View Code? Open in Web Editor NEW

A tool for automatically identifying syscall-guard variables

License: MIT License

Shell 6.04% JavaScript 0.01% C++ 23.58% Python 1.24% C 65.31% Makefile 3.08% HTML 0.55% CMake 0.16% PLpgSQL 0.03% Rich Text Format 0.01%

viper's Introduction

VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks

VIPER can automatically identify syscall-guard vairables for data-only attacks. It has two main components:

BranchForcer (built on AFL) shortlists candidates of syscall-guard branches;
VariableRator measures the feasibility of corrupting syscall-guard variables.

Please check our paper published on USENIX Security 2023 for more details.

Prerequisite

clang 6.0 - compiler (pre-built binaries, source code)
graphviz - data-flow visualizer (source code)
wllvm - whole-program-llvm IR generator (source code)

Build

./build.sh

Test applications

Check test-sqlite.md for steps to test SQLite.
Check repository viper-artifact to test more programs

End-to-end Attacks

Check data-only attacks for four new data-only attacks

Authors

Hengkai Ye [email protected]
Song Liu [email protected]
Zhechang Zhang [email protected]
Hong Hu [email protected]

Publication

VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks

@inproceedings{ye:viper,
  title        = {{VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks}},
  author       = {Hengkai Ye and Song Liu and Zhechang Zhang and Hong Hu},
  booktitle    = {Proceedings of the 32nd USENIX Security Symposium (USENIX 2023)},
  month        = {aug},
  year         = {2023},
  address      = {Anaheim, CA},
}

Recommend Projects