AEG: Automatic Exploit Generation

Citations Over TimeTop 10% of 2018 papers

Abstract

The automatic exploit generation challenge is given a program, automatically find vulnerabilities and generate exploits for them. In this paper we present AEG, the first end-to-end system for fully automatic exploit generation. We used AEG to analyze 14 open-source projects and successfully generated 16 control flow hijacking exploits. Two of the generated exploits (expect-5.43 and htget-0.93) are zero-day exploits against unknown vulnerabilities. Our contributions are: 1) we show how exploit generation for control flow hijack attacks can be modeled as a formal verification problem, 2) we propose preconditioned symbolic execution, a novel technique for targeting symbolic execution, 3) we present a general approach for generating working exploits once a bug is found, and 4) we build the first end-to-end system that automatically finds vulnerabilities and generates exploits that produce a shell.

Related Papers

• → Symbolic execution and program testing(1976)2,950 cited
• → All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)(2010)695 cited
• → Unleashing Mayhem on Binary Code(2012)518 cited
• → S2E(2011)512 cited
• → Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications(2008)285 cited