VIPER
can automatically identify syscall-guard vairables for data-only attacks. It has two main components:
- BranchForcer (built on AFL) shortlists candidates of syscall-guard branches;
- VariableRator measures the feasibility of corrupting syscall-guard variables.
Please check our paper published on USENIX Security 2023 for more details.
clang 6.0
- compiler (pre-built binaries, source code)graphviz
- data-flow visualizer (source code)wllvm
- whole-program-llvm IR generator (source code)
./build.sh
- Check test-sqlite.md for steps to test SQLite.
- Check repository viper-artifact to test more programs
- Check data-only attacks for four new data-only attacks
- Hengkai Ye [email protected]
- Song Liu [email protected]
- Zhechang Zhang [email protected]
- Hong Hu [email protected]
VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks
@inproceedings{ye:viper,
title = {{VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks}},
author = {Hengkai Ye and Song Liu and Zhechang Zhang and Hong Hu},
booktitle = {Proceedings of the 32nd USENIX Security Symposium (USENIX 2023)},
month = {aug},
year = {2023},
address = {Anaheim, CA},
}