Towards the exploitability escalation for software vulnerability


Sponsoring Agency
Office of Naval Research


With the development of whitebox and blackbox fuzzing techniques, it is increasingly easier for a security analyst to find software vulnerabilities. However, it is not clear how to convert the vulnerabilities into a full exploitation. This is not because the identified vulnerabilities are unexploitable, but due to the fact that the exploitation requires tackling three main challenges – (1) identifying useful primitives for exploitation (2) finding an effective way to bypass widely-deployed mitigation and protection and (3) preventing unexpected termination in exploitation.

In this research project, I aim to explore, design and develop a series of technical approaches to ease the development of working exploits and escalate the exploitability for vulnerabilities. To be more specific, I intend to conduct this research from three aspects. First, I will develop automated techniques to explore the primitives needed for exploitation. Using the primitives identified, I will then design and develop technical solutions to facilitate the ability of a security analyst to bypass security mitigation and thus explore the possibility of performing exploitation. Last but not least, I will explore practical approaches to preventing unexpected termination in vulnerability exploitation.