SaTC: CORE: Small: Towards Locating Memory Corruption Vulnerability with Core Dump

Project: Research project

Project Details


After a program has crashed and terminated abnormally, it typically leaves behind a snapshot of its crashing state in the form of a core dump. While a core dump carries a large amount of information, which has long been used for software debugging, it barely serves as informative debugging aids in locating software faults, particularly memory corruption vulnerabilities. This research project aims to explore, design, and develop lightweight, systematic and automated approaches that turn a core dump into an informative aid in tracking down memory corruption vulnerabilities. The proposed research has three key components. First, the project will develop a technical approach to improve the quality of information extracted from core dumps. Second, the project will explore a set of technical approaches to enhance this readilyͲavailable information. Last but not least, the project will develop a technical approach to automatically analyze enhanced core dumps and pinpoint the root cause of software crashes. Over the past years, we have completed the first and second components of the project. We are currently in the process of the last component. To be specific, we developed two systems ͲͲ POMP and DEEPVSA. POMP takes the responsibility of improving the quality of a crash dump. DEEPVSA introduces an AIͲassisted method to enhance readilyͲavailable information. We published POMP and DEEPVSA at USENIX Security 2018 and 2019, respectively. For the third component, we have developed a system ͲͲ GREBE. GREBE is recently accepted by IEEE S&P 2022. Technically, it utilizes static and dynamic analysis techniques to diversity a program's multiple crashing behaviors. With this ability, our last piece of the research work will be to leverage the multiple behaviors to pinpoint the root cause of the crash. In the last stage of the project, we will complete this last component and then conclude the project. Until this report, we have already released our source code of three systems ͲͲ POMP, DEEPVSA, and GREBE to the public.
Effective start/end date11/15/217/31/22


  • National Science Foundation (CNS-2219379)


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.