The article??™s primary purpose is to present formal
program analysis theory in a traditionally non-formal venue in the hopes of sparking
interest in this type of analysis. For more information, readers are invited to review followon
work on the ERESI Reverse Engineering Software Interface.
BinDiff
An alternative approach to locating vulnerabilities is to allow vendors to locate and fix
the vulnerabilities themselves, and then, in the wake of a patch, to study exactly what
has changed in the patched program. Under the assumption that patches either add
completely new functionality or fix broken functionality, it can be useful to analyze each
change to determine if the modification addresses a vulnerable condition. By studying
any safety checks implemented in the patch, it is possible to understand what types of
malformed input might lead to exploits in the unpatched program. This can lead to the
rapid development of exploits against unpatched systems. It is not uncommon to see
exploits developed within 24 hours of the release of a vendor patch. Searching for vulnerabilities
that have already been patched may not seem like the optimal way to spend
your valuable research time, so what is the point of difference analysis? The first reason
is simply to be able to develop proof-of-concept exploits for use in pen-testing against
unpatched clients.
Pages:
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553