• DocumentCode
    561250
  • Title

    Towards an automatic exploit pipeline

  • Author

    DeMott, Jared D. ; Enbody, Richard J. ; Punch, William F.

  • Author_Institution
    Comput. Sci. Dept., Michigan State Univ., East Lansing, MI, USA
  • fYear
    2011
  • fDate
    11-14 Dec. 2011
  • Firstpage
    323
  • Lastpage
    329
  • Abstract
    A continuous and fully automated software exploit discovery and development pipeline for real-world problems has not yet been achieved, but is desired by defenders and attackers alike. We have made significant steps toward that goal by combining and enhancing known bug hunting and analysis techniques. The first step is the implementation of an easy-to-use distributed fuzzer. Single fuzzers take too long to produce the number of results required. Since distributed fuzzers achieve high-output (typically many found bugs) sorting is required, which we include. We add another layer of triage support by combining in an enhanced fault localization process. Our work automates much of the process so that human resources are only needed at a few key checkpoints along the pipeline, arguably enhancing overall system efficiency. We demonstrate our process on contrived code, the Siemens suite, and two real-world pieces of code: Firefox and Java.
  • Keywords
    Java; checkpointing; pipeline processing; program debugging; security of data; software fault tolerance; systems analysis; Firefox; Java; Siemens suite; analysis technique; automated software exploit discovery; automatic exploit pipeline; bug hunting; checkpoints; contrived code; development pipeline; distributed fuzzer; fault localization process; high-output sorting; human resources; software security; triage; Computer bugs; Debugging; Noise; Pipelines; Security; Software; Automatic Vulnerability Discovery and Exploitation; Distributed Fuzzing; Fault localization; Software Security; Software Testing and Debugging;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Technology and Secured Transactions (ICITST), 2011 International Conference for
  • Conference_Location
    Abu Dhabi
  • Print_ISBN
    978-1-4577-0884-8
  • Type

    conf

  • Filename
    6148387