Towards the exploitability escalation for software vulnerability

Researcher
Xinyu Xing

Sponsoring Agency
Office of Naval Research

Summary

With the development of whitebox and blackbox fuzzing techniques, it is increasingly easier for a security analyst to find software vulnerabilities. However, it is not clear how to convert the vulnerabilities into a full exploitation. This is not because the identified vulnerabilities are unexploitable, but due to the fact that the exploitation requires tackling three main challenges – (1) identifying useful primitives for exploitation (2) finding an effective way to bypass widely-deployed mitigation and protection and (3) preventing unexpected termination in exploitation.

In this research project, I aim to explore, design and develop a series of technical approaches to ease the development of working exploits and escalate the exploitability for vulnerabilities. To be more specific, I intend to conduct this research from three aspects. First, I will develop automated techniques to explore the primitives needed for exploitation. Using the primitives identified, I will then design and develop technical solutions to facilitate the ability of a security analyst to bypass security mitigation and thus explore the possibility of performing exploitation. Last but not least, I will explore practical approaches to preventing unexpected termination in vulnerability exploitation.

Research Area
Artificial Intelligence and Big Data
Privacy and Security

Term
 -