»The (not so profitable) path towards automated heap exploitation«
2018-10-16, 13:30–14:15, Europe
The modern world depends and rely on the security (and safety!) of software. To protect privacy, intellectual property, customer data and even national security are goals for most of us. Analysis tools can help us to get new insights that can be used to secure software and hardware by identifying vulnerabilities and issues, before they cause harm downstream. The automatic exploit generation is an old challenge in the industry that is not totally solved - in fact, we are far away from it, as Julien Vanegue stated in May this year. Furthermore, AEG is limited right now to stack-based buffer overflows and format string exploits as the semantic information about user bytes in memory is not available. In this talk I am showing a proof of concept for automated heap exploit generation on an x86 architecture, using symbolic execution and SMT solvers.
Planned structure of my talk: Outline :: - Intro to CLP and SMT solvers - SymExec basics - Intro on program verification - Limitations of Klee - Scalability of raw SMT + prolog - Limitations of CLP - AHEG Demo using SMT solvers - Resources discussion and related work - Talk take away - Future work