Code Integration-Based Vulnerability Auditing presented at BlackhatUSA 2006

by William B Kimball,

Summary : There is a growing need to develop improved methods for discovering vulnerabilities in closed-source software. The tools and techniques used to automate searching for these vulnerabilities are either incomplete or non-existent. Fuzz-testing is a common technique used in the discovery process but does not provide a complete analysis of all the vulnerabilities which may exist. Other techniques, such as API hooking, are used to monitor insecure imported functions while leaving inlined functions still waiting to be found. LEVI is a new vulnerability auditing tool (Windows NT Family) which addresses both of these issues by using a code integration-based technique to monitor both imported and inlined functions. Using this approach provides a more complete analysis of the vulnerabilities hidden within closed-source software.