Zero-day defense: discovering and removing vulnerabilities through program customization and fuzzing Open Access
Downloadable ContentDownload PDF
A zero-day attack happens when attackers exploit a cyber vulnerability that is unknown to the public. It has been reported that 15% of the exploits occur before the disclosure of relevant vulnerabilities. Unfortunately, it is extremely challenging to defend against zero-day exploitation because the root cause of the relevant vulnerability is unknown and no patch is available when the attack happens. Security analysts or program developers will need enough data such as attack incidences and network/system logs to diagnose the compromised hosts. Tremendous damage could have been done by the time patches are released and applied. The notorious Heartbleed attack has caused huge information leakage by exploiting the Heartbeat feature in OpenSSL clients and servers. Even until now, though the patch is released, there are online hosts that are still exposed to Heartbleed.The zero-day vulnerability gives attackers a free pass to hack any reachable host with relevant programs installed. In order to gain more benefit at a larger scale, zero-day attacks typically target popular programs, network protocols and web services. One of the major reasons of network related programs being more vulnerable to zero-day attack is the issue of "feature creep''. The implementations of popular network services are often "bloated'' due to various users' needs and complex environment for deployment. The continual expansion of program features contribute to not only growing complexity but also the increasing attack surface, making the maintenance of program security more challenging. Existing works try to reduce the zero-day attack surface through program customization, which is to create a customized version of the original program, by removing undesired program functionalities ahead of potential attacks. Static customization approaches typically rely on tainting/slicing analysis upon source code, to extract the target program components. Dynamic approaches reuse instruction traces to construct new program binaries. While the former heavily depends on program source code, which could be unavailable for commercial software, the latter suffer from limited code coverage due to incomplete input space. Therefore, it is desirable to design an automated and robust program customization framework that works with program binary and achieves high code coverage and soundness.This dissertation aims to address the limitations of existing program customization and vulnerability detection techniques and apply the new design to network protocols/programs. In particular, feature-based customization framework is proposed (which consists of feature identification, feature rewriting and feature validation) to create customized programs. We utilize techniques such as system emulation/tracing, cross-host tainting, guided symbolic execution to identify the relevant program instructions, after which static binary rewriting is performed to modify the program. Further, dynamic feature management system is proposed to protect the feature invocation during runtime. Finally, a state-aware fuzzer is designed to improve the code coverage of targeted features and validate the soundness of feature customization. Our proposed customization and fuzzing framework effectively identifies and removes undesired features in the original program, and builds a program with just-enough features, eliminating the potential vulnerabilities that may result in zero-day attacks.