An introduction of Use-After-Free detection in binary code by static analysis

An introduction of Use-After-Free detection in binary code by static analysis

Use-After-Free is a well-known class of vulnerabilities that is commonly used by modern exploits (cf. Pwn2own 2016). In the research project AnaStaSec, AMOSSYS works on how to statically detect such vulnerabilities in binary codes. In this blog post, we explain how the scientific community suggests detecting such type of vulnerabilities. The goal of this state of the art is to define a global methodology that will then let us build a proof of concept tool that satisfies our needs.

more ...