Create an Account
username: password:
 
  MemeStreams Logo

Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
Topic: Miscellaneous 5:40 pm EDT, Apr 18, 2008

In the automatic patch-based exploit generation problem, we are given two versions of the same program P and P' where P' fixes an unknown vulnerability in P. The goal is to generate an exploit for P for the vulnerability fixed in P'. More formally, we are given a safety policy F, and the programs P and P'. The purpose of F is to encode what constitutes an exploit. Our goal is to generate an input x such that F(P(x)) = unsafe, but F(P′(x)) = safe.

... ... !!!

There is something humbling about seeing hours work (reading the Microsoft security bulletin, using IDA and BinDiff, discovering the security changes, performing the needed "magic" like unicode evasion, no null's etc) reduced to a math equation.

Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications



 
 
Powered By Industrial Memetics
RSS2.0