Fig 2 System overview of proposed method.
It is worth mentioning that one important assumption for our method is
that the memory objects can be affected by the bugs through specific
methods, such as heap layout manipulation [8,9]. In this way, after
triggering a vulnerability, it becomes possible to drive the program
into an exploitable state by affecting these critical objects.
Corrupted Data Propagation Model: To figure out the propagation
process of corrupted data among memory objects and evaluate the effects,
we construct a model combined static and dynamic method, which also
provides support for fuzzing.
Firstly, this letter leverages the Static Value Flow (SVF) [7]
framework for instrumenting the target program in LLVM level. SVF is a
common data flow analysis framework that effectively supports
cross-module and cross-procedure data flow analysis in large-scale
programs. Given source code, we leverage SVF to construct a Value Flow
Graph (VFG), which shows the data flow relationships among variables.
For example, Figure 3 is part of VFG, where each node represents a
variable or expression of the program, and each edge denotes the data
flow relationship. In Figure 3, the variable %3 influences variable
%10 through the getelementptr , and variable %10 further affects
the variable %11.