Diagnosing Software System Exploits

Amir Elmishali, Roni Stern, Meir Kalech

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

Software vulnerabilities are bugs in a program that an attacker can exploit to make the program deviate from its specification. An attacker exploits a vulnerability by crafting input that causes the program to behave incorrectly. Such an input is called an exploit. This article deals with diagnosing exploits, i.e., given an exploit, the task is to return the vulnerability that allowed it. We show that existing software diagnosis algorithms are ill-suited for this problem, and introduce two novel techniques for adapting them to this problem. This includes manipulating an automated testing tool to generate additional inputs that are similar to the given exploit, and tracing below the desired granularity level to improve diagnostic accuracy. Experimental evaluation on real exploits from four open-source projects shows that our algorithm significantly reduces diagnostic efforts.

Original languageEnglish
Article number8970609
Pages (from-to)7-15
Number of pages9
JournalIEEE Intelligent Systems
Volume35
Issue number6
DOIs
StatePublished - 1 Nov 2020
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2001-2011 IEEE.

Funding

Roni Stern is a senior lecturer with Ben Gurion University of the Negev, Beersheba, Israel and a principal scientist in Palo Alto Research Center, Palo Alto, CA, USA. He received the Ph.D. degree from Ben Gurion University and a postdoctoral fellowship from Harvard University. He is the former president of the International Symposium on Combinatorial Search and is a Senior Program Committee and Program Committee in top AI conferences, such as AAAI, IJCAI, AAMAS, and ICAPS. Contact him at [email protected].

FundersFunder number
Ben Gurion University
Harvard University

    Fingerprint

    Dive into the research topics of 'Diagnosing Software System Exploits'. Together they form a unique fingerprint.

    Cite this