Create an Account
username: password:
 
  MemeStreams Logo

RE: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications

search

Worthersee
Picture of Worthersee
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Worthersee's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
RE: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
Topic: Technology 3:00 pm EDT, Apr 19, 2008

Key Design Points
The most important design question for constructing the constraint formula is to figure out what instructions to include in the formula. We need to include all the instructions for an exploitable path for the solver to generate a candidate exploit. However, the number of exploitable paths is usually only a fraction of all paths to the new check. Should the formula cover all such execution paths, some of them, or just one? We consider three approaches to answering this question: a dynamic approach which considers only a single path at a time, a static approach which considers multiple paths in the CFG without enumerating them, and a combined dynamic and static approach.

This is a really good example of combining Static Analysis and Dynamic Analysis to find and verify security vulnerabilities. Come see my Summercon presentation for more on this topic.

RE: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications



 
 
Powered By Industrial Memetics
RSS2.0