Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SP
2008
IEEE
2008
IEEE
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P′ , automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P′ . In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for 5 Microsoft programs based upon patches provided via Windows Update. Although our techniques may not work in all cases, a fundamental tenet of security is to conservatively estimate the capabilities of attackers. Thus, our results indicate that automatic patch-based exploit generation should be considered practical. One important security implication of our results is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update, may allow attackers who receive the patch first to compromise the significant fraction of vulnerable hosts who have not yet ...
Real-time TrafficAutomatic Patch-based Exploit | Exploit Generation Problem | Patch-based Exploit Generation | Security Privacy | SP 2008 |
Related Content
| Added | 01 Jun 2010 |
| Updated | 01 Jun 2010 |
| Type | Conference |
| Year | 2008 |
| Where | SP |
| Authors | David Brumley, Pongsin Poosankam, Dawn Xiaodong Song, Jiang Zheng 0002 |
Comments (0)
Researcher Info
|
