PROJECT TITLE :

Automatic Detection of Unsafe Dynamic Component Loadings

ABSTRACT:

Dynamic loading of software components (e.g., libraries or modules) is a widely used mechanism for an improved system modularity and flexibility. Correct component resolution is critical for reliable and secure software execution. However, programming mistakes may lead to unintended or even malicious components being resolved and loaded. In particular, dynamic loading can be hijacked by placing an arbitrary file with the specified name in a directory searched before resolving the target component. Although this issue has been known for quite some time, it was not considered serious because exploiting it requires access to the local file system on the vulnerable host. Recently, such vulnerabilities have started to receive considerable attention as their remote exploitation became realistic. It is now important to detect and fix these vulnerabilities. In this paper, we present the first automated technique to detect vulnerable and unsafe dynamic component loadings. Our analysis has two phases: 1) apply dynamic binary instrumentation to collect runtime information on component loading (online phase), and 2) analyze the collected information to detect vulnerable component loadings (offline phase). For evaluation, we implemented our technique to detect vulnerable and unsafe component loadings in popular software on Microsoft Windows and Linux. Our evaluation results show that unsafe component loading is prevalent in software on both OS platforms, and it is more severe on Microsoft Windows. In particular, our tool detected more than 4,000 unsafe component loadings in our evaluation, and some can lead to remote code execution on Microsoft Windows.


Did you like this research project?

To get this research project Guidelines, Training and Code... Click Here


PROJECT TITLE : A Natural Language Process-Based Framework for Automatic Association Word Extraction ABSTRACT: In psychology, word association has been extensively explored for exposing mental representations and relationships
PROJECT TITLE : Automatic Keyword and Sentence-Based Text PDF/DOC Summarization for Software Bug Reports ABSTRACT: Text summarization is a method of extracting essential information from papers quickly and efficiently. The proposed
PROJECT TITLE : Automatic Keyword Extraction for Text Summarization A Survey ABSTRACT: Data has been quickly rising in recent years in every sphere, including journalism, social media, banking, education, and so on. Due to the
PROJECT TITLE : Automatic Traffic Sign Detection and Recognition Using SegU-Net and a Modified Tversky Loss Function With L1- Constraint ABSTRACT: Autonomous vehicle technology relies heavily on traffic sign detection. Researchers
PROJECT TITLE : Automatic Cataract Classification Using Deep Neural Network With Discrete State Transition ABSTRACT: Cataract is the primary cause of blindness in the globe because of the clouding of the lens. It will be better

Ready to Complete Your Academic MTech Project Work In Affordable Price ?

Project Enquiry