Automatic Exploit Generation: First of its Kind

Review of AEG: Automatic Exploit Generation by CMU

Note that I don’t claim to be an expert in this topic at all. This is just a review based off of what I have read. I would appreciate any constructive criticism.

Automatic Exploit Generation, is as it sounds, an automatic way of generating security exploits for vulnerabilities in a program. This is known as the AEG challenge. This paper details the first end-to-end system for fully automatic exploit generation. The CMU team first shows how exploit generation for control flow hijack attacks can be modeled as a formal verification problem, then propose preconditioned symbolic execution (a novel technique for targeting symbolic execution), and finally present a general approach for generating working exploits. Also, here is a nice demo.

Terms

Before I describe how the system works, I want to go over some key terms that are important for understanding the paper.

• End to end system: As it sounds, an end-to-end system is a system that will do everything from analyzing source code to generating the input to exploit the system. AEG analyzes source code, generates symbolic execution formulas, solves them, performs binary analysis, and generates some specific exploit you want to perform.
• Binary analysis: Essentially threat assessment and vulnerability testing at the binary level. See here for more info.