Conclusion

Overview

The process of discovering vulnerabilities can be time-consuming and extremely tedious . We can save time and increase our efficiency by developing and maintaining a toolkit specifically designed to discover flaws in targeted software packages. This tool kit should consist of utilities and technologies that will allow us to audit an application's source code and its compiled machine code. We should also include tools that allow us to audit an application while it is operating. This category of tools includes aggressive auditing technologies (such as fuzzer, see Chapter 15), as well as miscellaneous passive monitoring tools. Each of our tools allows us to examine the security of an application from a different perspective. The technology within each of our tools has its benefits as well as its weaknesses. By combining several of these technologies, we can eliminate many of their weaknesses while retaining their individual strengths.

In the second quarter of 2001, a project was begun to combine several technologies into one auditing solution, EVE. Each technology had its own weaknesses when used alone; for example, machine-code auditing was very effective in identifying single instances of potential security holes, but unfortunately , the task of determining whether the potential flaw could actually be exploited was extremely difficult if the application was not running. By building a machine-code auditing solution capable of auditing applications while they were executing, we could trace the program's execution and learn about code paths that could be used to reach the potential vulnerability. This new auditing application allowed us to trace vulnerabilities, hence the name vulnerability tracing . Some tracing technologies monitor system calls and/or base API calls. We're going to monitor the use of various functions that can be used together to create vulnerabilities.

A hybrid auditing technology, EVE combines machine-code analysis, debugging, and flow tracing, as well as image rewriting. EVE has been used to discover several highly publicized software vulnerabilities and now holds a permanent place in our toolkit.

In this chapter, we will learn about each of the components that form the building blocks of the vulnerability tracing technology. We will include a walkthrough of the design and implementation of a simple vulnerability tracing utility that will allow us to passively examine an application for a simple buffer overflow class vulnerability.



The Shellcoder's Handbook. Discovering and Exploiting Security
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors: Neal Krawetz

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net