A LANGUAGE-BASED APPROACH FOR SECURING ACTIONSCRIPT/FLASH VULNERABILITIES

Yilmaz, Fadi

A LANGUAGE-BASED APPROACH FOR SECURING ACTIONSCRIPT/FLASH VULNERABILITIES

Search for this publication on Google Scholar

Yilmaz, F. (2020). A LANGUAGE-BASED APPROACH FOR SECURING ACTIONSCRIPT/FLASH VULNERABILITIES. Unc Charlotte Electronic Theses And Dissertations.

Download PDF

Analytics

120 views ◎
98 downloads ⇓

Abstract

Web technologies enable web users to share files, images, audios, videos with each other worldwide. The accessibility provided by the web lures web pirates to perform unauthorized, malicious activities in victim machines remotely by exploiting design flaws that reside in the implementation of web browsers and their plug-ins, virtual machines (VMs). VMs are one of the popular browser plug-ins that are widely deployed, have become one of the most tempting targets for attackers over the years. The ActionScript Virtual Machine (AVM) that executes Flash binaries is one of the browser plug-ins that lures attackers due to the number of design flaws it contains. Over the last five years, more than 700 vulnerabilities were discovered in the AVM versions. Therefore, ActionScript vulnerabilities became the primary vehicle for web-based ransomware and banking trojans in 2016. Additionally, ActionScript vulnerabilities were part of infamous exploit kits, such as Angler EK, Nuclear, and Neutrino, in the same year 2016. More recently, researchers disclosed four zero-day exploits targeting the AVM versions in the last two years.This dissertation presents a robust, elegant security solution that can mitigate major categories of vulnerabilities that reside in the AVM. The solution allows security personnel to arrive at vulnerability-class-specific solutions that can be applied directly into untrusted executables without requiring technology-owner companies' cooperation.This dissertation is presented in three thrusts: (1) vulnerability classification, (2) in-lined reference monitoring, and (3) automatic exploit generation. The vulnerability classification identifies the attack surface of the AVM by analyzing ActionScript vulnerabilities to classify them. This classification is conducive to building a generic, robust security solution that mitigates vulnerabilities that are part of major vulnerability classes. To demonstrate the efficiency of the vulnerability classification, a robust, vulnerability- or vulnerability-class-specific security solution, Inscription, which leverages in-lined reference monitoring, is presented. Inscription modifies untrusted Flash binaries to thwart cyberattacks that exploit known or zero-day vulnerabilities. The automatic exploit generation tool, GUIDEXP, hardens the developed security solution by allowing security personnel to observe run-time behaviors of exploit scripts that it synthesizes for the target design flaws.

Details

Author: Yilmaz, Fadi
Title: A LANGUAGE-BASED APPROACH FOR SECURING ACTIONSCRIPT/FLASH VULNERABILITIES
Physical Description: 1 online resource (173 pages) : PDF
Date: 2020
Degree Granting Institution: University of North Carolina at Charlotte
Abstract: Web technologies enable web users to share files, images, audios, videos with each other worldwide. The accessibility provided by the web lures web pirates to perform unauthorized, malicious activities in victim machines remotely by exploiting design flaws that reside in the implementation of web browsers and their plug-ins, virtual machines (VMs). VMs are one of the popular browser plug-ins that are widely deployed, have become one of the most tempting targets for attackers over the years. The ActionScript Virtual Machine (AVM) that executes Flash binaries is one of the browser plug-ins that lures attackers due to the number of design flaws it contains. Over the last five years, more than 700 vulnerabilities were discovered in the AVM versions. Therefore, ActionScript vulnerabilities became the primary vehicle for web-based ransomware and banking trojans in 2016. Additionally, ActionScript vulnerabilities were part of infamous exploit kits, such as Angler EK, Nuclear, and Neutrino, in the same year 2016. More recently, researchers disclosed four zero-day exploits targeting the AVM versions in the last two years.This dissertation presents a robust, elegant security solution that can mitigate major categories of vulnerabilities that reside in the AVM. The solution allows security personnel to arrive at vulnerability-class-specific solutions that can be applied directly into untrusted executables without requiring technology-owner companies' cooperation.This dissertation is presented in three thrusts: (1) vulnerability classification, (2) in-lined reference monitoring, and (3) automatic exploit generation. The vulnerability classification identifies the attack surface of the AVM by analyzing ActionScript vulnerabilities to classify them. This classification is conducive to building a generic, robust security solution that mitigates vulnerabilities that are part of major vulnerability classes. To demonstrate the efficiency of the vulnerability classification, a robust, vulnerability- or vulnerability-class-specific security solution, Inscription, which leverages in-lined reference monitoring, is presented. Inscription modifies untrusted Flash binaries to thwart cyberattacks that exploit known or zero-day vulnerabilities. The automatic exploit generation tool, GUIDEXP, hardens the developed security solution by allowing security personnel to observe run-time behaviors of exploit scripts that it synthesizes for the target design flaws.
Genre: doctoral dissertations
Subjects--Topics: Computer science
Degree: Ph.D.
Keywords: Actionscript Vulnerabilities
Automatic Exploit Generation
In-Lined Reference Monitoring
Virtual Machines
Vulnerability Classification
Web Security
Subject Area: Computer Science
Advisor(s): Sridhar, Meera
Committee Members: Lipford, Heather
Wang, Weichao
Shin, Min
Degree Note: Thesis (Ph.D.)--University of North Carolina at Charlotte, 2020.
Rights Statement: This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). For additional information, see http://rightsstatements.org/page/InC/1.0/.
Rights Holder Information: Copyright is held by the author unless otherwise indicated.
Identifier: Yilmaz_uncc_0694D_12459
Permalink: http://hdl.handle.net/20.500.13093/etd:2273

J. Murrey Atkins Library

J. Murrey Atkins Library