A LANGUAGE-BASED APPROACH FOR SECURING ACTIONSCRIPT/FLASH VULNERABILITIES
Abstract
Web technologies enable web users to share files, images, audios, videos with each other worldwide. The accessibility provided by the web lures web pirates to perform unauthorized, malicious activities in victim machines remotely by exploiting design flaws that reside in the implementation of web browsers and their plug-ins, virtual machines (VMs). VMs are one of the popular browser plug-ins that are widely deployed, have become one of the most tempting targets for attackers over the years. The ActionScript Virtual Machine (AVM) that executes Flash binaries is one of the browser plug-ins that lures attackers due to the number of design flaws it contains. Over the last five years, more than 700 vulnerabilities were discovered in the AVM versions. Therefore, ActionScript vulnerabilities became the primary vehicle for web-based ransomware and banking trojans in 2016. Additionally, ActionScript vulnerabilities were part of infamous exploit kits, such as Angler EK, Nuclear, and Neutrino, in the same year 2016. More recently, researchers disclosed four zero-day exploits targeting the AVM versions in the last two years.This dissertation presents a robust, elegant security solution that can mitigate major categories of vulnerabilities that reside in the AVM. The solution allows security personnel to arrive at vulnerability-class-specific solutions that can be applied directly into untrusted executables without requiring technology-owner companies' cooperation.This dissertation is presented in three thrusts: (1) vulnerability classification, (2) in-lined reference monitoring, and (3) automatic exploit generation. The vulnerability classification identifies the attack surface of the AVM by analyzing ActionScript vulnerabilities to classify them. This classification is conducive to building a generic, robust security solution that mitigates vulnerabilities that are part of major vulnerability classes. To demonstrate the efficiency of the vulnerability classification, a robust, vulnerability- or vulnerability-class-specific security solution, Inscription, which leverages in-lined reference monitoring, is presented. Inscription modifies untrusted Flash binaries to thwart cyberattacks that exploit known or zero-day vulnerabilities. The automatic exploit generation tool, GUIDEXP, hardens the developed security solution by allowing security personnel to observe run-time behaviors of exploit scripts that it synthesizes for the target design flaws.