Symbolic Execution and Automated Exploit Generation

A common and recurring problem in security is given a program, automatically find bugs and determine if they are exploitable.  In this talk I'll present my teams current work towards this challenge by performing automatic exploit generation (AEG).  Our AEG techniques are based upon verification techniques such as efficient symbolic execution of binary and source code.  We have designed and implemented our techniques in several prototype systems, and automatically generated control flow hijack exploits against real-world software.  I'll discuss where we are currently at (including our work on APEG from IEEE Security and Privacy 08, AEG at NDSS 2011, and our BAP tool paper to appear at CAV 2011) , current limitations, and future research directions. 

David Brumley, CMU

David Brumley is an Assistant Professor at Carnegie Mellon University in the Electrical and Computer Engineering Department, CyLab, and by courtesy, the Computer Science Department. He earned his Ph.D. in Computer Science from Carnegie Mellon University, a Masters in Computer Science from Stanford University, and a Bachelors in Mathematics from the University of Northern Colorado. His current work focuses on software security and offensive computing. His research and interests include all areas of security, as well as programming languages, compilers, formal methods, and systems.  David is the recipient of 2 USENIX Security best paper awards, a Symantec fellowship, a 2010 NSF CAREER award, and the 2010 CSSP program for young faculty.