Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications

Brumley, D.   Poosankam, P.   Song, D.   Jiang Zheng   
Carnegie Mellon Univ., Pittsburgh, PA
This paper appears in: Security and Privacy, 2008. SP 2008. IEEE Symposium on 
Publication Date: 18-22 May 2008 
On page(s): 143 - 157 
Number of Pages: 143 - 157 
Location: Oakland, CA 
ISSN: 1081-6011 
ISBN: 978-0-7695-3168-7 
INSPEC Accession Number:10008068 
Digital Object Identifier: 10.1109/SP.2008.17 
Date Published in Issue: 2008-05-28 16:48:37.0 
 
Abstract

The automatic patch-based exploit generation problem is: given a
program P and a patched version of the program P', automatically
generate an exploit for the potentially unknown vulnerability present
in P but fixed in P'. In this paper, we propose techniques for
automatic patch-based exploit generation, and show that our techniques
can automatically generate exploits for 5 Microsoft programs based
upon patches provided via Windows Update. Although our techniques may
not work in all cases, a fundamental tenant of security is to
conservatively estimate the capabilities of attackers. Thus, our
results indicate that automatic patch-based exploit generation should
be considered practical. One important security implication of our
results is that current patch distribution schemes which stagger patch
distribution over long time periods, such as Windows Update, may allow
attackers who receive the patch first to compromise the significant
fraction of vulnerable hosts who have not yet received the patch.
  
Controlled Indexing
automatic programming   security of data   software maintenance      

Non-controlled Indexing 
Microsoft program   Windows Update   automatic patch-based exploit generation   patch distribution scheme   security implication      

Author Keywords 
combined execution   exploit generation   patch   symbolic execution   test case generation