research-article

Free access

Automatic exploit generation

Authors:

David BrumleyAuthors Info & Claims

Communications of the ACM, Volume 57, Issue 2

Pages 74 - 84

https://doi.org/10.1145/2560217.2560219

Published: 01 February 2014 Publication History

All formats PDF

Abstract

The idea is to identify security-critical software bugs so they can be fixed first.

References

[1]

Avgerinos, T., Cha, S.K., Lim, B.T.H., and Brumley, D. AEG: Automatic Exploit Generation. In Proceedings of the Network and Distributed System Security Symposium (San Diego, CA, Feb. 6--9). Internet Society, Reston, VA, 2011, 283--300.

Google Scholar

[2]

Batchelder, D., Bawany, S., Blackbird, J., Blakemore, E., Faulhaber, J., Fayyaz, S., Felstead, D., Henry, P., Goel, N.K., Jones, J., Kuo, J., Lauricella, M., Malcolmson, K., Ng, N., Oram, M., Peccelj, D., Probert, D., Rains, T., Simorjay, F., Stewart, H., Thomlinson, M., Wu, S., and Zink, T. Microsoft Security Intelligence Report 12 (July--Dec. 2011). Microsoft, Redmond, WA; http://www.microsoft.com/security/sir/archive/default.aspx

Google Scholar

[3]

Bilge, L. and Dumitras, T. Before we knew it: An empirical study of zero-day attacks in the real world. In Proceedings of the ACM Conference on Computer and Communications Security (Raleigh, NC, Oct. 16--18). ACM Press, New York, 2012, 833--844.

Digital Library

Google Scholar

[4]

Bounimova, E., Godefroid, P., and Molnar, D. Billions and Billions of Constraints: Whitebox Fuzz Testing in Production. Technical Report MSR-TR-2012-55. Microsoft, Redmond, WA, May 2012; http://research.microsoft.com/apps/pubs/?id=165861

Google Scholar

[5]

Boyer, R. S., Elspas, B., and Levitt, K. N. SELECT---A formal system for testing and debugging programs by symbolic execution. In Proceedings of the International Conference on Reliable Software (Los Angeles, Apr). ACM Press, New York, 1975, 234--245.

Digital Library

Google Scholar

[6]

Brumley, D. and Jager, I. Efficient Directionless Weakest Preconditions. Technical Report CMU-CyLab-10-002. Carnegie Mellon University, Pittsburgh, PA, July 14, 2010; https://www.cylab.cmu.edu/research/techreports/2010/tr_cylab10002.html

Google Scholar

[7]

Brumley, D., Jager, I., Avgerinos, T., and Schwartz, E.J. BAP: A binary analysis platform. In Proceedings of the International Conference on Computer Aided Verification (Snowbird, UT, July 14--20). Springer, Berlin, Heidelberg, Germany, 2011, 463--469.

Digital Library

Google Scholar

[8]

Brumley, D., Poosankam, P., Song, D., and Zheng, J. Automatic patch-based exploit generation is possible: Techniques and implications. In Proceedings of the IEEE Symposium on Security and Privacy (San Francisco, May 18--21). IEEE Press, Los Alamitos, CA, 2008, 143--157.

Digital Library

Google Scholar

[9]

Cadar, C., Dunbar, D., and Engler, D. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the USENIX Symposium on Operating System Design and Implementation (San Diego, CA, Dec. 8--10). USENIX Association, Berkeley, CA, 2008, 209--224.

Digital Library

Google Scholar

[10]

Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., and Engler, D.R. EXE: Automatically generating inputs of death. In Proceedings of the ACM Conference on Computer and Communications Security (Alexandria, VA, Oct. 30--Nov. 3). ACM Press, New York, 2006, 322--335.

Digital Library

Google Scholar

[11]

Cadar, C. and Sen, K. Symbolic execution for software testing: Three decades later. Commun. ACM 56, 2 (Feb 2013), 82--90.

Digital Library

Google Scholar

[12]

Cha, S.K., Avgerinos, T., Rebert, A., and Brumley, D. Unleashing Mayhem on binary code. In Proceedings of the IEEE Symposium on Security and Privacy (San Francisco, May 21--23). IEEE Press, Los Alamitos, CA, 2012, 380--394.

Digital Library

Google Scholar

[13]

Chipounov, V., Kuznetsov, V., and Candea, G. The S2E platform. ACM Transactions on Computer Systems 30, 1 (Feb. 2012).

Digital Library

Google Scholar

[14]

CERT/NIST. PHP socket_connect() Stack Buffer Overflow. National Vulnerability Database, Entry CVE-2011-1938. National Institute of Standards and Technology, Gaithersburg, MD, May 31, 2011; http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1938

Google Scholar

[15]

De Moura, L. and Bjørner, N. Satisfiability Modulo Theories: Introduction and applications. Commun. ACM 54, 9 (Sept. 2011), 69--77.

Digital Library

Google Scholar

[16]

Flanagan, C. and Saxe, J.B. Avoiding exponential explosion: Generating compact verification conditions. In Proceedings of the ACM Symposium on Principles of Programming Languages (London, U.K., Jan. 17--19). ACM Press, New York, 2001, 193--205.

Digital Library

Google Scholar

[17]

Ganapathy, V., Seshia, S.A., Jha, S., Reps, T.W., and Bryant, R.E. Automatic discovery of API-level exploits. In Proceedings of the International Conference on Software Engineering (St. Louis, MO, May 15--21). IEEE Press, Los Alamitos, CA, 2005, 312--321.

Digital Library

Google Scholar

[18]

Godefroid, P. Compositional dynamic test generation. In Proceedings of the ACM Symposium on the Principles of Programming Languages (Nice, France, Jan. 17--19). ACM Press, New York, 2007, 47--54.

Digital Library

Google Scholar

[19]

Godefroid, P., Klarlund, N., and Sen, K. DART: Directed automated random testing. In Proceedings of the ACM Conference on Programming Language Design and Implementation (Chicago, June 12--15). ACM Press, New York, 2005, 213--223.

Digital Library

Google Scholar

[20]

Godefroid, P., Levin, M.Y., and Molnar, D. SAGE: Whitebox fuzzing for security. Commun. ACM 55, 3 (Mar. 2012), 40--44.

Digital Library

Google Scholar

[21]

Grenier, L. (Pusscat and Lin0xx). Byakugan: Automating exploitation. In ToorCon Seattle (Seattle, WA, May 2007); http://seattle.toorcon.net/

Google Scholar

[22]

Heelan, S. Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities. M.Sc. thesis. University of Oxford, Oxford, U.K., Sept. 3, 2009; http://solo.bodleian.ox.ac.uk/primo_library/libweb/action/dlDisplay.do?vid=OXVU1&docId=oxfaleph017069721

Google Scholar

[23]

Howden, W.E. Methodology for the generation of program test data. IEEE Transactions on Computers C-24, 5 (May 1975), 554--560.

Digital Library

Google Scholar

[24]

Jhala, R. and Majumdar, R. Software model checking. ACM Computing Surveys 41, 4 (Oct. 2009).

Digital Library

Google Scholar

[25]

King, J.C. Symbolic execution and program testing. Commun. ACM 19, 7 (July 1976), 385--394.

Digital Library

Google Scholar

[26]

Kuznetsov, V., Kinder, J., Bucur, S., and Candea, G. Efficient state merging in symbolic execution. In Proceedings of the ACM Conference on Programming Language Design and Implementation (Beijing, June 11--16). ACM Press, New York, 2012, 193--204.

Digital Library

Google Scholar

[27]

Manadhata, P.K. and Wing, J.M. An attack surface metric. IEEE Transactions on Software Engineering 37, 3 (May--June). IEEE Press, Los Alamitos, CA, 2011, 371--386.

Digital Library

Google Scholar

[28]

Medeiros, J. Automated Exploit Development, The Future of Exploitation Is Here. Technical Report. Grayscale Research, 2007; http://www.grayscaleresearch.org/new/pdfs/toorcon_whitepaper.pdf

Google Scholar

[29]

Muller, T. ASLR Smack & Laugh Reference Seminar on Advanced Exploitation Techniques. Technical Report. RWTH Aachen University, Aachen, Germany, Feb. 2008.

Google Scholar

[30]

Saxena, P., Poosankam, P., McCamant, S., and Song, D. Loop-extended symbolic execution on binary programs. In Proceedings of the International Symposium on Software Testing and Analysis (Chicago, July 19--23). ACM Press, New York, 2009, 225--236.

Digital Library

Google Scholar

[31]

Schwartz, E.J., Avgerinos, T., and Brumley, D.Q: Exploit hardening made easy. In Proceedings of the USENIX Security Symposium (San Francisco, Aug. 8--12). USENIX Association, Berkeley, CA, 2011, 379--394.

Digital Library

Google Scholar

[32]

Sen, K., Marinov, D., and Agha, G. CUTE: A Concolic Unit Testing Engine for C. In Proceedings of the ACM International Symposium on Foundations of Software Engineering (St. Petersburg, Russia, Aug. 18--26). ACM Press, New York, 2005, 263--272.

Digital Library

Google Scholar

[33]

Shacham, H. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the ACM Conference on Computer and Communications Security (Alexandria, VA, Oct. 29--Nov. 2). ACM Press, New York, 2007, 552--561.

Digital Library

Google Scholar

[34]

Shacham, H., Page, M., Pfaff, B., Goh, E., Modadugu, N., and Boneh, D. On the effectiveness of address-space randomization. In Proceedings of the ACM Conference on Computer and Communications Security (Washington, D.C., Oct. 25--29). ACM Press, New York, 2004, 298--307.

Digital Library

Google Scholar

[35]

van der Veen, V., dutt-Sharma, N., Cavallaro, L., and Bos, H. Memory errors: The past, the present, and the future. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (Amsterdam, The Netherlands, Sept. 12--14). Springer, Berlin, Heidelberg, Germany, 2012, 86--106.

Digital Library

Google Scholar

[36]

Vanegue, J., Heelan, S., and Rolles, R. SMT solvers for software security. In Proceedings of the USENIX Workshop on Offensive Technologies (Bellevue, WA, Aug. 6--7). USENIX Association, Berkeley, CA, 2012.

Digital Library

Google Scholar

[37]

Wang, X., Chen, H., Jia, Z., Zeldovich, N., and Kaashoek, M.F. Improving integer security for systems with KINT. In Proceedings of the USENIX Conference on Operating Systems Design and Implementation (Hollywood, CA, Oct. 8--10). USENIX Association, Berkeley, CA, 2012, 163--177.

Digital Library

Google Scholar

Cited By

View all

Liu CMera AKirda EXu MLu LBalzarotti DXu W(2024)CO3Proceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699213(5591-5608)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699213
Zhou ZYang YWu SHuang YChen BPeng XFilkov VRay BZhou M(2024)Magneto: A Step-Wise Approach to Exploit Vulnerabilities in Dependent Libraries via LLM-Empowered Directed FuzzingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695531(1633-1644)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695531
Wu YHumayun AGulzar MKim M(2024)Natural Symbolic Execution-Based Testing for Big Data AnalyticsProceedings of the ACM on Software Engineering10.1145/36608251:FSE(2677-2700)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660825
Show More Cited By

Index Terms

Automatic exploit generation

Recommendations

Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
SP '08: Proceedings of the 2008 IEEE Symposium on Security and Privacy

The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P, automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P. In this paper, we propose ...
Template-based AADL automatic code generation

Embedded real-time systems employ a variety of operating system platforms. Consequently, for automatic code generation, considerable redevelopment is needed when the platform changes. This results in major challenges with respect to the automatic code ...
The Metric for Automatic Code Generation
Abstract
At present, there are a lot of researches on the metric about static source code. However, there are few studies about automatic code generation. Based on the quality and efficiency of automatic code generation, this paper proposes the metric ...

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 57, Issue 2

February 2014

103 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/2556647

Editor:
Moshe Y. Vardi
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 2014

Published in CACM Volume 57, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Funding Sources

National Science Foundation
Defense Advanced Research Projects Agency
Lockheed Martin
Prabhu and Poonam Goel Fellowship
Northrop Grumman

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

150
Total Citations
View Citations
7,910
Total Downloads

Downloads (Last 12 months)1,718
Downloads (Last 6 weeks)250

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Liu CMera AKirda EXu MLu LBalzarotti DXu W(2024)CO3Proceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699213(5591-5608)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699213
Zhou ZYang YWu SHuang YChen BPeng XFilkov VRay BZhou M(2024)Magneto: A Step-Wise Approach to Exploit Vulnerabilities in Dependent Libraries via LLM-Empowered Directed FuzzingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695531(1633-1644)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695531
Wu YHumayun AGulzar MKim M(2024)Natural Symbolic Execution-Based Testing for Big Data AnalyticsProceedings of the ACM on Software Engineering10.1145/36608251:FSE(2677-2700)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660825
Wen HLiu HSong JChen YGuo WFeng YLuo BLiao XXu JKirda ELie D(2024)FORAY: Towards Effective Attack Synthesis against Deep Logical Vulnerabilities in DeFi ProtocolsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690293(1001-1015)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690293
Wen ZZhou JPan MWang SHu XXu TZhang TLi XChristakis MPradel M(2024)Silent Taint-Style Vulnerability Fixes IdentificationProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652139(428-439)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652139
Chen ZHu XXia XGao YXu TLo DYang XRoychoudhury APaiva AAbreu RStorey M(2024)Exploiting Library Vulnerability via Migration Based Automating Test GenerationProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639583(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639583
Tu HJiang LHong JDing XJiang H(2024)Concretely Mapped Symbolic Memory Locations for Memory Error DetectionIEEE Transactions on Software Engineering10.1109/TSE.2024.339541250:7(1747-1767)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3395412
Xu DChen KLin MLin CWang X(2024) AutoPwn : Artifact-Assisted Heap Exploit Generation for CTF PWN Competitions IEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332231919(293-306)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3322319
Liguori PImprota CNatella RCukic BCotroneo D(2024)Enhancing AI-based Generation of Software Exploits with Contextual Information2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE62328.2024.00027(180-191)Online publication date: 28-Oct-2024
https://doi.org/10.1109/ISSRE62328.2024.00027
Zhu JGe HJin XLuo R(2024)A Method to Detect Vulnerability of Java Source Code based on AST and Graph Attention Networks2024 14th International Conference on Software Technology and Engineering (ICSTE)10.1109/ICSTE63875.2024.00010(8-16)Online publication date: 16-Aug-2024
https://doi.org/10.1109/ICSTE63875.2024.00010
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications

Template-based AADL automatic code generation

The Metric for Automatic Code Generation

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Funding Sources

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Digital Edition

Magazine Site

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations