Checking the World's Software for Exploitable Bugs
Event details
| Date | 04.06.2013 |
| Hour | 14:00 › 15:00 |
| Speaker | Prof. David Brumley, Carnegie Mellon University |
| Location | |
| Category | Conferences - Seminars |
Attackers only need to find a single exploitable bug in order to install worms, bots, and other malware on vulnerable computers. Unfortunately, developers rarely have the time or resources to fix all bugs. This raises a serious security question: which bugs are exploitable, and thus should be fixed first? My research teams vision is to automatically check the world's software for exploitable bugs. Our approach is based on program verification, but with a twist. Traditional verification takes a program and a specification of safety as inputs, and checks that all execution paths of the program meet the safety specification. The twist in AEG is we replace typical safety properties with an ``un-exploitability'' property, and the ``verification'' process becomes finding a program path in which the un-exploitability property does not hold. Our analysis generates working control flow hijack and command injection exploits for exploitable paths. I'll discuss our results with a data set of over 1,000 programs and over 370 days of analysis time. Despite the large amount of analysis, there is still much to be done. In the last part of this talk, I'll describe several of the remaining research challenges.
Links
Practical information
- General public
- Free
Organizer
- SuRI 2013
Contact
- Simone Muller