Towards an automatic exploit pipeline

A continuous and fully automated software exploit discovery and development pipeline for real-world problems has not yet been achieved, but is desired by defenders and attackers alike. We have made significant steps toward that goal by combining and enhancing known bug hunting and analysis techniques. The first step is the implementation of an easy-to-use distributed fuzzer. Single fuzzers take too long to produce the number of results required. Since distributed fuzzers achieve high-output (typically many found bugs) sorting is required, which we include. We add another layer of triage support by combining in an enhanced fault localization process. Our work automates much of the process so that human resources are only needed at a few key checkpoints along the pipeline, arguably enhancing overall system efficiency. We demonstrate our process on contrived code, the Siemens suite, and two real-world pieces of code: Firefox and Java.