• Created by Unknown User (leberre_1@touchstonenetwork.net), last modified by Unknown User (dbrumley_1@touchstonenetwork.net) on Jun 08, 2011 10:54

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Symbolic Execution and Automated Exploit Generation

A common and recurring problem in security is given a program, automatically find bugs and determine if they are exploitable.  In this talk I'll present my teams current work towards this challenge by performing automatic exploit generation (AEG).  Our AEG techniques are based upon verification techniques such as efficient symbolic execution of binary and source code.  We have designed and implemented our techniques in several prototype systems, and automatically generated control flow hijack exploits against real-world software.  I'll discuss where we are currently at (including our work on APEG from IEEE Security and Privacy 08, AEG at NDSS 2011, and our BAP tool paper to appear at CAV 2011) , current limitations, and future research directions. 

David Brumley, CMU

David Brumley is an Assistant Professor at Carnegie Mellon University
in the Electrical and Computer Engineering Department, CyLab, and by
courtesy, the Computer Science Department. He earned his Ph.D. in
Computer Science from Carnegie Mellon University, a Masters in
Computer Science from Stanford University, and a Bachelors in
Mathematics from the University of Northern Colorado. His current work
focuses on software security and offensive computing. His research and
interests include all areas of security, as well as programming
languages, compilers, formal methods, and systems.  David is the
recipient of 2 USENIX Security best paper awards, a Symantec
fellowship, a 2010 NSF CAREER award, and the 2010 CSSP program for
young faculty.
David Brumley is an Assistant Professor at Carnegie Mellon University 
in the Electrical and Computer Engineering Department, CyLab, and by 
courtesy, the Computer Science Department. He earned his Ph.D. in 
Computer Science from Carnegie Mellon University, a Masters in 
Computer Science from Stanford University, and a Bachelors in 
Mathematics from the University of Northern Colorado. His current work 
focuses on software security and offensive computing. His research and 
interests include all areas of security, as well as programming 
languages, compilers, formal methods, and systems.  David is the 
recipient of 2 USENIX Security best paper awards, a Symantec 
fellowship, a 2010 NSF CAREER award, and the 2010 CSSP program for 
young faculty.

  • No labels