
new threat to legitimate software binaries. To perform a malicious
action, such a trojan identifies and reuses an existing
function in a legal binary program instead of implementing
the function itself. Furthermore, this trojan is stealthy in
that the malicious invocation of a targeted function usually
takes place in a location where it is legal to do so, closely
mimicking a legal invocation. At the network level, the victim
binary can still follow its communication protocol without
exhibiting any anomalous behavior. Meanwhile, many
close-source shareware binaries are rich in functions that
can be maliciously ``reused" making them attractive targets
of this type of attack. In this paper, we present a framework
to determine if a given binary program is vulnerable
to this attack and to construct a concrete trojan if so. Our
experiments with a number of real-world software binaries
demonstrate that the reuse-oriented camouflaging trojans
are a real threat and vulnerabilities of this type in legal binaries
can be effectively revealed and confirmed.




=== Full Paper ===
The full paper can be download from here [[PDF file/DCCS10.pdf]]


---------------------------------------------------------------------------
[HOME index.html]  [SOURCE %%infile]