Exploitability Assessment with TEASER
Northeastern University Boston
Pagination or Media Count:
Bugs are still plentiful in software. Furthermore, fixing bugs is difficult, so developing away to rank bugs based on their severity is essential to save developer time. As a result, security researchers have realized the necessity of pairing their bug with a Proof of Concept POC, or input to a program demonstrating the ability to use a bug to exploit the application, to demonstrate the relative severity of their bug compared with others. This process of modifying an input that causes a crash such that the input exploits a program is called exploit development. For the purpose of this thesis, we are only interested in POCs for memory corruption-based vulnerabilities. Similar to fixing bugs, exploit development is a difficult problem. As such there has been some research on automating the creation of POCs. Most automated exploit generation techniques use a modified program verification approach, whereas others employ dynamic taint analysis for exploit detection. While these results have been widely disseminated and successful, there is still room for improvement. Both approaches rely on tracking attacker-controlled input which often leads to either computationally difficult constraint solving problems or taint explosion. Given the computational difficulty of exploit development, we advocate for a human-assisted approach. We envision a workflow where a tool and human analyst could inform each other.
- Computer Programming and Software